SUSE-CU-2025:7327-1: Security update of containers/open-webui-pipelines
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Wed Oct 15 07:03:01 UTC 2025
SUSE Container Update Advisory: containers/open-webui-pipelines
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:7327-1
Container Tags : containers/open-webui-pipelines:0 , containers/open-webui-pipelines:0.20250819.030501 , containers/open-webui-pipelines:0.20250819.030501-7.2
Container Release : 7.2
Severity : important
Type : security
References : 1212476 1216545 1218588 1218664 1228260 1236589 1240058 1243197
1243397 1243706 1243933 1245938 1245939 1245942 1245943 1245946
1246197 1246197 1246965 1246974 1247144 1247148 1249191 1249191
1249348 1249348 1249367 1249367 1249375 1250232 CVE-2024-6874
CVE-2025-0665 CVE-2025-10148 CVE-2025-10148 CVE-2025-27613 CVE-2025-27614
CVE-2025-46835 CVE-2025-48384 CVE-2025-48385 CVE-2025-4947 CVE-2025-5025
CVE-2025-5399 CVE-2025-8058 CVE-2025-8114 CVE-2025-8277 CVE-2025-9086
CVE-2025-9086 CVE-2025-9230
-----------------------------------------------------------------
The container containers/open-webui-pipelines was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2956-1
Released: Fri Aug 22 08:57:48 2025
Summary: Recommended update for openssl-3
Type: recommended
Severity: moderate
References: 1247144,1247148
This update for openssl-3 fixes the following issues:
- Increased limit for CRL download (bsc#1247148, bsc#1247144)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2964-1
Released: Fri Aug 22 14:52:39 2025
Summary: Security update for glibc
Type: security
Severity: moderate
References: 1240058,1246965,CVE-2025-8058
This update for glibc fixes the following issues:
- CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3012-1
Released: Fri Aug 29 02:07:38 2025
Summary: security update for git, git-lfs, obs-scm-bridge, python-PyYAML
Type: security
Severity: important
References: 1212476,1216545,1218588,1218664,1243197,1245938,1245939,1245942,1245943,1245946,CVE-2025-27613,CVE-2025-27614,CVE-2025-46835,CVE-2025-48384,CVE-2025-48385
This update for git, git-lfs, obs-scm-bridge, python-PyYAML fixes the following issues:
git was updated from version 2.43.0 to 2.51.0 (bsc#1243197):
- Security issues fixed:
* CVE-2025-27613 Fixed arbitrary writable file creation and truncation in Gitk(bsc#1245938)
* CVE-2025-27614 Fixed arbitrary script execution via repository clonation in gitk(bsc#1245939)
* CVE-2025-46835 Fixed arbitrary writable file creation in Git GUI when untrusted repository is cloned (bsc#1245942)
* CVE-2025-48384 Fixed the unintentional execution of a script after checkout due to CRLF transforming (bsc#1245943)
* CVE-2025-48385 Fixed arbitrary code execution due to protocol injection via fetching advertised bundle(bsc#1245946)
- Other changes and bugs fixed:
- Other changes and bugs fixed:
* Added SHA256 support (bsc#1243197)
* Git moved to /usr/libexec/git/git and updated AppArmor profile
accordingly (bsc#1218588)
* gitweb AppArmor profile: allow reading etc/gitweb-common.conf (bsc#1218664)
* Do not replace apparmor configuration (bsc#1216545)
* Fixed the Python version required (bsc#1212476)
- Version Updates Release Notes:
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.51.0.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.50.1.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.50.0.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.49.0.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.48.1.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.48.0.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.47.1.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.47.0.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.2.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.1.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.46.0.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.3.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.2.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.1.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.45.0.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.44.0.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.3.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.2.adoc
* https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.43.1.adoc
git-lfs is included in version 3.7.0.
python-PyYAML was updated from version 6.0.1 to 6.0.2:
- Added support for Cython 3.x and Python 3.13
obs-scm-bridge was updated from version 0.5.4 to 0.7.4:
- New Features and Improvements:
* Manifest File Support: Support has been added for a `_manifest file`, which serves as a successor to the `_subdirs`
file.
* Control Over Git Information: A new noobsinfo query parameter was added to hide git information in source and binary
files.
* Enhanced Submodule Handling: The system now records the configured branch of submodules and stays on that branch
during checkout.
* Git SHA Tracking: In project mode, the tool now uses git SHA sums instead of md5sum to track package sources.
* SSH URL Support: ssh:// SCM URLs can now be used.
* Improved Error Messages: Error reporting for invalid files within package subdirectories has been improved.
* Standardized Config Location: In project mode, the _config file is now always located in the top-level directory,
even when using subdirs.
* Reduced Unnecessary Changes: In project mode, unnecessary modifications to the package meta URL are now avoided.
* Limit Asset Handling: A new mechanism has been introduced to limit how assets are handled.
