SUSE-CU-2025:4106-1: Security update of suse/kiosk/firefox-esr
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Sat May 31 07:20:04 UTC 2025
SUSE Container Update Advisory: suse/kiosk/firefox-esr
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:4106-1
Container Tags : suse/kiosk/firefox-esr:128.10 , suse/kiosk/firefox-esr:128.10-46.1 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest
Container Release : 46.1
Severity : important
Type : security
References : 1076314 1076967 1079845 1102016 1106881 1106882 1140130 1140205
1149789 1160782 1162090 1173578 1179594 1179821 1180042 1180043
1180044 1180046 1180457 1184774 1186586 1186586 1197738 1201799
1202848 1203741 1209934 1215309 1215778 1215945 1216879 1219494
1223070 1223235 1223256 1223272 1223304 1223304 1223437 1223437
1225403 1225879 1227296 1227296 1228322 1229026 1229026 1229338
1230983 1234028 1235029 1235092 1236007 1237351 1237358 1237371
1237382 1239222 1239299 1239312 1239319 1239320 CVE-2018-14423
CVE-2018-16375 CVE-2018-16376 CVE-2018-20845 CVE-2018-20846 CVE-2018-21010
CVE-2018-5727 CVE-2018-5785 CVE-2018-6616 CVE-2020-15389 CVE-2020-22021
CVE-2020-22021 CVE-2020-22046 CVE-2020-27814 CVE-2020-27823 CVE-2020-27824
CVE-2020-27841 CVE-2020-27842 CVE-2020-27843 CVE-2020-27845 CVE-2020-6851
CVE-2020-8112 CVE-2021-29338 CVE-2022-1122 CVE-2022-48434 CVE-2023-44488
CVE-2023-49502 CVE-2023-50010 CVE-2023-51793 CVE-2023-51794 CVE-2023-51794
CVE-2023-51798 CVE-2023-51798 CVE-2023-5217 CVE-2023-6349 CVE-2024-12361
CVE-2024-31578 CVE-2024-32230 CVE-2024-32230 CVE-2024-35368 CVE-2024-36613
CVE-2024-5197 CVE-2024-56826 CVE-2024-7055 CVE-2024-7055 CVE-2025-0518
CVE-2025-2173 CVE-2025-2174 CVE-2025-2175 CVE-2025-2176 CVE-2025-2177
CVE-2025-22919 CVE-2025-22921 CVE-2025-25473
-----------------------------------------------------------------
The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1252-1
Released: Tue Apr 19 08:51:06 2022
Summary: Security update for openjpeg2
Type: security
Severity: important
References: 1076314,1076967,1079845,1102016,1106881,1106882,1140130,1160782,1162090,1173578,1180457,1184774,1197738,CVE-2018-14423,CVE-2018-16375,CVE-2018-16376,CVE-2018-20845,CVE-2018-5727,CVE-2018-5785,CVE-2018-6616,CVE-2020-15389,CVE-2020-27823,CVE-2020-6851,CVE-2020-8112,CVE-2021-29338,CVE-2022-1122
This update for openjpeg2 fixes the following issues:
- CVE-2018-5727: Fixed integer overflow vulnerability in theopj_t1_encode_cblks function (bsc#1076314).
- CVE-2018-5785: Fixed integer overflow caused by an out-of-bounds leftshift in the opj_j2k_setup_encoder function (bsc#1076967).
- CVE-2018-6616: Fixed excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c (bsc#1079845).
- CVE-2018-14423: Fixed division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl,and pi_next_rpcl in lib/openjp3d/pi.c (bsc#1102016).
- CVE-2018-16375: Fixed missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c (bsc#1106882).
- CVE-2018-16376: Fixed heap-based buffer overflow function t2_encode_packet in lib/openmj2/t2.c (bsc#1106881).
- CVE-2018-20845: Fixed division-by-zero in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.ci (bsc#1140130).
- CVE-2020-6851: Fixed heap-based buffer overflow in opj_t1_clbl_decode_processor (bsc#1160782).
- CVE-2020-8112: Fixed heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c (bsc#1162090).
