SUSE-CU-2025:7029-1: Security update of suse/sle-micro/5.5/toolbox

[sle-container-updates at lists.suse.com]

SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:7029-1
Container Tags        : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.12.93 , suse/sle-micro/5.5/toolbox:latest
Container Release     : 3.12.93
Severity              : moderate
Type                  : security
References            : 1246602 1246604 1247938 1247939 CVE-2025-53905 CVE-2025-53906
                        CVE-2025-55157 CVE-2025-55158 
-----------------------------------------------------------------

The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3300-1
Released:    Tue Sep 23 11:03:41 2025
Summary:     Security update for vim
Type:        security
Severity:    moderate
References:  1246602,1246604,1247938,1247939,CVE-2025-53905,CVE-2025-53906,CVE-2025-55157,CVE-2025-55158
This update for vim fixes the following issues:

Updated to 9.1.1629:
- CVE-2025-53905: Fixed malicious tar archive may causing a path traversal in Vim’s tar.vim plugin (bsc#1246604)
- CVE-2025-53906: Fixed malicious zip archive may causing a path traversal in Vim’s zip (bsc#1246602)
- CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938)
- CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939)


The following package changes have been done:

- libwayland-client0-1.21.0-150500.1.1 added
- vim-data-common-9.1.1629-150500.20.33.1 updated
- vim-9.1.1629-150500.20.33.1 updated