Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-27664 (GCVE-0-2022-27664)
Vulnerability from cvelistv5 – Published: 2022-09-06 17:29 – Updated: 2024-08-03 05:32
VLAI
EPSS
Summary
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
Severity
7.5 (High)
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://groups.google.com/g/golang-announce | x_refsource_MISC |
| https://groups.google.com/g/golang-announce/c/x49… | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://security.netapp.com/advisory/ntap-2022092… | x_refsource_CONFIRM |
| https://security.gentoo.org/glsa/202209-26 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:32:59.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s"
},
{
"name": "FEDORA-2022-67ec8c61d0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/"
},
{
"name": "FEDORA-2022-45097317b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220923-0004/"
},
{
"name": "GLSA-202209-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-26"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T16:06:56.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/golang-announce"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s"
},
{
"name": "FEDORA-2022-67ec8c61d0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/"
},
{
"name": "FEDORA-2022-45097317b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220923-0004/"
},
{
"name": "GLSA-202209-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202209-26"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-27664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/golang-announce",
"refsource": "MISC",
"url": "https://groups.google.com/g/golang-announce"
},
{
"name": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s",
"refsource": "CONFIRM",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s"
},
{
"name": "FEDORA-2022-67ec8c61d0",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/"
},
{
"name": "FEDORA-2022-45097317b4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220923-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220923-0004/"
},
{
"name": "GLSA-202209-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202209-26"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-27664",
"datePublished": "2022-09-06T17:29:08.000Z",
"dateReserved": "2022-03-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T05:32:59.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-27664",
"date": "2026-06-10",
"epss": "0.00098",
"percentile": "0.26909"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.18.6\", \"matchCriteriaId\": \"5FD1F793-7C7B-454B-BD2D-CE56C91E8573\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:go:1.19.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6173F8B9-F925-4166-9D3A-6793082D6A6F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.\"}, {\"lang\": \"es\", \"value\": \"En net/http en Go versiones anteriores a 1.18.6 y 1.19.x anteriores a 1.19.1, los atacantes pueden causar una denegaci\\u00f3n de servicio porque una conexi\\u00f3n HTTP/2 puede colgarse durante el cierre si el apagado fue adelantado por un error fatal.\\n\"}]",
"id": "CVE-2022-27664",
"lastModified": "2024-11-21T06:56:07.703",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2022-09-06T18:15:12.747",
"references": "[{\"url\": \"https://groups.google.com/g/golang-announce\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/x49AQzIVX-s\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.gentoo.org/glsa/202209-26\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220923-0004/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://groups.google.com/g/golang-announce\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/x49AQzIVX-s\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202209-26\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220923-0004/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-27664\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-09-06T18:15:12.747\",\"lastModified\":\"2024-11-21T06:56:07.703\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.\"},{\"lang\":\"es\",\"value\":\"En net/http en Go versiones anteriores a 1.18.6 y 1.19.x anteriores a 1.19.1, los atacantes pueden causar una denegaci\u00f3n de servicio porque una conexi\u00f3n HTTP/2 puede colgarse durante el cierre si el apagado fue adelantado por un error fatal.\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.18.6\",\"matchCriteriaId\":\"5FD1F793-7C7B-454B-BD2D-CE56C91E8573\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:1.19.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6173F8B9-F925-4166-9D3A-6793082D6A6F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E30D0E6F-4AE8-4284-8716-991DFA48CC5D\"}]}]}],\"references\":[{\"url\":\"https://groups.google.com/g/golang-announce\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/x49AQzIVX-s\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/202209-26\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220923-0004/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/x49AQzIVX-s\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202209-26\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220923-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
GSD-2022-27664
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-27664",
"description": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.",
"id": "GSD-2022-27664",
"references": [
"https://alas.aws.amazon.com/cve/html/CVE-2022-27664.html",
"https://advisories.mageia.org/CVE-2022-27664.html",
"https://access.redhat.com/errata/RHSA-2022:7129",
"https://access.redhat.com/errata/RHSA-2022:8535",
"https://access.redhat.com/errata/RHSA-2022:8626",
"https://access.redhat.com/errata/RHSA-2022:8634",
"https://access.redhat.com/errata/RHSA-2022:8781",
"https://www.suse.com/security/cve/CVE-2022-27664.html",
"https://access.redhat.com/errata/RHBA-2023:0564",
"https://access.redhat.com/errata/RHSA-2022:7398",
"https://access.redhat.com/errata/RHSA-2023:0264",
"https://access.redhat.com/errata/RHSA-2023:0542",
"https://access.redhat.com/errata/RHSA-2023:0631",
"https://access.redhat.com/errata/RHSA-2023:0693",
"https://access.redhat.com/errata/RHSA-2023:0708",
"https://access.redhat.com/errata/RHSA-2023:0709",
"https://access.redhat.com/errata/RHSA-2023:1042"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-27664"
],
"details": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.",
