SUSE-CU-2025:6767-1: Security update of suse/kiosk/firefox-esr

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Thu Sep 11 07:08:45 UTC 2025 

SUSE Container Update Advisory: suse/kiosk/firefox-esr
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:6767-1
Container Tags        : suse/kiosk/firefox-esr:140.2 , suse/kiosk/firefox-esr:140.2-64.22 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest
Container Release     : 64.22
Severity              : important
Type                  : security
References            : 1226112 1232234 1240058 1245227 1246114 1246221 1246965 1247774
                        1248162 CVE-2024-10041 CVE-2025-6199 CVE-2025-7345 CVE-2025-8058
                        CVE-2025-9179 CVE-2025-9180 CVE-2025-9181 CVE-2025-9182 CVE-2025-9183
                        CVE-2025-9184 CVE-2025-9185 CVE-2025-9187 
-----------------------------------------------------------------

The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2954-1
Released:    Thu Aug 21 15:42:53 2025
Summary:     Security update for gdk-pixbuf
Type:        security
Severity:    important
References:  1245227,1246114,CVE-2025-6199,CVE-2025-7345
This update for gdk-pixbuf fixes the following issues:

- CVE-2025-6199: Fixed uninitialized memory leading to arbitrary memory contents leak (bsc#1245227)
- CVE-2025-7345: Fixed heap buffer overflow within the gdk_pixbuf__jpeg_image_load_increment function (bsc#1246114)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2964-1
Released:    Fri Aug 22 14:52:39 2025
Summary:     Security update for glibc
Type:        security
Severity:    moderate
References:  1240058,1246965,CVE-2025-8058
This update for glibc fixes the following issues:

- CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2970-1
Released:    Mon Aug 25 10:27:57 2025
Summary:     Security update for pam
Type:        security
Severity:    moderate
References:  1232234,1246221,CVE-2024-10041
This update for pam fixes the following issues:

- Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3008-1
Released:    Thu Aug 28 11:18:10 2025
Summary:     Security update for MozillaFirefox
Type:        security
Severity:    important
References:  1226112,1247774,1248162,CVE-2025-9179,CVE-2025-9180,CVE-2025-9181,CVE-2025-9182,CVE-2025-9183,CVE-2025-9184,CVE-2025-9185,CVE-2025-9187
This update for MozillaFirefox fixes the following issues:

- Firefox Extended Support Release 140.2.0 ESR
  MFSA 2025-67 (bsc#1248162)
  * CVE-2025-9179 (bmo#1979527):
    Sandbox escape due to invalid pointer in the Audio/Video: GMP
    component
  * CVE-2025-9180 (bmo#1979782):
    Same-origin policy bypass in the Graphics: Canvas2D component
  * CVE-2025-9181 (bmo#1977130):
    Uninitialized memory in the JavaScript Engine component
  * CVE-2025-9182 (bmo#1975837):
    Denial-of-service due to out-of-memory in the Graphics:
    WebRender component
  * CVE-2025-9183 (bmo#1976102):
    Spoofing issue in the Address Bar component
  * CVE-2025-9184 (bmo#1929482, bmo#1976376, bmo#1979163,
    bmo#1979955):
    Memory safety bugs fixed in Firefox ESR 140.2, Thunderbird
    ESR 140.2, Firefox 142 and Thunderbird 142
  * CVE-2025-9185 (bmo#1970154, bmo#1976782, bmo#1977166):
    Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR
    128.14, Thunderbird ESR 128.14, Firefox ESR 140.2,
    Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142
  * CVE-2025-9187 (bmo#1825621, bmo#1970079, bmo#1976736,
    bmo#1979072): Memory safety bugs fixed in Firefox 142 and 
    Thunderbird 142

- Other fixes:
  * Ensure the use of the correct file-picker on KDE (bsc#1226112)


The following package changes have been done:

- glibc-2.38-150600.14.37.1 updated
- gdk-pixbuf-query-loaders-2.42.12-150600.3.8.1 updated
- libgdk_pixbuf-2_0-0-2.42.12-150600.3.8.1 updated
- pam-1.3.0-150000.6.86.1 updated
- MozillaFirefox-140.2.0-150200.152.198.1 updated
- container:suse-sle15-15.7-6d58784f25ab2a6683cd03e5c220cdb204e4d82db4b49ea1b4635dbd52b60a5b-0 updated
- container:registry.suse.com-bci-bci-micro-15.7-e631ddc87a64067f3454b729f811eed0236dbf4ae669a438bf1b78e771b90a13-0 updated

More information about the sle-container-updates mailing list