SUSE-CU-2025:3039-1: Security update of containers/open-webui

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Sat May 3 07:05:15 UTC 2025 

SUSE Container Update Advisory: containers/open-webui
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:3039-1
Container Tags        : containers/open-webui:0 , containers/open-webui:0.5.14 , containers/open-webui:0.5.14-9.47
Container Release     : 9.47
Severity              : critical
Type                  : security
References            : 1241453 1241551 1241872 CVE-2025-32414 CVE-2025-32415 CVE-2025-43859
-----------------------------------------------------------------

The container containers/open-webui was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 38402
Released:    Fri Apr 25 11:05:30 2025
Summary:     Recommended update for freetype2
Type:        recommended
Severity:    important
References:  
This update for freetype2 fixes the following issue:

- enable brotli support (jsc#PED-12258)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1430-1
Released:    Fri May  2 10:10:32 2025
Summary:     Security update for python-h11
Type:        security
Severity:    critical
References:  1241872,CVE-2025-43859
This update for python-h11 fixes the following issues:

- CVE-2025-43859: leniency when parsing of line terminators in chunked-coding message bodies can lead to request
  smuggling. (bsc#1241872)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:1438-1
Released:    Fri May  2 15:44:07 2025
Summary:     Security update for libxml2
Type:        security
Severity:    moderate
References:  1241453,1241551,CVE-2025-32414,CVE-2025-32415
This update for libxml2 fixes the following issues:

- CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551)
- CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453)


The following package changes have been done:

- libxml2-2-2.10.3-150500.5.26.1 updated
- libprotobuf25_5_0-25.5-150600.2.60 updated
- libfreetype6-2.10.4-150000.4.22.1 updated
- python311-protobuf-4.25.5-150600.2.60 updated
- python311-h11-0.14.0-150400.9.6.1 updated
- python311-numpy1-1.26.4-150600.1.37 updated
- python311-scipy-1.14.1-150600.1.38 updated
- python311-pandas-2.2.3-150600.1.39 updated
- python311-scikit-learn-1.5.1-150600.1.40 updated
- python311-open-webui-0.5.14-150600.1.29 updated
- container:registry.suse.com-bci-bci-base-15.6-50358a4079af6d4b80ef656f9ae1c8f61d1da12c04b02f14f9a094c13917cb66-0 updated

More information about the sle-container-updates mailing list