SUSE-IU-2026:1505-1: Security update of suse/sl-micro/6.0/base-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Thu Mar 19 15:55:30 UTC 2026 

SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:1505-1
Image Tags        : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-7.113 , suse/sl-micro/6.0/base-os-container:latest
Image Release     : 7.113
Severity          : moderate
Type              : security
References        : 1254670 1259619 CVE-2025-70873 CVE-2025-7709 
-----------------------------------------------------------------

The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 631
Released:    Thu Mar 19 13:20:26 2026
Summary:     Security update for sqlite3
Type:        security
Severity:    moderate
References:  1254670,1259619,CVE-2025-70873,CVE-2025-7709
This update for sqlite3 fixes the following issues:

Update to version 3.51.3:

- CVE-2025-7709: Integer Overflow in FTS5 Extension (bsc#1254670).
- CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation (bsc#1259619).

Changelog:

Update to version 3.51.3:
  
 * Fix the WAL-reset database corruption bug:
   https://sqlite.org/wal.html#walresetbug
 * Other minor bug fixes.
  
Update to version 3.51.2:
 
 * Fix an obscure deadlock in the new broken-posix-lock detection
   logic.
 * Fix multiple problems in the EXISTS-to-JOIN optimization.
  
Update to version 3.51.1:
 
 * Fix incorrect results from nested EXISTS queries caused by the
   optimization in item 6b in the 3.51.0 release.
 * Fix a latent bug in fts5vocab virtual table, exposed by new
   optimizations in the 3.51.0 release
  
Update to version 3.51.0:
 
 * New macros in sqlite3.h:
   - SQLITE_SCM_BRANCH -> the name of the branch from which the
     source code is taken.
   - SQLITE_SCM_TAGS -> space-separated list of tags on the source
     code check-in.
   - SQLITE_SCM_DATETIME -> ISO-8601 date and time of the source
 * Two new JSON functions, jsonb_each() and jsonb_tree() work the
   same as the existing json_each() and json_tree() functions
   except that they return JSONB for the 'value' column when the
   'type' is 'array' or 'object'.
 * The carray and percentile extensions are now built into the
   amalgamation, though they are disabled by default and must be
   activated at compile-time using the -DSQLITE_ENABLE_CARRAY
   and/or -DSQLITE_ENABLE_PERCENTILE options, respectively.
 * Enhancements to TCL Interface:
   - Add the -asdict flag to the eval command to have it set the
     row data as a dict instead of an array.
   - User-defined functions may now break to return an SQL NULL.
 * CLI enhancements:
   - Increase the precision of '.timer' to microseconds.
   - Enhance the 'box' and 'column' formatting modes to deal with
     double-wide characters.
   - The '.imposter' command provides read-only imposter tables
     that work with VACUUM and do not require the --unsafe-testing
     option.
   - Add the --ifexists option to the CLI command-line option and
     to the .open command.
   - Limit columns widths set by the '.width' command to 30,000 or
     less, as there is not good reason to have wider columns, but
     supporting wider columns provides opportunity to malefactors.
 * Performance enhancements:
   - Use fewer CPU cycles to commit a read transaction.
   - Early detection of joins that return no rows due to one or
     more of the tables containing no rows.
   - Avoid evaluation of scalar subqueries if the result of the
     subquery does not change the result of the overall expression.
   - Faster window function queries when using
     'BETWEEN :x FOLLOWING AND :y FOLLOWING' with a large :y.
 * Add the PRAGMA wal_checkpoint=NOOP; command and the
   SQLITE_CHECKPOINT_NOOP argument for sqlite3_wal_checkpoint_v2().
 * Add the sqlite3_set_errmsg() API for use by extensions.
 * Add the sqlite3_db_status64() API, which works just like the
   existing sqlite3_db_status() API except that it returns 64-bit
   results.
 * Add the SQLITE_DBSTATUS_TEMPBUF_SPILL option to the
   sqlite3_db_status() and sqlite3_db_status64() interfaces.
 * In the session extension add the sqlite3changeset_apply_v3()
   interface.
 * For the built-in printf() and the format() SQL function, omit
   the leading '-' from negative floating point numbers if the '+'
   flag is omitted and the '#' flag is present and all displayed
   digits are '0'. Use '%#f' or similar to avoid outputs like
   '-0.00' and instead show just '0.00'.
 * Improved error messages generated by FTS5.
 * Enforce STRICT typing on computed columns.
 * Improved support for VxWorks
 * JavaScript/WASM now supports 64-bit WASM. The canonical builds
   continue to be 32-bit but creating one's own 64-bit build is
   now as simple as running 'make'.


The following package changes have been done:

- SL-Micro-release-6.0-25.77 updated
- libsqlite3-0-3.51.3-1.1 updated
- container:suse-toolbox-image-1.0.0-9.81 updated

More information about the sle-container-updates mailing list