SUSE-IU-2025:3744-1: Security update of suse/sl-micro/6.2/baremetal-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Thu Nov 27 08:05:42 UTC 2025 

SUSE Image Update Advisory: suse/sl-micro/6.2/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:3744-1
Image Tags        : suse/sl-micro/6.2/baremetal-os-container:2.3.0 , suse/sl-micro/6.2/baremetal-os-container:2.3.0-6.5 , suse/sl-micro/6.2/baremetal-os-container:latest
Image Release     : 6.5
Severity          : important
Type              : security
References        : 1233529 1249191 1249348 1249367 1253757 CVE-2025-10148 CVE-2025-11563
                        CVE-2025-9086 
-----------------------------------------------------------------

The container suse/sl-micro/6.2/baremetal-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 57
Released:    Wed Nov 26 15:30:14 2025
Summary:     Security update for curl
Type:        security
Severity:    important
References:  1249191,1249348,1249367,1253757,CVE-2025-10148,CVE-2025-11563,CVE-2025-9086
This update for curl fixes the following issues:

- CVE-2025-9086: Fixed Out of bounds read for cookie path (bsc#1249191)
- CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757)
- CVE-2025-10148: Fixed predictable WebSocket mask (bsc#1249348)

Other fixes:
- tool_operate: fix return code when --retry is used but not
  triggered (bsc#1249367)

-----------------------------------------------------------------
Advisory ID: 60
Released:    Wed Nov 26 15:34:50 2025
Summary:     Recommended update for cyrus-sasl
Type:        recommended
Severity:    moderate
References:  1233529
This update for cyrus-sasl fixes the following issues:

- Fixed Python3 error log upon importing pycurl (bsc#1233529)


The following package changes have been done:

- libsasl2-3-2.1.28-160000.3.1 updated
- libcurl4-8.14.1-160000.3.1 updated
- container:suse-sl-micro-6.2-base-os-container-latest-c4430274632b2dd287586993bb029b64d0b19981aaf2a83a43188e529678c71d-0 updated

More information about the sle-container-updates mailing list