SUSE-CU-2026:381-1: Security update of suse/kiosk/xorg

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Tue Jan 27 08:18:04 UTC 2026 

SUSE Container Update Advisory: suse/kiosk/xorg
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:381-1
Container Tags        : suse/kiosk/xorg:21 , suse/kiosk/xorg:21.1 , suse/kiosk/xorg:21.1-73.8 , suse/kiosk/xorg:latest , suse/kiosk/xorg:notaskbar
Container Release     : 73.8
Severity              : moderate
Type                  : security
References            : 1254666 1256525 1256526 1257049 CVE-2025-14104 CVE-2026-0988
                        CVE-2026-22695 CVE-2026-22801 
-----------------------------------------------------------------

The container suse/kiosk/xorg was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:230-1
Released:    Thu Jan 22 13:22:31 2026
Summary:     Security update for util-linux
Type:        security
Severity:    moderate
References:  1254666,CVE-2025-14104
This update for util-linux fixes the following issues:

- CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666).
- lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:234-1
Released:    Thu Jan 22 13:24:43 2026
Summary:     Security update for libpng16
Type:        security
Severity:    moderate
References:  1256525,1256526,CVE-2026-22695,CVE-2026-22801
This update for libpng16 fixes the following issues:

- CVE-2026-22695: Fixed heap buffer over-read in png_image_finish_read (bsc#1256525)
- CVE-2026-22801: Fixed integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:286-1
Released:    Sat Jan 24 00:35:35 2026
Summary:     Security update for glib2
Type:        security
Severity:    low
References:  1257049,CVE-2026-0988
This update for glib2 fixes the following issues:

- CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049).


The following package changes have been done:

- libglib-2_0-0-2.78.6-150600.4.28.1 updated
- libsmartcols1-2.40.4-150700.4.3.1 updated
- libuuid1-2.40.4-150700.4.3.1 updated
- libblkid1-2.40.4-150700.4.3.1 updated
- libgobject-2_0-0-2.78.6-150600.4.28.1 updated
- libgmodule-2_0-0-2.78.6-150600.4.28.1 updated
- libpng16-16-1.6.40-150600.3.6.1 updated
- libmount1-2.40.4-150700.4.3.1 updated
- libfdisk1-2.40.4-150700.4.3.1 updated
- libgio-2_0-0-2.78.6-150600.4.28.1 updated
- glib2-tools-2.78.6-150600.4.28.1 updated
- util-linux-2.40.4-150700.4.3.1 updated
- container:suse-sle15-15.7-7970b1398395a13b38e858c60a7b75db5f5265dd7c0ecdabe8919a458b2f34e5-0 updated

More information about the sle-container-updates mailing list