- CVE-2020-15389: Fixed use-after-free if t a mix of valid and invalid files in a directory operated on by the decompressor (bsc#1173578).
- CVE-2020-27823: Fixed heap buffer over-write in opj_tcd_dc_level_shift_encode() (bsc#1180457).
- CVE-2021-29338: Fixed integer overflow that allows remote attackers to crash the application (bsc#1184774).
- CVE-2022-1122: Fixed segmentation fault in opj2_decompress due to uninitialized pointer (bsc#1197738).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3802-1
Released: Thu Oct 27 16:26:44 2022
Summary: Security update for openjpeg2
Type: security
Severity: important
References: 1140205,1149789,1179594,1179821,1180042,1180043,1180044,1180046,CVE-2018-20846,CVE-2018-21010,CVE-2020-27814,CVE-2020-27824,CVE-2020-27841,CVE-2020-27842,CVE-2020-27843,CVE-2020-27845
This update for openjpeg2 fixes the following issues:
- CVE-2018-20846: Fixed OOB read in pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c (bsc#1140205).
- CVE-2018-21010: Fixed heap buffer overflow in color_apply_icc_profile in bin/common/color.c (bsc#1149789).
- CVE-2020-27814: Fixed heap buffer overflow in lib/openjp2/mqc.c (bsc#1179594),
- CVE-2020-27824: Fixed OOB read in opj_dwt_calc_explicit_stepsizes() (bsc#1179821).
- CVE-2020-27841: Fixed buffer over-read in lib/openjp2/pi.c (bsc#1180042).
- CVE-2020-27842: Fixed null pointer dereference in opj_tgt_reset function in lib/openjp2/tgt.c (bsc#1180043).
- CVE-2020-27843: Fixed OOB read in opj_t2_encode_packet function in openjp2/t2.c (bsc#1180044).
- CVE-2020-27845: Fixed heap-based buffer over-read in functions opj_pi_next_rlcp, opj_pi_next_rpcl and opj_pi_next_lrcp in openjp2/pi.c (bsc#1180046).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:1732-1
Released: Mon Apr 3 11:31:18 2023
Summary: Recommended update for google-noto-sans-cjk-fonts
Type: recommended
Severity: low
References: 1203741
This update for google-noto-sans-cjk-fonts fixes the following issues:
- Solved a 'Fails to Build From Source' (FTBFS) issue. (bsc#1203741)
- Use '%license' to store OFL license text instead of '%doc'
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:3480-1
Released: Tue Aug 29 12:08:07 2023
Summary: Recommended update for openjpeg2
Type: recommended
Severity: moderate
References: 1201799
This update for openjpeg2 fixes the following issues:
- Fix openjpeg2-devel to require openjpeg as some cmake targets may fail without the base package installed
(bsc#1201799)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:3946-1
Released: Tue Oct 3 18:36:26 2023
Summary: Security update for libvpx
Type: security
Severity: important
References: 1215778,CVE-2023-5217
This update for libvpx fixes the following issues:
- CVE-2023-5217: Fixed a heap buffer overflow (bsc#1215778).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1909-1
Released: Mon Jun 3 17:29:03 2024
Summary: Security update for ffmpeg-4
Type: security
Severity: important
References: 1186586,1223437,CVE-2020-22021,CVE-2023-51794
This update for ffmpeg-4 fixes the following issues:
- CVE-2020-22021: Fixed buffer overflow vulnerability in filter_edges function in libavfilter/vf_yadif.c (bsc#1186586).
- CVE-2023-51794: Fixed a heap buffer overflow in libavfilter. (bsc#1223437)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2409-1
Released: Thu Jul 11 13:55:12 2024
Summary: Security update for libvpx
Type: security
Severity: important
References: 1216879,1225403,1225879,CVE-2023-44488,CVE-2023-6349,CVE-2024-5197
This update for libvpx fixes the following issues:
- CVE-2024-5197: Fixed interger overflow when calling vpx_img_alloc() or vpx_img_wrap() with large parameters (bsc#1225879).
- CVE-2023-6349: Fixed heap overflow when encoding a frame that has larger dimensions than the originally configured size (bsc#1225403).
