SUSE-CU-2026:118-1: Security update of bci/bci-sle15-kernel-module-devel

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Jan 6 16:23:05 UTC 2026 

SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:118-1
Container Tags        : bci/bci-sle15-kernel-module-devel:15.7 , bci/bci-sle15-kernel-module-devel:15.7-55.4 , bci/bci-sle15-kernel-module-devel:latest
Container Release     : 55.4
Severity              : important
Type                  : security
References            : 1254297 1254400 1254401 1254662 1254878 1254997 CVE-2025-12084
                        CVE-2025-13601 CVE-2025-13836 CVE-2025-13837 CVE-2025-14087 CVE-2025-14512
-----------------------------------------------------------------

The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:18-1
Released:    Mon Jan  5 11:52:25 2026
Summary:     Security update for glib2
Type:        security
Severity:    important
References:  1254297,1254662,1254878,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512
This update for glib2 fixes the following issues:

- CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote
  filesystem attribute values can lead to denial-of-service (bsc#1254878).
- CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()`functions when
  processing attacker-influenced data may lead to crash or code execution (bsc#1254662).
- CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a
  large number of unacceptable characters may lead to crash or code execution (bsc#1254297).

  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:27-1
Released:    Mon Jan  5 13:45:08 2026
Summary:     Security update for python3
Type:        security
Severity:    moderate
References:  1254400,1254401,1254997,CVE-2025-12084,CVE-2025-13836,CVE-2025-13837
This update for python3 fixes the following issues:

- CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service (bsc#1254997)
- CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response (bsc#1254400)
- CVE-2025-13837: Fixed plistlib module denial of service (bsc#1254401)
  

The following package changes have been done:

- libglib-2_0-0-2.78.6-150600.4.25.1 updated
- python3-base-3.6.15-150300.10.103.1 updated
- libpython3_6m1_0-3.6.15-150300.10.103.1 updated
- container:registry.suse.com-bci-bci-base-15.7-17d580e01de81ee10782633976ab6983923855d96e8b6342192d8486fa7933cf-0 updated

More information about the sle-container-updates mailing list