SUSE-CU-2025:8667-1: Security update of containers/open-webui

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Sat Nov 29 08:07:12 UTC 2025 

SUSE Container Update Advisory: containers/open-webui
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:8667-1
Container Tags        : containers/open-webui:0 , containers/open-webui:0.6.18 , containers/open-webui:0.6.18-13.3
Container Release     : 13.3
Severity              : moderate
Type                  : security
References            : 1249055 1251305 1252974 CVE-2025-6075 CVE-2025-7039 CVE-2025-8291
-----------------------------------------------------------------

The container containers/open-webui was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4297-1
Released:    Fri Nov 28 11:03:19 2025
Summary:     Security update for python311
Type:        security
Severity:    low
References:  1251305,1252974,CVE-2025-6075,CVE-2025-8291
This update for python311 fixes the following issues:

Update to 3.11.14:

  - CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars() (bsc#1252974)
  - CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory (EOCD) not checked by the 'zipfile' module (bsc#1251305)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4308-1
Released:    Fri Nov 28 16:38:46 2025
Summary:     Security update for glib2
Type:        security
Severity:    moderate
References:  1249055,CVE-2025-7039
This update for glib2 fixes the following issues:

- CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055)


The following package changes have been done:

- libglib-2_0-0-2.78.6-150600.4.22.1 updated
- libglog2-0.7.1-150600.1.1 added
- libutf8proc3-2.11.0-150600.1.1 added
- libgobject-2_0-0-2.78.6-150600.4.22.1 updated
- libgmodule-2_0-0-2.78.6-150600.4.22.1 updated
- libgio-2_0-0-2.78.6-150600.4.22.1 updated
- glib2-tools-2.78.6-150600.4.22.1 updated
- libarrow2000-20.0.0-150600.1.1 added
- libarrow_acero2000-20.0.0-150600.1.1 added
- libpython3_11-1_0-3.11.14-150600.3.38.1 updated
- libparquet2000-20.0.0-150600.1.1 added
- libarrow_flight2000-20.0.0-150600.1.1 added
- libarrow_dataset2000-20.0.0-150600.1.1 added
- python311-base-3.11.14-150600.3.38.1 updated
- python311-3.11.14-150600.3.38.1 updated
- curl-8.14.1-150600.4.31.1 added
- python311-typing_extensions-4.15.0-150600.1.1 updated
- python311-pytokens-0.3.0-150600.1.1 added
- python311-pypdf-6.1.3-150600.1.1 updated
- python311-pypandoc-1.15-150600.1.2 updated
- python311-propcache-0.2.0-150600.1.11 updated
- python311-platformdirs-4.3.8-150600.1.1 updated
- python311-peewee-3.18.2-150600.1.6 updated
- python311-langsmith-0.4.43-150600.1.1 updated
- python311-langfuse-2.44.0-150600.1.14 updated
- python311-itsdangerous-2.2.0-150600.1.1 updated
- python311-grpcio-1.69.0-150600.1.12 updated
- python311-fake-useragent-2.2.0-150600.1.1 updated
- python311-devel-3.11.14-150600.3.38.1 updated
- python311-certifi-2024.7.4-150600.1.60 updated
- python311-cchardet-2.1.19-150600.1.58 updated
- python311-bcrypt-5.0.0-150600.1.1 updated
- python311-annotated-doc-0.0.3-150600.1.1 added
- python311-aiohappyeyeballs-2.6.1-150600.1.2 updated
- python311-Markdown-3.10-150600.1.1 updated
- python311-pydantic-core-2.39.0-150600.1.1 updated
- python311-cffi-1.17.0-150600.1.18 updated
- python311-ldap3-2.9.1-150600.1.1 updated
- python311-pyarrow-20.0.0-150600.1.2 updated
- python311-Shapely-2.0.6-150600.1.20 updated
- python311-yarl-1.18.3-150600.1.11 updated
- python311-grpcio-tools-1.68.1-150600.1.14 updated
- python311-googleapis-common-protos-1.71.0-150600.1.1 updated
- python311-SQLAlchemy-2.0.40-150600.1.6 updated
- python311-aiosignal-1.4.0-150600.1.1 updated
- python311-peewee-migrate-1.13.0-150600.1.14 updated
- python311-uvicorn-0.38.0-150600.1.1 updated
- python311-av-11.0.0-150600.1.24 updated
- python311-pydantic-2.11.9-150600.1.1 updated
- python311-pandas-2.2.3-150600.1.80 updated
- python311-rich-14.0.0-150600.1.2 updated
- python311-aiohttp-3.12.15-150600.1.2 updated
- python311-langchain-core-0.3.79-150600.1.1 updated
- python311-scikit-learn-1.5.1-150600.1.71 updated
- python311-dataclasses-json-0.6.7-150600.1.21 updated
- python311-argon2-cffi-25.1.0-150600.1.1 updated
- python311-fastapi-0.120.2-150600.1.1 updated
- python311-black-25.9.0-150600.1.1 updated
- python311-requests-2.32.5-150600.1.1 updated
- python311-qdrant-client-1.15.1-150600.1.3 updated
- python311-pinecone-6.0.2-150600.1.3 updated
- python311-elastic-transport-9.2.0-150600.1.1 updated
- python311-youtube-transcript-api-1.2.2-150600.1.2 updated
- python311-botocore-1.40.50-150600.1.1 updated
- python311-Authlib-1.6.5-150600.1.1 updated
- python311-elasticsearch-9.2.0-150600.1.1 updated
- python311-google-genai-1.50.0-150600.1.1 updated
- python311-s3transfer-0.14.0-150600.1.1 updated
- python311-langchain-community-0.3.29-150600.1.1 updated
- python311-azure-identity-1.25.1-150600.1.1 updated
- python311-boto3-1.40.50-150600.1.1 updated
- python311-pymilvus-2.6.3-150600.1.1 updated
- python311-sentence-transformers-5.1.2-150600.1.1 updated
- libarrow1700-17.0.0-150600.2.25 removed
- libarrow_acero1700-17.0.0-150600.2.25 removed
- libarrow_dataset1700-17.0.0-150600.2.25 removed
- libarrow_flight1700-17.0.0-150600.2.25 removed
- libgflags2_2-2.2.2-150600.1.13 removed
- libglog-4-0-0.4.0-150600.1.13 removed
- libparquet1700-17.0.0-150600.2.25 removed
- libutf8proc2-2.8.0-150600.1.3 removed

More information about the sle-container-updates mailing list