- CVE-2023-44488: Fixed heap buffer overflow in vp8 encoding (bsc#1216879).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:2791-1
Released: Tue Aug 6 16:35:06 2024
Summary: Recommended update for various 32bit packages
Type: recommended
Severity: moderate
References: 1228322
This update of various packages delivers 32bit variants to allow running Wine
on SLE PackageHub 15 SP6.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2864-1
Released: Fri Aug 9 09:21:29 2024
Summary: Security update for ffmpeg-4
Type: security
Severity: moderate
References: 1223304,1227296,CVE-2023-51798,CVE-2024-32230
This update for ffmpeg-4 fixes the following issues:
- CVE-2024-32230: Fixed buffer overflow due to negative-size-param bug in load_input_picture() (bsc#1227296).
- CVE-2023-51798: Fixed buffer overflow via a floating point exception (FPE) error at libavfilter/vf_minterpolate.c (bsc#1223304).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3301-1
Released: Wed Sep 18 14:51:39 2024
Summary: Security update for ffmpeg-4
Type: security
Severity: important
References: 1229026,CVE-2024-7055
This update for ffmpeg-4 fixes the following issues:
- CVE-2024-7055: Fixed a heap-based buffer overflow in pnmdec. (bsc#1229026)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:44-1
Released: Thu Jan 9 16:04:53 2025
Summary: Security update for openjpeg2
Type: security
Severity: moderate
References: 1235029,CVE-2024-56826
This update for openjpeg2 fixes the following issues:
- CVE-2024-56826: Fixed heap buffer overflow in bin/common/color.c (bsc#1235029)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:862-1
Released: Fri Mar 14 09:45:29 2025
Summary: Security update for ffmpeg-4
Type: security
Severity: important
References: 1202848,1215945,1223070,1223235,1223256,1223272,1223304,1223437,1227296,1229026,1229338,1234028,1235092,1236007,1237351,1237358,1237371,1237382,CVE-2023-49502,CVE-2023-50010,CVE-2023-51793,CVE-2023-51794,CVE-2023-51798,CVE-2024-12361,CVE-2024-31578,CVE-2024-32230,CVE-2024-35368,CVE-2024-36613,CVE-2024-7055,CVE-2025-0518,CVE-2025-22919,CVE-2025-22921,CVE-2025-25473
This update for ffmpeg-4 fixes the following issues:
- CVE-2025-22921: Fixed segmentation violation in NULL pointer dereference via the component /libavcodec/jpeg2000dec.c (bsc#1237382).
- CVE-2025-25473: Fixed memory leak in avformat_free_context() (bsc#1237351).
- CVE-2025-0518: Fixed unchecked sscanf return value which leads to memory data leak (bsc#1236007).
- CVE-2025-22919: Fixed denial of service (DoS) via opening a crafted AAC file (bsc#1237371).
- CVE-2024-12361: Fixed NULL Pointer Dereference (bsc#1237358).
- CVE-2024-35368: Fixed Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c (bsc#1234028).
- CVE-2024-36613: Fixed Integer overflow in ffmpeg (bsc#1235092).
- CVE-2023-50010: Fixed arbitrary code execution via the set_encoder_id function in /fftools/ffmpeg_enc.c component (bsc#1223256).
- CVE-2023-51794: Fixed heap-buffer-overflow at libavfilter/af_stereowiden.c (bsc#1223437).
- CVE-2023-51793: Fixed heap buffer overflow in the image_copy_plane function in libavutil/imgutils.c (bsc#1223272).
- CVE-2023-49502: Fixed heap buffer overflow via the ff_bwdif_filter_intra_c function in libavfilter/bwdifdsp.c (bsc#1223235).
- CVE-2023-51798: Fixed floating point exception(FPE) via the interpolate function in libavfilter/vf_minterpolate.c (bsc#1223304).
- CVE-2024-31578: Fixed heap use-after-free via the av_hwframe_ctx_init function (bsc#1223070).
- CVE-2024-7055: Fixed heap-based buffer overflow in pnmdec.c (bsc#1229026).
- CVE-2024-32230: Fixed buffer overflow due to negative-size-param bug at libavcodec/mpegvideo_enc.c in load_input_picture (bsc#1227296).
