SUSE-IU-2026:1554-1: Security update of suse/sl-micro/6.1/base-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Mar 24 08:08:06 UTC 2026 

SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:1554-1
Image Tags        : suse/sl-micro/6.1/base-os-container:2.2.1 , suse/sl-micro/6.1/base-os-container:2.2.1-5.99 , suse/sl-micro/6.1/base-os-container:latest
Image Release     : 5.99
Severity          : moderate
Type              : security
References        : 1176053 1232921 1232931 1254670 1259619 CVE-2025-70873 CVE-2025-7709
-----------------------------------------------------------------

The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: 455
Released:    Mon Mar 23 10:50:28 2026
Summary:     Security update for sqlite3
Type:        security
Severity:    moderate
References:  1176053,1232921,1232931,1254670,1259619,CVE-2025-70873,CVE-2025-7709
This update for sqlite3 fixes the following issues:

Update to sqlite3 3.51.3:

- CVE-2025-7709: Integer Overflow in FTS5 Extension (bsc#1254670).
- CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation (bsc#1259619).

Changelog:

Update to version 3.51.3:

 * Fix the WAL-reset database corruption bug:
   https://sqlite.org/wal.html#walresetbug
 * Other minor bug fixes.
  
Update to version 3.51.2:
 
 * Fix an obscure deadlock in the new broken-posix-lock detection
   logic.
 * Fix multiple problems in the EXISTS-to-JOIN optimization.
  
Update to version 3.51.1:

 * Fix incorrect results from nested EXISTS queries caused by the
   optimization in item 6b in the 3.51.0 release.
 * Fix a latent bug in fts5vocab virtual table, exposed by new
   optimizations in the 3.51.0 release
  
Update to version 3.51.0:
 * New macros in sqlite3.h:
 - SQLITE_SCM_BRANCH -> the name of the branch from which the
 source code is taken.
 - SQLITE_SCM_TAGS -> space-separated list of tags on the source
 code check-in.
 - SQLITE_SCM_DATETIME -> ISO-8601 date and time of the source
 * Two new JSON functions, jsonb_each() and jsonb_tree() work the
 same as the existing json_each() and json_tree() functions
 except that they return JSONB for the 'value' column when the
 'type' is 'array' or 'object'.
 * The carray and percentile extensions are now built into the
 amalgamation, though they are disabled by default and must be
 activated at compile-time using the -DSQLITE_ENABLE_CARRAY
 and/or -DSQLITE_ENABLE_PERCENTILE options, respectively.
 * Enhancements to TCL Interface:
 - Add the -asdict flag to the eval command to have it set the
 row data as a dict instead of an array.
 - User-defined functions may now break to return an SQL NULL.
 * CLI enhancements:
 - Increase the precision of '.timer' to microseconds.
 - Enhance the 'box' and 'column' formatting modes to deal with
 double-wide characters.
 - The '.imposter' command provides read-only imposter tables
 that work with VACUUM and do not require the --unsafe-testing
 option.
 - Add the --ifexists option to the CLI command-line option and
 to the .open command.
 - Limit columns widths set by the '.width' command to 30,000 or
 less, as there is not good reason to have wider columns, but
 supporting wider columns provides opportunity to malefactors.
 * Performance enhancements:
 - Use fewer CPU cycles to commit a read transaction.
 - Early detection of joins that return no rows due to one or
 more of the tables containing no rows.
 - Avoid evaluation of scalar subqueries if the result of the
 subquery does not change the result of the overall expression.
 - Faster window function queries when using
 'BETWEEN :x FOLLOWING AND :y FOLLOWING' with a large :y.
 * Add the PRAGMA wal_checkpoint=NOOP; command and the
 SQLITE_CHECKPOINT_NOOP argument for sqlite3_wal_checkpoint_v2().
 * Add the sqlite3_set_errmsg() API for use by extensions.
 * Add the sqlite3_db_status64() API, which works just like the
 existing sqlite3_db_status() API except that it returns 64-bit
 results.
 * Add the SQLITE_DBSTATUS_TEMPBUF_SPILL option to the
 sqlite3_db_status() and sqlite3_db_status64() interfaces.
 * In the session extension add the sqlite3changeset_apply_v3()
 interface.
 * For the built-in printf() and the format() SQL function, omit
 the leading '-' from negative floating point numbers if the '+'
 flag is omitted and the '#' flag is present and all displayed
 digits are '0'. Use '%#f' or similar to avoid outputs like
 '-0.00' and instead show just '0.00'.
 * Improved error messages generated by FTS5.
 * Enforce STRICT typing on computed columns.
 * Improved support for VxWorks
 * JavaScript/WASM now supports 64-bit WASM. The canonical builds
 continue to be 32-bit but creating one's own 64-bit build is
 now as simple as running 'make'.


The following package changes have been done:

- SL-Micro-release-6.1-slfo.1.12.20 updated
- libsqlite3-0-3.51.3-slfo.1.1_1.1 updated
- container:suse-toolbox-image-1.0.0-5.24 updated

More information about the sle-container-updates mailing list