SUSE-CU-2025:9321-1: Security update of suse/kiosk/xorg-client

Sat Dec 20 08:23:25 UTC 2025

SUSE Container Update Advisory: suse/kiosk/xorg-client
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:9321-1
Container Tags        : suse/kiosk/xorg-client:21 , suse/kiosk/xorg-client:21-69.13 , suse/kiosk/xorg-client:latest
Container Release     : 69.13
Severity              : important
Type                  : security
References            : 1254157 1254158 1254159 1254160 1254480 CVE-2025-64505 CVE-2025-64506
                        CVE-2025-64720 CVE-2025-65018 CVE-2025-66293 
-----------------------------------------------------------------

The container suse/kiosk/xorg-client was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:4494-1
Released:    Fri Dec 19 14:14:12 2025
Summary:     Security update for libpng16
Type:        security
Severity:    important
References:  1254157,1254158,1254159,1254160,1254480,CVE-2025-64505,CVE-2025-64506,CVE-2025-64720,CVE-2025-65018,CVE-2025-66293
This update for libpng16 fixes the following issues:

- CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160)
- CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480)
- CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158)
- CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159)
- CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157)

The following package changes have been done:

- libpng16-16-1.6.40-150600.3.3.1 updated
- container:suse-sle15-15.7-22eecbe106e03d71cdd8de187d9a2d4b7c88b48ec4ee60fe1a88057b046b3f00-0 updated