SUSE-CU-2025:7837-1: Security update of suse/kiosk/xorg
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Fri Oct 31 08:38:06 UTC 2025
SUSE Container Update Advisory: suse/kiosk/xorg
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:7837-1
Container Tags : suse/kiosk/xorg:21 , suse/kiosk/xorg:21.1 , suse/kiosk/xorg:21.1-70.4 , suse/kiosk/xorg:latest , suse/kiosk/xorg:notaskbar
Container Release : 70.4
Severity : important
Type : security
References : 1241219 1245199 1250304 1251958 1251959 1251960 CVE-2025-3576
CVE-2025-62229 CVE-2025-62230 CVE-2025-62231
-----------------------------------------------------------------
The container suse/kiosk/xorg was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3699-1
Released: Tue Oct 21 12:07:47 2025
Summary: Security update for krb5
Type: security
Severity: moderate
References: 1241219,CVE-2025-3576
This update for krb5 fixes the following issues:
- CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using
RC4-HMAC-MD5 (bsc#1241219).
Krb5 as very old protocol supported quite a number of ciphers
that are not longer up to current cryptographic standards.
To avoid problems with those, SUSE has by default now disabled
those alorithms.
The following algorithms have been removed from valid krb5 enctypes:
- des3-cbc-sha1
- arcfour-hmac-md5
To reenable those algorithms, you can use allow options in krb5.conf:
[libdefaults]
allow_des3 = true
allow_rc4 = true
to reenable them.
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2025:3726-1
Released: Wed Oct 22 14:43:43 2025
Summary: Optional update for llvm19
Type: optional
Severity: low
References: 1250304
This update for llvm19 fixes the following issues:
- Add llvm19-devel to Dev. Tools, no source changes. (bsc#1250304)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:3836-1
Released: Tue Oct 28 11:38:00 2025
Summary: Recommended update for bash
Type: recommended
Severity: important
References: 1245199
This update for bash fixes the following issues:
- Fix histfile missing timestamp for the oldest record (bsc#1245199)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3865-1
Released: Thu Oct 30 14:40:10 2025
Summary: Security update for xorg-x11-server
Type: security
Severity: important
References: 1251958,1251959,1251960,CVE-2025-62229,CVE-2025-62230,CVE-2025-62231
This update for xorg-x11-server fixes the following issues:
- Fixed use-after-free in XPresentNotify structures creation (CVE-2025-62229, bsc#1251958)
- Fixed use-after-free in Xkb client resource removal (CVE-2025-62230, bsc#1251959)
- Fixed value overflow in Xkb extension XkbSetCompatMap() (CVE-2025-62231, bsc#1251960)
The following package changes have been done:
- libreadline7-7.0-150400.27.6.1 updated
- bash-4.4-150400.27.6.1 updated
- bash-sh-4.4-150400.27.6.1 updated
- libLLVM19-19.1.7-150700.3.6.1 updated
- krb5-1.20.1-150600.11.14.1 updated
- xorg-x11-server-Xvfb-21.1.15-150700.5.11.1 updated
- xorg-x11-server-21.1.15-150700.5.11.1 updated
- container:suse-sle15-15.7-bc008ba5c6cb67bccdaa0a8a8a188754a0214276ba72f9d52f2925430dc5c502-0 updated
- container:registry.suse.com-bci-bci-micro-15.7-da008f7ab0d2262d5e978dc6ce8daeef3cd2f6cd454ccbfe84998b74c49a424b-0 updated
More information about the sle-container-updates
mailing list