SUSE-CU-2025:7831-1: Security update of suse/mariadb

[sle-container-updates at lists.suse.com]

SUSE Container Update Advisory: suse/mariadb
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:7831-1
Container Tags        : suse/mariadb:11.8 , suse/mariadb:11.8.3 , suse/mariadb:11.8.3-66.4 , suse/mariadb:latest
Container Release     : 66.4
Severity              : important
Type                  : security
References            : 1241219 1245199 1249396 1250232 CVE-2025-3576 CVE-2025-9230 
-----------------------------------------------------------------

The container suse/mariadb was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3635-1
Released:    Fri Oct 17 16:33:06 2025
Summary:     Security update for openssl-1_1
Type:        security
Severity:    important
References:  1250232,CVE-2025-9230
This update for openssl-1_1 fixes the following issues:

- CVE-2025-9230: fixed out of bounds read and write in RFC 3211 KEK unwrap (bsc#1250232)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3694-1
Released:    Tue Oct 21 07:48:19 2025
Summary:     Recommended update for mariadb
Type:        recommended
Severity:    moderate
References:  1249396
This update for mariadb fixes the following issues:

- Read config files when doing mysql_upgrade (bsc#1249396)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3699-1
Released:    Tue Oct 21 12:07:47 2025
Summary:     Security update for krb5
Type:        security
Severity:    moderate
References:  1241219,CVE-2025-3576
This update for krb5 fixes the following issues:

- CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using
  RC4-HMAC-MD5 (bsc#1241219).

Krb5 as very old protocol supported quite a number of ciphers
that are not longer up to current cryptographic standards.

To avoid problems with those, SUSE has by default now disabled
those alorithms.

The following algorithms have been removed from valid krb5 enctypes:

- des3-cbc-sha1
- arcfour-hmac-md5

To reenable those algorithms, you can use allow options in krb5.conf:

[libdefaults]
allow_des3 = true
allow_rc4 = true

to reenable them.

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3836-1
Released:    Tue Oct 28 11:38:00 2025
Summary:     Recommended update for bash
Type:        recommended
Severity:    important
References:  1245199
This update for bash fixes the following issues:

- Fix histfile missing timestamp for the oldest record (bsc#1245199)


The following package changes have been done:

- libreadline7-7.0-150400.27.6.1 updated
- bash-4.4-150400.27.6.1 updated
- bash-sh-4.4-150400.27.6.1 updated
- mariadb-errormessages-11.8.3-150700.3.6.1 updated
- libopenssl1_1-1.1.1w-150700.11.6.1 updated
- krb5-1.20.1-150600.11.14.1 updated
- mariadb-tools-11.8.3-150700.3.6.1 updated
- mariadb-client-11.8.3-150700.3.6.1 updated
- mariadb-11.8.3-150700.3.6.1 updated
- container:suse-sle15-15.7-bc008ba5c6cb67bccdaa0a8a8a188754a0214276ba72f9d52f2925430dc5c502-0 updated
- container:registry.suse.com-bci-bci-micro-15.7-da008f7ab0d2262d5e978dc6ce8daeef3cd2f6cd454ccbfe84998b74c49a424b-0 updated