"id": "GSD-2022-27664",
"modified": "2023-12-13T01:19:40.782513Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-27664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/golang-announce",
"refsource": "MISC",
"url": "https://groups.google.com/g/golang-announce"
},
{
"name": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s",
"refsource": "CONFIRM",
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s"
},
{
"name": "FEDORA-2022-67ec8c61d0",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/"
},
{
"name": "FEDORA-2022-45097317b4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220923-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220923-0004/"
},
{
"name": "GLSA-202209-26",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202209-26"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c0.0.0-20220906165146-f3363e06e74c",
"affected_versions": "All versions before 0.0.0-20220906165146-f3363e06e74c",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2023-02-18",
"description": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.",
"fixed_versions": [
"0.0.0-20220906165146-f3363e06e74c"
],
"identifier": "CVE-2022-27664",
"identifiers": [
"GHSA-69cg-p879-7622",
"CVE-2022-27664"
],
"not_impacted": "All versions starting from 0.0.0-20220906165146-f3363e06e74c",
"package_slug": "go/golang.org/x/net",
"pubdate": "2022-09-07",
"solution": "Upgrade to version 0.0.0-20220906165146-f3363e06e74c or above.",
"title": "golang.org/x/net/http2 Denial of Service vulnerability",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"https://groups.google.com/g/golang-announce",
"https://groups.google.com/g/golang-announce/c/x49AQzIVX-s",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/",
"https://security.gentoo.org/glsa/202209-26",
"https://security.netapp.com/advisory/ntap-20220923-0004/",
"https://pkg.go.dev/vuln/GO-2022-0969",
"https://go.dev/cl/428735",
"https://go.dev/issue/54658",
"https://github.com/advisories/GHSA-69cg-p879-7622"
],
"uuid": "95e87b51-5ed9-4690-ba0c-a766e8495393"
},
{
"affected_range": "\u003c0.0.0-20220906165146-f3363e06e74c",
"affected_versions": "All versions before 0.0.0-20220906165146-f3363e06e74c",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2023-01-18",
"description": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.",
"fixed_versions": [
"0.0.0-20220906165146-f3363e06e74c"
],
"identifier": "CVE-2022-27664",
"identifiers": [
"GHSA-69cg-p879-7622",
"CVE-2022-27664"
],
"not_impacted": "All versions starting from 0.0.0-20220906165146-f3363e06e74c",
"package_slug": "go/golang.org/x/net/http2",
"pubdate": "2022-09-07",
"solution": "Upgrade to version 0.0.0-20220906165146-f3363e06e74c or above.",
"title": "golang.org/x/net/http2 Denial of Service vulnerability",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-27664",
"https://groups.google.com/g/golang-announce",
"https://groups.google.com/g/golang-announce/c/x49AQzIVX-s",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/",
"https://security.gentoo.org/glsa/202209-26",
"https://security.netapp.com/advisory/ntap-20220923-0004/",
"https://pkg.go.dev/vuln/GO-2022-0969",
"https://github.com/advisories/GHSA-69cg-p879-7622"
],
"uuid": "f6b9e97c-0ba0-4461-b8da-a6c187c30eac"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:golang:go:1.19.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.18.6",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-27664"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s",
"refsource": "CONFIRM",
"tags": [
"Mailing List",
"Release Notes",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s"
},
{
"name": "https://groups.google.com/g/golang-announce",
"refsource": "MISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/golang-announce"
},
{
"name": "FEDORA-2022-67ec8c61d0",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/"
},
{
"name": "FEDORA-2022-45097317b4",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220923-0004/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220923-0004/"
},
{
"name": "GLSA-202209-26",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202209-26"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-10-28T12:42Z",
"publishedDate": "2022-09-06T18:15Z"
}
}
}
MSRC_CVE-2022-27664
Vulnerability from csaf_microsoft - Published: 2022-09-02 00:00 - Updated: 2026-02-18 02:27Summary
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1 attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
7.5 (High)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 19778-17086 | — | ||
| Unresolved product id: 19679-17084 | — | ||
| Unresolved product id: 17485-17084 | — | ||
| Unresolved product id: 18442-16820 | — | ||
| Unresolved product id: 17375-17086 | — | ||
| Unresolved product id: 18624-17086 | — | ||
| Unresolved product id: 18625-17086 | — | ||
| Unresolved product id: 18626-17084 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17086-1 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-5 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 16820-9 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-13 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-8 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-7 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-6 | — |
Vendor Fix
fix
|
Known not affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17084-11 | — | ||
| Unresolved product id: 17084-10 | — | ||
| Unresolved product id: 17084-4 | — | ||
| Unresolved product id: 17086-2 | — | ||
| Unresolved product id: 17084-3 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2022/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2022/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2022-27664 In net/http in Go before 1.18.6 and 1.19.x before 1.19.1 attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2022/msrc_cve-2022-27664.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1 attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.",
"tracking": {
"current_release_date": "2026-02-18T02:27:52.000Z",
"generator": {
"date": "2026-02-18T09:49:28.092Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2022-27664",
"initial_release_date": "2022-09-02T00:00:00.000Z",
"revision_history": [
{
"date": "2023-11-08T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2022-09-09T00:00:00.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Information published."
