SUSE-CU-2025:1963-1: Security update of containers/open-webui

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Mon Mar 24 12:26:11 UTC 2025 

SUSE Container Update Advisory: containers/open-webui
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:1963-1
Container Tags        : containers/open-webui:0 , containers/open-webui:0.5.14 , containers/open-webui:0.5.14-9.9
Container Release     : 9.9
Severity              : important
Type                  : security
References            : 1238450 1239210 1239222 1239299 1239312 1239319 1239320 CVE-2025-1795
                        CVE-2025-2173 CVE-2025-2174 CVE-2025-2175 CVE-2025-2176 CVE-2025-2177
-----------------------------------------------------------------

The container containers/open-webui was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:979-1
Released:    Fri Mar 21 13:53:59 2025
Summary:     Security update for zvbi
Type:        security
Severity:    important
References:  1239222,1239299,1239312,1239319,1239320,CVE-2025-2173,CVE-2025-2174,CVE-2025-2175,CVE-2025-2176,CVE-2025-2177
This update for zvbi fixes the following issues:
  
  - CVE-2025-2173: Fixed check on src_length to avoid an unitinialized heap read (bsc#1239222).
  - CVE-2025-2174: Fixed integer overflow leading to heap overflow in src/conv.c, src/io-sim.c, src/search.c (bsc#1239299).
  - CVE-2025-2175: Fixed integer overflow in _vbi_strndup_iconv (bsc#1239312).
  - CVE-2025-2176: Fixed integer overflow in function vbi_capture_sim_load_caption in src/io-sim.c (bsc#1239319).
  - CVE-2025-2177: Fixed integer overflow in function vbi_search_new in src/search.c (bsc#1239320).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:982-1
Released:    Fri Mar 21 15:17:03 2025
Summary:     Security update for python311
Type:        security
Severity:    low
References:  1238450,1239210,CVE-2025-1795
This update for python311 fixes the following issues:

- CVE-2025-1795: Fixed mishandling of comma during folding and unicode-encoding of email headers (bsc#1238450).
  

The following package changes have been done:

- libprotobuf25_5_0-25.5-150600.2.44 updated
- libpython3_11-1_0-3.11.11-150600.3.21.1 updated
- python311-base-3.11.11-150600.3.21.1 updated
- python311-3.11.11-150600.3.21.1 updated
- libzvbi0-0.2.35-150000.4.3.1 updated
- python311-protobuf-4.25.5-150600.2.44 updated
- python311-certifi-2024.7.4-150600.1.27 updated
- python311-cchardet-2.1.19-150600.1.24 updated
- python311-numpy1-1.26.4-150600.1.27 updated
- python311-scipy-1.14.1-150600.1.28 updated
- python311-pandas-2.2.3-150600.1.28 updated
- python311-scikit-learn-1.5.1-150600.1.30 updated
- python311-open-webui-0.5.14-150600.1.9 updated

More information about the sle-container-updates mailing list