GraphicsMagick, Firefox, Argocd-CLI updates for SUSE

SUSE 5304 Published 2 weeks ago by Philipp Esselbach

News

SUSE Linux has been updated with security enhancements for GraphicsMagick, Mozilla Firefox, and Argocd-CLI:

SUSE-SU-2025:1349-1: moderate: Security update for GraphicsMagick
openSUSE-SU-2025:15005-1: moderate: MozillaFirefox-137.0.2-1.1 on GA media
openSUSE-SU-2025:15006-1: moderate: argocd-cli-2.14.10-1.1 on GA media

SUSE-SU-2025:1349-1: moderate: Security update for GraphicsMagick

# Security update for GraphicsMagick

Announcement ID: SUSE-SU-2025:1349-1
Release Date: 2025-04-18T10:06:22Z
Rating: moderate
References:

* bsc#1241150

Cross-References:

* CVE-2025-32460

CVSS scores:

* CVE-2025-32460 ( SUSE ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-32460 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-32460 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected Products:

* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for GraphicsMagick fixes the following issues:

* CVE-2025-32460: Fixed a heap-based buffer over-read in ReadJXLImage.
(bsc#1241150)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-1349=1 openSUSE-SLE-15.6-2025-1349=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1349=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libGraphicsMagick-Q16-3-1.3.42-150600.3.7.1
* GraphicsMagick-debuginfo-1.3.42-150600.3.7.1
* libGraphicsMagick-Q16-3-debuginfo-1.3.42-150600.3.7.1
* GraphicsMagick-1.3.42-150600.3.7.1
* perl-GraphicsMagick-1.3.42-150600.3.7.1
* GraphicsMagick-debugsource-1.3.42-150600.3.7.1
* perl-GraphicsMagick-debuginfo-1.3.42-150600.3.7.1
* libGraphicsMagick3-config-1.3.42-150600.3.7.1
* libGraphicsMagickWand-Q16-2-1.3.42-150600.3.7.1
* GraphicsMagick-devel-1.3.42-150600.3.7.1
* libGraphicsMagick++-devel-1.3.42-150600.3.7.1
* libGraphicsMagick++-Q16-12-debuginfo-1.3.42-150600.3.7.1
* libGraphicsMagickWand-Q16-2-debuginfo-1.3.42-150600.3.7.1
* libGraphicsMagick++-Q16-12-1.3.42-150600.3.7.1
* SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
* libGraphicsMagick-Q16-3-1.3.42-150600.3.7.1
* GraphicsMagick-debuginfo-1.3.42-150600.3.7.1
* libGraphicsMagick-Q16-3-debuginfo-1.3.42-150600.3.7.1
* GraphicsMagick-1.3.42-150600.3.7.1
* perl-GraphicsMagick-1.3.42-150600.3.7.1
* GraphicsMagick-debugsource-1.3.42-150600.3.7.1
* perl-GraphicsMagick-debuginfo-1.3.42-150600.3.7.1
* libGraphicsMagick3-config-1.3.42-150600.3.7.1
* libGraphicsMagickWand-Q16-2-1.3.42-150600.3.7.1
* GraphicsMagick-devel-1.3.42-150600.3.7.1
* libGraphicsMagick++-devel-1.3.42-150600.3.7.1
* libGraphicsMagick++-Q16-12-debuginfo-1.3.42-150600.3.7.1
* libGraphicsMagickWand-Q16-2-debuginfo-1.3.42-150600.3.7.1
* libGraphicsMagick++-Q16-12-1.3.42-150600.3.7.1

## References:

* https://www.suse.com/security/cve/CVE-2025-32460.html
* https://bugzilla.suse.com/show_bug.cgi?id=1241150

openSUSE-SU-2025:15005-1: moderate: MozillaFirefox-137.0.2-1.1 on GA media

# MozillaFirefox-137.0.2-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15005-1
Rating: moderate

Cross-References:

* CVE-2025-3608

CVSS scores:

* CVE-2025-3608 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2025-3608 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the MozillaFirefox-137.0.2-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* MozillaFirefox 137.0.2-1.1
* MozillaFirefox-branding-upstream 137.0.2-1.1
* MozillaFirefox-devel 137.0.2-1.1
* MozillaFirefox-translations-common 137.0.2-1.1
* MozillaFirefox-translations-other 137.0.2-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-3608.html

openSUSE-SU-2025:15006-1: moderate: argocd-cli-2.14.10-1.1 on GA media

# argocd-cli-2.14.10-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15006-1
Rating: moderate

Cross-References:

* CVE-2025-29786

CVSS scores:

* CVE-2025-29786 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-29786 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the argocd-cli-2.14.10-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* argocd-cli 2.14.10-1.1
* argocd-cli-bash-completion 2.14.10-1.1
* argocd-cli-zsh-completion 2.14.10-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-29786.html

Libxml2 update for Slackware

Kernel, Java, Webkit2GTK, and more updates for Oracle

GraphicsMagick, Firefox, Argocd-CLI updates for SUSE

SUSE-SU-2025:1349-1: moderate: Security update for GraphicsMagick

openSUSE-SU-2025:15005-1: moderate: MozillaFirefox-137.0.2-1.1 on GA media

openSUSE-SU-2025:15006-1: moderate: argocd-cli-2.14.10-1.1 on GA media

Windows

Linux

macOS

Community