SUSE-CU-2025:6844-1: Security update of containers/open-webui
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Tue Sep 16 14:53:56 UTC 2025
SUSE Container Update Advisory: containers/open-webui
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:6844-1
Container Tags : containers/open-webui:0 , containers/open-webui:0.6.18 , containers/open-webui:0.6.18-12.6
Container Release : 12.6
Severity : critical
Type : security
References : 1228260 1232234 1236589 1240058 1243397 1243706 1243933 1246197
1246221 1246790 1246965 1247144 1247148 1248119 1248120 1248122
1249191 1249347 1249348 1249367 CVE-2024-10041 CVE-2024-6874
CVE-2025-0665 CVE-2025-10148 CVE-2025-4947 CVE-2025-5025 CVE-2025-5399
CVE-2025-58367 CVE-2025-7700 CVE-2025-8058 CVE-2025-8713 CVE-2025-8714
CVE-2025-8715 CVE-2025-9086
-----------------------------------------------------------------
The container containers/open-webui was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:2956-1
Released: Fri Aug 22 08:57:48 2025
Summary: Recommended update for openssl-3
Type: recommended
Severity: moderate
References: 1247144,1247148
This update for openssl-3 fixes the following issues:
- Increased limit for CRL download (bsc#1247148, bsc#1247144)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2964-1
Released: Fri Aug 22 14:52:39 2025
Summary: Security update for glibc
Type: security
Severity: moderate
References: 1240058,1246965,CVE-2025-8058
This update for glibc fixes the following issues:
- CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2970-1
Released: Mon Aug 25 10:27:57 2025
Summary: Security update for pam
Type: security
Severity: moderate
References: 1232234,1246221,CVE-2024-10041
This update for pam fixes the following issues:
- Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2986-1
Released: Tue Aug 26 12:41:07 2025
Summary: Security update for postgresql17
Type: security
Severity: important
References: 1248119,1248120,1248122,CVE-2025-8713,CVE-2025-8714,CVE-2025-8715
This update for postgresql17 fixes the following issues:
Updated to 17.6:
* CVE-2025-8713: Fixed optimizer statistics exposing
sampled data within a view, partition, or child table
(bsc#1248120)
* CVE-2025-8714: Fixed untrusted data inclusion in pg_dump
allows superuser of origin server to execute arbitrary code
in psql client (bsc#1248122)
* CVE-2025-8715: Fixed improper neutralization of newlines
in pg_dump leading to arbitrary code execution in the psql
client and in the restore target server (bsc#1248119)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3127-1
Released: Wed Sep 10 10:49:30 2025
Summary: Security update for python-deepdiff
Type: security
Severity: critical
References: 1249347,CVE-2025-58367
This update for python-deepdiff fixes the following issues:
- CVE-2025-58367: class pollution via the `Delta` class constructor can lead to denial-of-service and remote code
execution (bsc#1249347).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3162-1
Released: Thu Sep 11 11:16:13 2025
Summary: Security update for ffmpeg-4
Type: security
Severity: moderate
References: 1246790,CVE-2025-7700
This update for ffmpeg-4 fixes the following issues:
- CVE-2025-7700: Fixed NULL Pointer Dereference in FFmpeg ALS Decoder (bsc#1246790).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3198-1
Released: Fri Sep 12 14:15:08 2025
Summary: Security update for curl
Type: security
Severity: important
References: 1228260,1236589,1243397,1243706,1243933,1246197,1249191,1249348,1249367,CVE-2024-6874,CVE-2025-0665,CVE-2025-10148,CVE-2025-4947,CVE-2025-5025,CVE-2025-5399,CVE-2025-9086
This update for curl fixes the following issues:
Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056).
Security issues fixed:
- CVE-2025-0665: eventfd double close can cause libcurl to act unreliably (bsc#1236589).
- CVE-2025-4947: QUIC certificate check is skipped with wolfSSL allows for MITM attacks (bsc#1243397).
- CVE-2025-5025: no QUIC certificate pinning with wolfSSL can lead to connections to impostor servers that are not
easily noticed (bsc#1243706).
- CVE-2025-5399: bug in websocket code can cause libcurl to get trapped in an endless busy-loop when processing
specially crafted packets (bsc#1243933).
