SUSE-CU-2025:8659-1: Security update of suse/sles/16.0/toolbox
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Nov 27 15:33:32 UTC 2025
SUSE Container Update Advisory: suse/sles/16.0/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:8659-1
Container Tags : suse/sles/16.0/toolbox:16.3 , suse/sles/16.0/toolbox:16.3-1.4 , suse/sles/16.0/toolbox:latest
Container Release : 1.4
Severity : important
Type : security
References : 1233529 1249191 1249348 1249367 1253757 CVE-2025-10148 CVE-2025-11563
CVE-2025-9086
-----------------------------------------------------------------
The container suse/sles/16.0/toolbox was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 57
Released: Wed Nov 26 15:30:14 2025
Summary: Security update for curl
Type: security
Severity: important
References: 1249191,1249348,1249367,1253757,CVE-2025-10148,CVE-2025-11563,CVE-2025-9086
This update for curl fixes the following issues:
- CVE-2025-9086: Fixed Out of bounds read for cookie path (bsc#1249191)
- CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757)
- CVE-2025-10148: Fixed predictable WebSocket mask (bsc#1249348)
Other fixes:
- tool_operate: fix return code when --retry is used but not
triggered (bsc#1249367)
-----------------------------------------------------------------
Advisory ID: 60
Released: Wed Nov 26 15:34:50 2025
Summary: Recommended update for cyrus-sasl
Type: recommended
Severity: moderate
References: 1233529
This update for cyrus-sasl fixes the following issues:
- Fixed Python3 error log upon importing pycurl (bsc#1233529)
The following package changes have been done:
- curl-8.14.1-160000.3.1 updated
- libcurl-mini4-8.14.1-160000.3.1 updated
- libsasl2-3-2.1.28-160000.3.1 updated
More information about the sle-container-updates
mailing list