SUSE-CU-2025:6940-1: Security update of suse/manager/4.3/proxy-salt-broker
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Fri Sep 19 07:31:12 UTC 2025
SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:6940-1
Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.16 , suse/manager/4.3/proxy-salt-broker:4.3.16.9.57.24 , suse/manager/4.3/proxy-salt-broker:latest
Container Release : 9.57.24
Severity : important
Type : security
References : 1246197 1246197 1249191 1249191 1249348 1249348 1249367 1249367
CVE-2025-10148 CVE-2025-10148 CVE-2025-9086 CVE-2025-9086
-----------------------------------------------------------------
The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3267-1
Released: Thu Sep 18 13:05:51 2025
Summary: Security update for curl
Type: security
Severity: important
References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer
(bsc#1249191).
- CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348).
Other issues fixed:
- Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197).
* tool_getparam: fix --ftp-pasv [5f805ee]
- Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056).
* TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs.
* websocket: add option to disable auto-pong reply.
* huge number of bugfixes.
Please see https://curl.se/ch/ for full changelogs.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3268-1
Released: Thu Sep 18 13:08:10 2025
Summary: Security update for curl
Type: security
Severity: important
References: 1246197,1249191,1249348,1249367,CVE-2025-10148,CVE-2025-9086
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer
(bsc#1249191).
- CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348).
Other issues fixed:
- Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197).
* tool_getparam: fix --ftp-pasv [5f805ee]
- Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056).
* TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs.
* websocket: add option to disable auto-pong reply.
* huge number of bugfixes.
Please see https://curl.se/ch/ for full changelogs.
The following package changes have been done:
- libbrotlicommon1-1.0.7-150200.3.5.1 updated
- libbrotlidec1-1.0.7-150200.3.5.1 updated
- libcurl4-8.14.1-150400.5.69.1 updated
- curl-8.14.1-150400.5.69.1 updated
- container:sles15-ltss-image-15.4.0-2.70 updated
More information about the sle-container-updates
mailing list