SUSE-CU-2025:7238-1: Security update of suse/kiosk/pulseaudio

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Thu Oct 2 11:29:04 UTC 2025 

SUSE Container Update Advisory: suse/kiosk/pulseaudio
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:7238-1
Container Tags        : suse/kiosk/pulseaudio:17 , suse/kiosk/pulseaudio:17.0 , suse/kiosk/pulseaudio:17.0-64.4 , suse/kiosk/pulseaudio:latest
Container Release     : 64.4
Severity              : low
Type                  : security
References            : 1247589 CVE-2025-50422 
-----------------------------------------------------------------

The container suse/kiosk/pulseaudio was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3449-1
Released:    Thu Oct  2 09:15:17 2025
Summary:     Security update for cairo
Type:        security
Severity:    low
References:  1247589,CVE-2025-50422
This update for cairo fixes the following issues:

- CVE-2025-50422: Fixed Poppler crash on malformed input (bsc#1247589)

- Update to version 1.18.4:
  + The dependency on LZO has been made optional through a build
    time configuration toggle.
  + You can build Cairo against a Freetype installation that does
    not have the FT_Color type.
  + Cairo tests now build on Solaris 11.4 with GCC 14.
  + The DirectWrite backend now builds on MINGW 11.
  + The DirectWrite backend now supports font variations and proper
    glyph coverage.
- Use tarball in lieu of source service due to freedesktop gitlab
  migration, will switch back at next release at the latest.
- Add pkgconfig(lzo2) BuildRequires: New optional dependency, build
  lzo2 support feature.

- Convert to source service: allows for easier upgrades by the
  GNOME team.

- Update to version 1.18.2:
  + The malloc-stats code has been removed from the tests directory
  + Cairo now requires a version of pixman equal to, or newer than,
    0.40.
  + There have been multiple build fixes for newer versions of GCC
    for MSVC; for Solaris; and on macOS 10.7.
  + PNG errors caused by loading malformed data are correctly
    propagated to callers, so they can handle the case.
  + Both stroke and fill colors are now set when showing glyphs on
    a PDF surface.
  + All the font options are copied when creating a fallback font
    object.
  + When drawing text on macOS, Cairo now tries harder to select
    the appropriate font name.
  + Cairo now prefers the COLRv1 table inside a font, if one is
    available.
  + Cairo requires a C11 toolchain when building.


The following package changes have been done:

- libcairo2-1.18.4-150600.3.3.1 updated
- container:suse-sle15-15.7-c748b740034bd7faee2a71a60ccfdc9e27e13d317b6e9823dbac93189c7f6c8f-0 updated
- container:registry.suse.com-bci-bci-micro-15.7-c1aae46db7c54cb25fdee08057b82408d4ca85fec3670a0a866563002a249177-0 updated

More information about the sle-container-updates mailing list