* Branch Information Export: The trackingbranch is now exported to scmsync.obsinfo.
- Bugs fixed:
* Syntax Fix: A syntax issue was corrected.
* Git Submodule Parsing: The .gitsubmodule parser was fixed to correctly handle files that contain a mix of spaces and
tabs.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3198-1
Released: Fri Sep 12 14:15:08 2025
Summary: Security update for curl
Type: security
Severity: important
References: 1228260,1236589,1243397,1243706,1243933,1246197,1249191,1249348,1249367,CVE-2024-6874,CVE-2025-0665,CVE-2025-10148,CVE-2025-4947,CVE-2025-5025,CVE-2025-5399,CVE-2025-9086
This update for curl fixes the following issues:
Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056).
Security issues fixed:
- CVE-2025-0665: eventfd double close can cause libcurl to act unreliably (bsc#1236589).
- CVE-2025-4947: QUIC certificate check is skipped with wolfSSL allows for MITM attacks (bsc#1243397).
- CVE-2025-5025: no QUIC certificate pinning with wolfSSL can lead to connections to impostor servers that are not
easily noticed (bsc#1243706).
- CVE-2025-5399: bug in websocket code can cause libcurl to get trapped in an endless busy-loop when processing
specially crafted packets (bsc#1243933).
- CVE-2024-6874: punycode conversions to/from IDN can leak stack content when libcurl is built to use the macidn IDN
backend (bsc#1228260).
- CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer
(bsc#1249191).
- CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348).
Other issues fixed:
- Fix wrong return code when --retry is used (bsc#1249367).
* tool_operate: fix return code when --retry is used but not triggered [b42776b]
- Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197).
* tool_getparam: fix --ftp-pasv [5f805ee]
- Fixed with version 8.14.1:
* TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs.
* websocket: add option to disable auto-pong reply.
* huge number of bugfixes.
Please see https://curl.se/ch/ for full changelogs.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3268-1
Released: Thu Sep 18 13:08:10 2025
Summary: Security update for curl
Type: security
Severity: important
References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer
(bsc#1249191).
- CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348).
Other issues fixed:
- Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197).
* tool_getparam: fix --ftp-pasv [5f805ee]
- Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056).
* TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs.
* websocket: add option to disable auto-pong reply.
* huge number of bugfixes.
Please see https://curl.se/ch/ for full changelogs.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3369-1
Released: Fri Sep 26 12:54:43 2025
Summary: Security update for libssh
Type: security
Severity: moderate
References: 1246974,1249375,CVE-2025-8114,CVE-2025-8277
This update for libssh fixes the following issues:
- CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is
repeated with incorrect guesses (bsc#1249375).
- CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID
(bsc#1246974).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3442-1
Released: Tue Sep 30 16:54:04 2025
Summary: Security update for openssl-3
Type: security
Severity: important
References: 1250232,CVE-2025-9230
This update for openssl-3 fixes the following issues:
- CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap
(bsc#1250232).
The following package changes have been done:
- glibc-2.38-150600.14.37.1 updated
- libbrotlicommon1-1.0.7-150200.3.5.1 updated
- libssh-config-0.9.8-150600.11.6.1 updated
- libbrotlidec1-1.0.7-150200.3.5.1 updated
- perl-Git-2.51.0-150600.3.12.1 updated
- libopenssl3-3.1.4-150600.5.39.1 updated
- openssl-3-3.1.4-150600.5.39.1 updated
- libssh4-0.9.8-150600.11.6.1 updated
- libcurl4-8.14.1-150600.4.28.1 updated
- python311-setuptools-78.1.1-150600.1.1 updated
- git-core-2.51.0-150600.3.12.1 updated
- curl-8.14.1-150600.4.28.1 updated
- python311-wrapt-1.16.0-150600.1.14 updated
- python311-charset-normalizer-3.3.2-150600.1.14 updated
- python311-certifi-2024.7.4-150600.1.53 updated
- python311-protobuf-5.29.3-150600.3.3 updated
- python311-importlib-metadata-8.6.1-150600.1.1 updated
- python311-bcrypt-4.3.0-150600.1.5 updated
- python311-requests-2.32.4-150600.1.2 updated
- git-2.51.0-150600.3.12.1 updated
- python311-cffi-1.17.0-150600.1.16 updated
- python311-googleapis-common-protos-1.63.2-150600.1.19 updated
- python311-cryptography-43.0.1-150600.1.26 updated
- python311-pyOpenSSL-24.2.1-150600.1.12 updated
- python-open-webui-pipelines-0.20250819.030501-150600.1.1 updated
- container:registry.suse.com-bci-bci-micro-15.6-a9fb7788cc046f5d85b93597ef5b393fb4c7b5ff8a035bc402d5f2d8f36f7612-0 updated
More information about the sle-container-updates
mailing list