SUSE-CU-2026:343-1: Security update of bci/rust

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Jan 20 08:31:34 UTC 2026 

SUSE Container Update Advisory: bci/rust
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:343-1
Container Tags        : bci/rust:1.91 , bci/rust:1.91.0 , bci/rust:1.91.0-2.3.5 , bci/rust:oldstable , bci/rust:oldstable-2.3.5
Container Release     : 3.5
Severity              : important
Type                  : security
References            : 1254297 1254662 1254878 1255731 1255732 1255733 1255734 CVE-2025-13601
                        CVE-2025-14087 CVE-2025-14512 CVE-2025-14524 CVE-2025-14819 CVE-2025-15079
                        CVE-2025-15224 
-----------------------------------------------------------------

The container bci/rust was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:18-1
Released:    Mon Jan  5 11:52:25 2026
Summary:     Security update for glib2
Type:        security
Severity:    important
References:  1254297,1254662,1254878,CVE-2025-13601,CVE-2025-14087,CVE-2025-14512
This update for glib2 fixes the following issues:

- CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote
  filesystem attribute values can lead to denial-of-service (bsc#1254878).
- CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()`functions when
  processing attacker-influenced data may lead to crash or code execution (bsc#1254662).
- CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a
  large number of unacceptable characters may lead to crash or code execution (bsc#1254297).

  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:52-1
Released:    Wed Jan  7 10:28:34 2026
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1255731,1255732,1255733,1255734,CVE-2025-14524,CVE-2025-14819,CVE-2025-15079,CVE-2025-15224
This update for curl fixes the following issues:

- CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731).
- CVE-2025-14819: libssh global knownhost override (bsc#1255732).
- CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733).
- CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734).


The following package changes have been done:

- libglib-2_0-0-2.78.6-150600.4.25.1 updated
- libcurl4-8.14.1-150700.7.8.1 updated
- container:registry.suse.com-bci-bci-base-15.7-7970b1398395a13b38e858c60a7b75db5f5265dd7c0ecdabe8919a458b2f34e5-0 updated

More information about the sle-container-updates mailing list