},
{
"date": "2026-02-18T02:27:52.000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Information published."
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
},
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
},
{
"category": "product_version",
"name": "1.0",
"product": {
"name": "CBL Mariner 1.0",
"product_id": "16820"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 golang 1.17.13-2",
"product": {
"name": "\u003ccbl2 golang 1.17.13-2",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 golang 1.17.13-2",
"product": {
"name": "cbl2 golang 1.17.13-2",
"product_id": "19778"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 golang 1.23.9-1",
"product": {
"name": "\u003cazl3 golang 1.23.9-1",
"product_id": "5"
}
},
{
"category": "product_version",
"name": "azl3 golang 1.23.9-1",
"product": {
"name": "azl3 golang 1.23.9-1",
"product_id": "19679"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 golang 1.23.7-1",
"product": {
"name": "\u003cazl3 golang 1.23.7-1",
"product_id": "12"
}
},
{
"category": "product_version",
"name": "azl3 golang 1.23.7-1",
"product": {
"name": "azl3 golang 1.23.7-1",
"product_id": "17485"
}
},
{
"category": "product_version_range",
"name": "\u003ccm1 golang 1.17.13-2",
"product": {
"name": "\u003ccm1 golang 1.17.13-2",
"product_id": "9"
}
},
{
"category": "product_version",
"name": "cm1 golang 1.17.13-2",
"product": {
"name": "cm1 golang 1.17.13-2",
"product_id": "18442"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 golang 1.21.6-1",
"product": {
"name": "\u003ccbl2 golang 1.21.6-1",
"product_id": "13"
}
},
{
"category": "product_version",
"name": "cbl2 golang 1.21.6-1",
"product": {
"name": "cbl2 golang 1.21.6-1",
"product_id": "17375"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 golang 1.18.8-1",
"product": {
"name": "\u003ccbl2 golang 1.18.8-1",
"product_id": "7"
}
},
{
"category": "product_version",
"name": "cbl2 golang 1.18.8-1",
"product": {
"name": "cbl2 golang 1.18.8-1",
"product_id": "18625"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 golang 1.18.8-1",
"product": {
"name": "\u003cazl3 golang 1.18.8-1",
"product_id": "6"
}
},
{
"category": "product_version",
"name": "azl3 golang 1.18.8-1",
"product": {
"name": "azl3 golang 1.18.8-1",
"product_id": "18626"
}
}
],
"category": "product_name",
"name": "golang"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 kured 1.13.2-1",
"product": {
"name": "\u003ccbl2 kured 1.13.2-1",
"product_id": "8"
}
},
{
"category": "product_version",
"name": "cbl2 kured 1.13.2-1",
"product": {
"name": "cbl2 kured 1.13.2-1",
"product_id": "18624"
}
}
],
"category": "product_name",
"name": "kured"
},
{
"category": "product_name",
"name": "azl3 tensorflow 2.16.1-9",
"product": {
"name": "azl3 tensorflow 2.16.1-9",
"product_id": "11"
}
},
{
"category": "product_name",
"name": "azl3 gcc 13.2.0-7",
"product": {
"name": "azl3 gcc 13.2.0-7",
"product_id": "10"
}
},
{
"category": "product_name",
"name": "azl3 python-tensorboard 2.16.2-6",
"product": {
"name": "azl3 python-tensorboard 2.16.2-6",
"product_id": "4"
}
},
{
"category": "product_name",
"name": "cbl2 python-tensorboard 2.11.0-3",
"product": {
"name": "cbl2 python-tensorboard 2.11.0-3",
"product_id": "2"
}
},
{
"category": "product_name",
"name": "azl3 golang 1.24.3-1",
"product": {
"name": "azl3 golang 1.24.3-1",
"product_id": "3"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 golang 1.17.13-2 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 golang 1.17.13-2 as a component of CBL Mariner 2.0",
"product_id": "19778-17086"
},
"product_reference": "19778",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 golang 1.23.9-1 as a component of Azure Linux 3.0",
"product_id": "17084-5"
},
"product_reference": "5",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 golang 1.23.9-1 as a component of Azure Linux 3.0",
"product_id": "19679-17084"
},
"product_reference": "19679",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 tensorflow 2.16.1-9 as a component of Azure Linux 3.0",
"product_id": "17084-11"
},
"product_reference": "11",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 gcc 13.2.0-7 as a component of Azure Linux 3.0",
"product_id": "17084-10"
},
"product_reference": "10",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 golang 1.23.7-1 as a component of Azure Linux 3.0",
"product_id": "17084-12"
},
