SUSE-CU-2025:5657-1: Security update of suse/sl-micro/6.0/toolbox

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Jul 29 07:22:09 UTC 2025 

SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:5657-1
Container Tags        : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-9.16 , suse/sl-micro/6.0/toolbox:latest
Container Release     : 9.16
Severity              : important
Type                  : security
References            : 1174091 1216091 1218459 1221107 1227378 1241052 1242844 1243155
                        1243273 1243772 1244032 1244056 1244059 1244060 1244061 1244596
                        1244705 831629 CVE-2019-20907 CVE-2019-9947 CVE-2020-15523 CVE-2020-15801
                        CVE-2024-12718 CVE-2024-2236 CVE-2025-4138 CVE-2025-4330 CVE-2025-4373
                        CVE-2025-4435 CVE-2025-4516 CVE-2025-4517 CVE-2025-48964 CVE-2025-6052
                        CVE-2025-6069 
-----------------------------------------------------------------

The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 381
Released:    Fri Jul 11 11:20:30 2025
Summary:     Security update for libgcrypt
Type:        security
Severity:    moderate
References:  1221107,CVE-2024-2236
This update for libgcrypt fixes the following issues:

- CVE-2024-2236: Fixed timing based side-channel in RSA implementation (bsc#1221107)

-----------------------------------------------------------------
Advisory ID: 379
Released:    Fri Jul 11 11:47:32 2025
Summary:     Security update for python311
Type:        security
Severity:    important
References:  1174091,1227378,1243155,1243273,1244032,1244056,1244059,1244060,1244061,1244705,831629,CVE-2019-20907,CVE-2019-9947,CVE-2020-15523,CVE-2020-15801,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4435,CVE-2025-4516,CVE-2025-4517,CVE-2025-6069
This update for python311 fixes the following issues:

- CVE-2025-6069: Avoid worst case quadratic complexity when processing
  certain crafted malformed inputs with HTMLParser (bsc#1244705).

Update to 3.11.13:

  - Security

    - gh-135034: Fixes multiple issues that allowed tarfile
      extraction filters (filter='data' and filter='tar')
      to be bypassed using crafted symlinks and hard links.
      Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138
      (bsc#1244059), CVE-2025-4330 (bsc#1244060), and
      CVE-2025-4517 (bsc#1244032). Also addresses CVE-2025-4435
      (gh#135034, bsc#1244061).
    - gh-133767: Fix use-after-free in the “unicode-escape”
      decoder with a non-“strict” error handler (CVE-2025-4516,
      bsc#1243273).
    - gh-128840: Short-circuit the processing of long IPv6
      addresses early in ipaddress to prevent excessive memory
      consumption and a minor denial-of-service.

  - Library

    - gh-128840: Fix parsing long IPv6 addresses with embedded
      IPv4 address.
    - gh-134062: ipaddress: fix collisions in __hash__() for
      IPv4Network and IPv6Network objects.
    - gh-123409: Fix ipaddress.IPv6Address.reverse_pointer output
      according to RFC 3596, §2.5. Patch by Bénédikt Tran.
    - bpo-43633: Improve the textual representation of
      IPv4-mapped IPv6 addresses (RFC 4291 Sections 2.2, 2.5.5.2)
      in ipaddress. Patch by Oleksandr Pavliuk.

- CVE-2025-4516: Fixed blocking DecodeError handling
  vulnerability, which could lead to DoS. (bsc#1243273) 


-----------------------------------------------------------------
Advisory ID: 388
Released:    Mon Jul 21 11:01:26 2025
Summary:     Recommended update for rpm
Type:        recommended
Severity:    important
References:  1216091,1218459,1241052
This update for rpm fixes the following issues:

- fix --runposttrans not working correctly with the --root
  option [bsc#1216091]

  * added 'rpm_fixed_runposttrans' provides for libzypp

- print scriptlet messages in --runposttrans
  * needed to fix leaking tmp files [bsc#1218459]

- fix memory leak in str2locale [bsc#1241052]


-----------------------------------------------------------------
Advisory ID: 390
Released:    Mon Jul 21 12:04:01 2025
Summary:     Security update for iputils
Type:        security
Severity:    moderate
References:  1243772,CVE-2025-48964
This update for iputils fixes the following issues:

- CVE-2025-48964: Fixed integer overflow in ping statistics via zero timestamp (bsc#1243772)

-----------------------------------------------------------------
Advisory ID: 395
Released:    Thu Jul 24 13:51:08 2025
Summary:     Security update for glib2
Type:        security
Severity:    important
References:  1242844,1244596,CVE-2025-4373,CVE-2025-6052
This update for glib2 fixes the following issues:

- CVE-2025-4373: Fixed buffer underflow through glib/gstring.c via 
  function g_string_insert_unichar (bsc#1242844)
- CVE-2025-6052: Fixed integer overflow in g_string_maybe_expand() 
  leads to potential buffer overflow in GString (bsc#1244596)


The following package changes have been done:

- SL-Micro-release-6.0-25.37 updated
- iputils-20221126-6.1 updated
- libgcrypt20-1.10.3-2.1 updated
- libglib-2_0-0-2.76.2-9.1 updated
- libgmodule-2_0-0-2.76.2-9.1 updated
- libpython3_11-1_0-3.11.13-1.1 updated
- libzypp-17.37.12-1.1 updated
- python311-base-3.11.13-1.1 updated
- rpm-4.18.0-7.1 updated
- skelcd-EULA-SL-Micro-2024.01.19-8.36 updated

More information about the sle-container-updates mailing list