SUSE-CU-2025:4655-1: Security update of containers/open-webui

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Sun Jun 22 07:04:04 UTC 2025 

SUSE Container Update Advisory: containers/open-webui
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:4655-1
Container Tags        : containers/open-webui:0 , containers/open-webui:0.6.9 , containers/open-webui:0.6.9-10.19
Container Release     : 10.19
Severity              : important
Type                  : security
References            : 1239949 1241067 1243217 1243218 1243220 1243273 1244032 1244056
                        1244059 1244060 CVE-2024-12718 CVE-2025-23165 CVE-2025-23166
                        CVE-2025-23167 CVE-2025-4138 CVE-2025-4330 CVE-2025-4516 CVE-2025-4517
-----------------------------------------------------------------

The container containers/open-webui was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2045-1
Released:    Fri Jun 20 13:03:59 2025
Summary:     Security update for nodejs20
Type:        security
Severity:    important
References:  1239949,1243217,1243218,1243220,CVE-2025-23165,CVE-2025-23166,CVE-2025-23167
This update for nodejs20 fixes the following issues:

Update to 20.19.2:

- CVE-2025-23166: improper error handling in async cryptographic operations crashes process (bsc#1243218).
- CVE-2025-23167: improper HTTP header block termination in llhttp (bsc#1243220).
- CVE-2025-23165: add missing call to uv_fs_req_cleanup (bsc#1243217).

Other bugfixes:

- Build with PIE (bsc#1239949)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2057-1
Released:    Sat Jun 21 11:04:24 2025
Summary:     Security update for python311
Type:        security
Severity:    important
References:  1241067,1243273,1244032,1244056,1244059,1244060,CVE-2024-12718,CVE-2025-4138,CVE-2025-4330,CVE-2025-4516,CVE-2025-4517
This update for python311 fixes the following issues:
  
python311 was updated from version 3.11.10 to 3.11.13:

- Security issues fixed:

  * CVE-2025-4516: Fixed blocking DecodeError handling vulnerability, which could lead to DoS (bsc#1243273).
  * CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517: Fixed multiple issues that allowed tarfile 
    extraction filters to be bypassed using crafted symlinks and hard links
    (bsc#1244056, bsc#1244059, bsc#1244060, bsc#1244032)

- Other changes and bugs fixed:
 
  * Improved handling of system call failures that OpenSSL reports (bsc#1241067)
  * Disable GC during thread operations to prevent deadlocks.
  * Fixed a potential denial of service vulnerability in the imaplib module.
  * Fixed bugs in the in the folding of rfc2047 encoded-words and in the folding of quoted strings when flattening an
    email message using a modern email policy.
  * Fixed parsing long IPv6 addresses with embedded IPv4 address.
  * Fixed ipaddress.IPv6Address.reverse_pointer output according to RFC 3596
  * Improved the textual representation of IPv4-mapped IPv6 addresses in ipaddress.
  * ipaddress: fixed hash collisions for IPv4Network and IPv6Network objects
  * os.path.realpath() now accepts a strict keyword-only argument.
  * Stop the processing of long IPv6 addresses early in ipaddress to prevent excessive memory consumption and a minor
    denial-of-service.
  * Updated bundled libexpat to 2.7.1
  * Writers of CPython documentation can now use next as the version for the versionchanged, versionadded,
    deprecated directives.


The following package changes have been done:

- libpython3_11-1_0-3.11.13-150600.3.30.1 updated
- python311-base-3.11.13-150600.3.30.1 updated
- python311-3.11.13-150600.3.30.1 updated
- python311-pymongo-4.6.3-150600.1.16 updated
- python311-psycopg2-2.9.9-150600.1.22 updated
- python311-protobuf-5.29.3-150600.3.2 updated
- python311-propcache-0.2.0-150600.1.6 updated
- python311-peewee-3.17.9-150600.1.2 updated
- python311-mmh3-4.1.0-150600.1.18 updated
- python311-greenlet-3.1.0-150600.1.20 updated
- python311-devel-3.11.13-150600.3.30.1 updated
- python311-certifi-2024.7.4-150600.1.42 updated
- python311-cchardet-2.1.19-150600.1.38 updated
- python311-PyYAML-6.0.2-150600.1.2 updated
- nodejs20-20.19.2-150600.3.12.1 updated
- python311-cffi-1.17.0-150600.1.15 updated
- python311-Pillow-11.1.0-150600.1.2 updated
- python311-yarl-1.18.3-150600.1.6 updated
- python311-SQLAlchemy-2.0.40-150600.1.2 updated
- python311-lxml-5.3.2-150600.1.2 updated
- python311-grpcio-1.69.0-150600.1.8 updated
- python311-marshmallow-3.20.2-150600.1.10 updated
- python311-aiohttp-3.11.11-150600.1.9 updated
- python311-grpcio-tools-1.68.1-150600.1.10 updated
- python311-ctranslate2-4.4.0-150600.1.15 updated
- python311-numpy1-1.26.4-150600.1.45 updated
- python311-scipy-1.14.1-150600.1.46 updated
- python311-pandas-2.2.3-150600.1.47 updated
- python311-chroma-hnswlib-0.7.6-150600.2.14 updated
- python311-Shapely-2.0.6-150600.1.16 updated
- python311-pyarrow-17.0.0-150600.2.41 updated
- python311-scikit-learn-1.5.1-150600.1.48 updated
- python311-av-11.0.0-150600.1.20 updated
- python311-open-webui-0.6.9-150600.2.4 updated

More information about the sle-container-updates mailing list