Other fixes:
- Updated to version 4.4.5.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:958-1
Released: Wed Mar 19 17:55:55 2025
Summary: Security update for ffmpeg-4
Type: security
Severity: important
References: 1186586,1209934,1215309,CVE-2020-22021,CVE-2020-22046,CVE-2022-48434
This update for ffmpeg-4 fixes the following issues:
- CVE-2022-48434: Fixed use after free in libavcodec/pthread_frame.c (bsc#1209934)
- CVE-2020-22021: Fixed Buffer Overflow vulnerability in filter_edges function in libavfilter/vf_yadif.c (bsc#1186586)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:979-1
Released: Fri Mar 21 13:53:59 2025
Summary: Security update for zvbi
Type: security
Severity: important
References: 1239222,1239299,1239312,1239319,1239320,CVE-2025-2173,CVE-2025-2174,CVE-2025-2175,CVE-2025-2176,CVE-2025-2177
This update for zvbi fixes the following issues:
- CVE-2025-2173: Fixed check on src_length to avoid an unitinialized heap read (bsc#1239222).
- CVE-2025-2174: Fixed integer overflow leading to heap overflow in src/conv.c, src/io-sim.c, src/search.c (bsc#1239299).
- CVE-2025-2175: Fixed integer overflow in _vbi_strndup_iconv (bsc#1239312).
- CVE-2025-2176: Fixed integer overflow in function vbi_capture_sim_load_caption in src/io-sim.c (bsc#1239319).
- CVE-2025-2177: Fixed integer overflow in function vbi_search_new in src/search.c (bsc#1239320).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:1256-1
Released: Mon Apr 14 17:41:38 2025
Summary: Recommended update for ffmpeg-4
Type: recommended
Severity: moderate
References: 1219494,1230983
This update for ffmpeg-4 fixes the following issues:
- Fixed build against dav1d, which has been updated
- No longer build against libmfx; build against libvp (bsc#1230983, bsc#1219494)
- Drop libmfx dependency from our product (jira #PED-10024)
The following package changes have been done:
- libdav1d7-1.4.0-150600.1.2 added
- libopenjp2-7-2.3.0-150000.3.18.1 added
- libvpx7-1.11.0-150400.3.7.1 added
- libzvbi0-0.2.35-150000.4.3.1 added
- libavutil56_70-4.4.5-150600.13.22.1 added
- libswresample3_9-4.4.5-150600.13.22.1 added
- libavcodec58_134-4.4.5-150600.13.22.1 added
- noto-sans-tc-regular-fonts-20170403-150200.10.3.1 added
- noto-sans-tc-bold-fonts-20170403-150200.10.3.1 added
- noto-sans-sc-regular-fonts-20170403-150200.10.3.1 added
- noto-sans-sc-bold-fonts-20170403-150200.10.3.1 added
- noto-sans-kr-regular-fonts-20170403-150200.10.3.1 added
- noto-sans-kr-bold-fonts-20170403-150200.10.3.1 added
- noto-sans-jp-regular-fonts-20170403-150200.10.3.1 added
- noto-sans-jp-bold-fonts-20170403-150200.10.3.1 added
- noto-sans-tc-fonts-20170403-150200.10.3.1 added
- noto-sans-sc-fonts-20170403-150200.10.3.1 added
- noto-sans-kr-fonts-20170403-150200.10.3.1 added
- noto-sans-jp-fonts-20170403-150200.10.3.1 added
- noto-sans-cjk-fonts-20170403-150200.10.3.1 added
- libavcodec57-3.4.2-150200.11.60.1 removed
- libavutil55-3.4.2-150200.11.60.1 removed
- libcelt0-2-0.11.3-150000.3.5.1 removed
- libopenjpeg1-1.5.2-150000.4.10.1 removed
- libswresample2-3.4.2-150200.11.60.1 removed
- libva-x11-2-2.20.0-150600.1.3 removed
- libvpx4-1.6.1-150000.6.16.1 removed
- libxcb-dri3-0-1.13-150000.3.11.1 removed
More information about the sle-container-updates
mailing list