SUSE-CU-2026:379-1: Security update of suse/kiosk/pulseaudio

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Jan 27 08:17:13 UTC 2026 

SUSE Container Update Advisory: suse/kiosk/pulseaudio
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:379-1
Container Tags        : suse/kiosk/pulseaudio:17 , suse/kiosk/pulseaudio:17.0 , suse/kiosk/pulseaudio:17.0-68.8 , suse/kiosk/pulseaudio:latest
Container Release     : 68.8
Severity              : moderate
Type                  : security
References            : 1254666 1256459 1256525 1256526 1257049 CVE-2025-14104 CVE-2026-0988
                        CVE-2026-22693 CVE-2026-22695 CVE-2026-22801 
-----------------------------------------------------------------

The container suse/kiosk/pulseaudio was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:230-1
Released:    Thu Jan 22 13:22:31 2026
Summary:     Security update for util-linux
Type:        security
Severity:    moderate
References:  1254666,CVE-2025-14104
This update for util-linux fixes the following issues:

- CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666).
- lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:234-1
Released:    Thu Jan 22 13:24:43 2026
Summary:     Security update for libpng16
Type:        security
Severity:    moderate
References:  1256525,1256526,CVE-2026-22695,CVE-2026-22801
This update for libpng16 fixes the following issues:

- CVE-2026-22695: Fixed heap buffer over-read in png_image_finish_read (bsc#1256525)
- CVE-2026-22801: Fixed integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:286-1
Released:    Sat Jan 24 00:35:35 2026
Summary:     Security update for glib2
Type:        security
Severity:    low
References:  1257049,CVE-2026-0988
This update for glib2 fixes the following issues:

- CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:287-1
Released:    Sat Jan 24 00:35:49 2026
Summary:     Security update for harfbuzz
Type:        security
Severity:    moderate
References:  1256459,CVE-2026-22693
This update for harfbuzz fixes the following issues:

- CVE-2026-22693: Fixed a NULL pointer dereference in SubtableUnicodesCache::create (bsc#1256459).


The following package changes have been done:

- libglib-2_0-0-2.78.6-150600.4.28.1 updated
- libsmartcols1-2.40.4-150700.4.3.1 updated
- libuuid1-2.40.4-150700.4.3.1 updated
- libblkid1-2.40.4-150700.4.3.1 updated
- libgobject-2_0-0-2.78.6-150600.4.28.1 updated
- libgmodule-2_0-0-2.78.6-150600.4.28.1 updated
- libpng16-16-1.6.40-150600.3.6.1 updated
- libmount1-2.40.4-150700.4.3.1 updated
- libfdisk1-2.40.4-150700.4.3.1 updated
- libharfbuzz0-8.3.0-150600.3.3.1 updated
- libgio-2_0-0-2.78.6-150600.4.28.1 updated
- glib2-tools-2.78.6-150600.4.28.1 updated
- util-linux-2.40.4-150700.4.3.1 updated
- container:suse-sle15-15.7-7970b1398395a13b38e858c60a7b75db5f5265dd7c0ecdabe8919a458b2f34e5-0 updated

More information about the sle-container-updates mailing list