- CVE-2024-6874: punycode conversions to/from IDN can leak stack content when libcurl is built to use the macidn IDN
backend (bsc#1228260).
- CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer
(bsc#1249191).
- CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348).
Other issues fixed:
- Fix wrong return code when --retry is used (bsc#1249367).
* tool_operate: fix return code when --retry is used but not triggered [b42776b]
- Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197).
* tool_getparam: fix --ftp-pasv [5f805ee]
- Fixed with version 8.14.1:
* TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs.
* websocket: add option to disable auto-pong reply.
* huge number of bugfixes.
Please see https://curl.se/ch/ for full changelogs.
The following package changes have been done:
- glibc-2.38-150600.14.37.1 updated
- opencv4-cascades-data-4.11.0-150600.1.12 updated
- glibc-devel-2.38-150600.14.37.1 updated
- libavutil56_70-4.4.6-150600.13.30.1 updated
- libswscale5_9-4.4.6-150600.13.30.1 updated
- libswresample3_9-4.4.6-150600.13.30.1 updated
- libpostproc55_9-4.4.6-150600.13.30.1 updated
- libavresample4_0-4.4.6-150600.13.30.1 updated
- libopenssl3-3.1.4-150600.5.36.4 updated
- libavcodec58_134-4.4.6-150600.13.30.1 updated
- openssl-3-3.1.4-150600.5.36.4 updated
- libopencv411-4.11.0-150600.1.12 updated
- libpq5-17.6-150600.13.16.1 updated
- libopencv_objdetect411-4.11.0-150600.1.12 updated
- libopencv_imgcodecs411-4.11.0-150600.1.12 updated
- libcurl4-8.14.1-150600.4.28.1 updated
- libavformat58_76-4.4.6-150600.13.30.1 updated
- libopencv_face411-4.11.0-150600.1.12 updated
- libopencv_aruco411-4.11.0-150600.1.12 updated
- libopencv_ximgproc411-4.11.0-150600.1.12 updated
- pam-1.3.0-150000.6.86.1 updated
- libavfilter7_110-4.4.6-150600.13.30.1 updated
- libopencv_optflow411-4.11.0-150600.1.12 updated
- python311-safetensors-0.4.3-150600.1.23 updated
- python311-psycopg2-2.9.9-150600.1.23 updated
- python311-primp-0.15.0-150600.1.4 updated
- python311-orjson-3.10.7-150600.1.27 updated
- python311-numpy1-1.26.4-150600.1.58 updated
- python311-jiter-0.5.0-150600.1.22 updated
- python311-certifi-2024.7.4-150600.1.51 updated
- python311-cchardet-2.1.19-150600.1.48 updated
- python311-bcrypt-4.3.0-150600.1.4 updated
- libavdevice58_13-4.4.6-150600.13.30.1 updated
- libopencv_gapi411-4.11.0-150600.1.12 updated
- python311-pydantic-core-2.35.1-150600.1.2 updated
- python311-scipy-1.14.1-150600.1.58 updated
- python311-pyarrow-17.0.0-150600.2.47 updated
- python311-deepdiff-6.3.0-150600.3.3.1 updated
- ffmpeg-4-4.4.6-150600.13.30.1 updated
- python311-pandas-2.2.3-150600.1.65 updated
- python311-cryptography-43.0.1-150600.1.26 updated
- python311-pycrdt-0.12.26-150600.1.2 updated
- libopencv_videoio411-4.11.0-150600.1.12 updated
- python311-scikit-learn-1.5.1-150600.1.60 updated
- libopencv_highgui411-4.11.0-150600.1.12 updated
- python311-tiktoken-0.7.0-150600.1.23 updated
- python311-opencv-4.11.0-150600.1.12 updated
- python311-tokenizers-0.20.0-150600.1.23 updated
- container:registry.suse.com-bci-bci-base-15.6-d13d6758550c72c08b54298b7fb20e8d426127b4692f4b115373e2175184ada8-0 updated
- container:registry.suse.com-bci-bci-micro-15.6-1998c870659774535cf3fcd5f21bf2171bcd511edd7b5515cb3aa1c420e8a441-0 updated
More information about the sle-container-updates
mailing list