SUSE-CU-2025:6918-1: Security update of suse/kiosk/firefox-esr
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Sep 18 08:44:07 UTC 2025
SUSE Container Update Advisory: suse/kiosk/firefox-esr
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:6918-1
Container Tags : suse/kiosk/firefox-esr:140.2 , suse/kiosk/firefox-esr:140.2-64.28 , suse/kiosk/firefox-esr:esr , suse/kiosk/firefox-esr:latest
Container Release : 64.28
Severity : important
Type : security
References : 1230932 1246533 1249049 1249128 CVE-2024-47175 CVE-2025-58060
CVE-2025-58364
-----------------------------------------------------------------
The container suse/kiosk/firefox-esr was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3261-1
Released: Thu Sep 18 06:35:19 2025
Summary: Security update for cups
Type: security
Severity: important
References: 1230932,1246533,1249049,1249128,CVE-2024-47175,CVE-2025-58060,CVE-2025-58364
This update for cups fixes the following issues:
- CVE-2024-47175: no validation of IPP attributes in `ppdCreatePPDFromIPP2` when writing to a temporary PPD file allows
for the injection of attacker-controlled data to the resulting PPD (bsc#1230932).
- CVE-2025-58060: no password check when `AuthType` is set to anything but `Basic` and a request is made with an
`Authorization: Basic` header (bsc#1249049).
- CVE-2025-58364: unsafe deserialization and validation of printer attributes leads to NULL pointer dereference
(bsc#1249128).
The following package changes have been done:
- cups-config-2.2.7-150000.3.72.1 updated
- libcups2-2.2.7-150000.3.72.1 updated
More information about the sle-container-updates
mailing list