SUSE-CU-2026:438-1: Security update of suse/kiosk/xorg-client

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Jan 28 13:55:24 UTC 2026 

SUSE Container Update Advisory: suse/kiosk/xorg-client
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2026:438-1
Container Tags        : suse/kiosk/xorg-client:21 , suse/kiosk/xorg-client:21-70.8 , suse/kiosk/xorg-client:latest
Container Release     : 70.8
Severity              : moderate
Type                  : security
References            : 1252895 1254666 1256525 1256526 CVE-2025-14104 CVE-2026-22695
                        CVE-2026-22801 
-----------------------------------------------------------------

The container suse/kiosk/xorg-client was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:230-1
Released:    Thu Jan 22 13:22:31 2026
Summary:     Security update for util-linux
Type:        security
Severity:    moderate
References:  1254666,CVE-2025-14104
This update for util-linux fixes the following issues:

- CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666).
- lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:234-1
Released:    Thu Jan 22 13:24:43 2026
Summary:     Security update for libpng16
Type:        security
Severity:    moderate
References:  1256525,1256526,CVE-2026-22695,CVE-2026-22801
This update for libpng16 fixes the following issues:

- CVE-2026-22695: Fixed heap buffer over-read in png_image_finish_read (bsc#1256525)
- CVE-2026-22801: Fixed integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2026:249-1
Released:    Thu Jan 22 16:23:36 2026
Summary:     Recommended update for libwebp
Type:        recommended
Severity:    moderate
References:  1252895

This update for libwebp ships the commandline tools to Package Hub.


The following package changes have been done:

- patterns-base-fips-20200124-150700.36.1 added
- libsmartcols1-2.40.4-150700.4.3.1 updated
- libuuid1-2.40.4-150700.4.3.1 updated
- libwebp7-1.0.3-150200.3.14.1 updated
- libblkid1-2.40.4-150700.4.3.1 updated
- libwebpmux3-1.0.3-150200.3.14.1 updated
- libpng16-16-1.6.40-150600.3.6.1 updated
- libmount1-2.40.4-150700.4.3.1 updated
- libfdisk1-2.40.4-150700.4.3.1 updated
- libopenssl-3-fips-provider-3.2.3-150700.5.21.1 added
- util-linux-2.40.4-150700.4.3.1 updated
- container:registry.suse.com-bci-bci-micro-15.7-55883c76f750bdb0fa8cf3fe2e43f19f9babc501efce9801e94a9c0c8d115a20-0 updated

More information about the sle-container-updates mailing list