SUSE-CU-2025:8213-1: Security update of containers/open-webui

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Nov 12 08:04:44 UTC 2025 

SUSE Container Update Advisory: containers/open-webui
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:8213-1
Container Tags        : containers/open-webui:0 , containers/open-webui:0.6.18 , containers/open-webui:0.6.18-12.49
Container Release     : 12.49
Severity              : critical
Type                  : security
References            : 1212476 1216545 1218588 1218664 1223435 1243197 1243381 1245190
                        1245938 1245939 1245942 1245943 1245946 1249036 1250754 CVE-2025-27613
                        CVE-2025-27614 CVE-2025-46835 CVE-2025-48384 CVE-2025-48385 CVE-2025-9375
-----------------------------------------------------------------

The container containers/open-webui was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2319-1
Released:    Mon Jul  8 13:12:55 2024
Summary:     Recommended update for Azure stack
Type:        recommended
Severity:    moderate
References:  1223435

This update ships the Python 3.11 enabled Azure stack to openSUSE Leap 15.5 and 15.6.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3012-1
Released:    Fri Aug 29 02:07:38 2025
Summary:     security update for git, git-lfs, obs-scm-bridge, python-PyYAML
Type:        security
Severity:    important
References:  1212476,1216545,1218588,1218664,1243197,1245938,1245939,1245942,1245943,1245946,CVE-2025-27613,CVE-2025-27614,CVE-2025-46835,CVE-2025-48384,CVE-2025-48385
This update for git, git-lfs, obs-scm-bridge, python-PyYAML fixes the following issues:

git was updated from version 2.43.0 to 2.51.0 (bsc#1243197):

- Security issues fixed:

  * CVE-2025-27613 Fixed arbitrary writable file creation and truncation in Gitk(bsc#1245938)
  * CVE-2025-27614 Fixed arbitrary script execution via repository clonation in gitk(bsc#1245939)
  * CVE-2025-46835 Fixed arbitrary writable file creation in Git GUI when untrusted repository is cloned (bsc#1245942)
  * CVE-2025-48384 Fixed the unintentional execution of a script after checkout due to CRLF transforming (bsc#1245943)
  * CVE-2025-48385 Fixed arbitrary code execution due to protocol injection via fetching advertised bundle(bsc#1245946)

- Other changes and bugs fixed:
    
- Other changes and bugs fixed:
    
  * Added SHA256 support (bsc#1243197)
  * Git moved to /usr/libexec/git/git and updated AppArmor profile
    accordingly (bsc#1218588)
  * gitweb AppArmor profile: allow reading etc/gitweb-common.conf (bsc#1218664)
  * Do not replace apparmor configuration  (bsc#1216545)
  * Fixed the Python version required (bsc#1212476)
    
- Version Updates Release Notes:

  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.51.0.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.50.1.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.50.0.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.49.0.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.48.1.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.48.0.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.47.1.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.47.0.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.2.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.1.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.0.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.3.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.2.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.1.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.0.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.44.0.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.3.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.2.adoc
  * https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.1.adoc

git-lfs is included in version 3.7.0.

python-PyYAML was updated from version 6.0.1 to 6.0.2:

- Added support for Cython 3.x and Python 3.13

obs-scm-bridge was updated from version 0.5.4 to 0.7.4:

- New Features and Improvements:

  * Manifest File Support: Support has been added for a `_manifest file`, which serves as a successor to the `_subdirs`
    file.
  * Control Over Git Information: A new noobsinfo query parameter was added to hide git information in source and binary
    files.
  * Enhanced Submodule Handling: The system now records the configured branch of submodules and stays on that branch
    during checkout.
  * Git SHA Tracking: In project mode, the tool now uses git SHA sums instead of md5sum to track package sources.
  * SSH URL Support: ssh:// SCM URLs can now be used.
  * Improved Error Messages: Error reporting for invalid files within package subdirectories has been improved.
  * Standardized Config Location: In project mode, the _config file is now always located in the top-level directory,
    even when using subdirs.
  * Reduced Unnecessary Changes: In project mode, unnecessary modifications to the package meta URL are now avoided.
  * Limit Asset Handling: A new mechanism has been introduced to limit how assets are handled.
  * Branch Information Export: The trackingbranch is now exported to scmsync.obsinfo.

- Bugs fixed:

  * Syntax Fix: A syntax issue was corrected.
  * Git Submodule Parsing: The .gitsubmodule parser was fixed to correctly handle files that contain a mix of spaces and
    tabs.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3511-1
Released:    Thu Oct  9 10:33:54 2025
Summary:     Security update for python-xmltodict
Type:        security
Severity:    moderate
References:  1249036,CVE-2025-9375
This update for python-xmltodict fixes the following issues:

- CVE-2025-9375: XML injection vulnerability in `xmltodict` allows input data manipulation (bsc#1249036).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3847-1
Released:    Wed Oct 29 06:05:59 2025
Summary:     Recommended update for python-kiwi
Type:        recommended
Severity:    critical
References:  1243381,1245190,1250754
This update for python-kiwi, appx-util, python-docopt, python-xmltodict, libsolv fixes the following issues:

python-kiwi:

- Switch to Python 3.11 based python-kiwi (jsc#PED-13168)
- Fixed system booting to Emergency Mode on first reboot using qcow2 (bsc#1250754)
- Fixed get_partition_node_name (bsc#1245190)
- Added new eficsm type attribute (bsc#1243381)
- Included support for older schemas
- New binary packages:
  * kiwi-bash-completion
  * kiwi-systemdeps-containers-wsl
    
appx-util:
    
- Implementation as dependency required by kiwi-systemdeps-containers-wsl
    
python-docopt, python-xmltodict, libsolv:
    
- Implementation of Python 3.11 flavours required by python311-kiwi (no source changes)


The following package changes have been done:

- python311-xmltodict-0.13.0-150600.3.7.2 updated
- python311-PyYAML-6.0.2-150600.10.3.1 updated

More information about the sle-container-updates mailing list