"product_reference": "12",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 golang 1.23.7-1 as a component of Azure Linux 3.0",
"product_id": "17485-17084"
},
"product_reference": "17485",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccm1 golang 1.17.13-2 as a component of CBL Mariner 1.0",
"product_id": "16820-9"
},
"product_reference": "9",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cm1 golang 1.17.13-2 as a component of CBL Mariner 1.0",
"product_id": "18442-16820"
},
"product_reference": "18442",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 golang 1.21.6-1 as a component of CBL Mariner 2.0",
"product_id": "17086-13"
},
"product_reference": "13",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 golang 1.21.6-1 as a component of CBL Mariner 2.0",
"product_id": "17375-17086"
},
"product_reference": "17375",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 kured 1.13.2-1 as a component of CBL Mariner 2.0",
"product_id": "17086-8"
},
"product_reference": "8",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 kured 1.13.2-1 as a component of CBL Mariner 2.0",
"product_id": "18624-17086"
},
"product_reference": "18624",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 golang 1.18.8-1 as a component of CBL Mariner 2.0",
"product_id": "17086-7"
},
"product_reference": "7",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 golang 1.18.8-1 as a component of CBL Mariner 2.0",
"product_id": "18625-17086"
},
"product_reference": "18625",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 golang 1.18.8-1 as a component of Azure Linux 3.0",
"product_id": "17084-6"
},
"product_reference": "6",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 golang 1.18.8-1 as a component of Azure Linux 3.0",
"product_id": "18626-17084"
},
"product_reference": "18626",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-tensorboard 2.16.2-6 as a component of Azure Linux 3.0",
"product_id": "17084-4"
},
"product_reference": "4",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 python-tensorboard 2.11.0-3 as a component of CBL Mariner 2.0",
"product_id": "17086-2"
},
"product_reference": "2",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 golang 1.24.3-1 as a component of Azure Linux 3.0",
"product_id": "17084-3"
},
"product_reference": "3",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-27664",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17084-11",
"17084-4",
"17086-2",
"17084-3"
]
},
{
"label": "vulnerable_code_not_present",
"product_ids": [
"17084-10"
]
}
],
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"19778-17086",
"19679-17084",
"17485-17084",
"18442-16820",
"17375-17086",
"18624-17086",
"18625-17086",
"18626-17084"
],
"known_affected": [
"17086-1",
"17084-5",
"17084-12",
"16820-9",
"17086-13",
"17086-8",
"17086-7",
"17084-6"
],
"known_not_affected": [
"17084-11",
"17084-10",
"17084-4",
"17086-2",
"17084-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-27664 In net/http in Go before 1.18.6 and 1.19.x before 1.19.1 attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2022/msrc_cve-2022-27664.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2022-09-09T00:00:00.000Z",
"details": "Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-1",
"17084-5",
"17084-12"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2022-09-09T00:00:00.000Z",
"details": "1.17.13-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"16820-9"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2022-09-09T00:00:00.000Z",
"details": "1.21.6-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-13"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2022-09-09T00:00:00.000Z",
"details": "1.13.2-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-8"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2022-09-09T00:00:00.000Z",
"details": "1.18.8-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-7",
"17084-6"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"17086-1",
"17084-5",
"17084-12",
"16820-9",
"17086-13",
"17086-8",
"17086-7",
"17084-6"
]
}
],
"title": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1 attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error."
}
]
}
OPENSUSE-SU-2024:12309-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
go1.18-1.18.6-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: go1.18-1.18.6-1.1 on GA media
Description of the patch: These are all security issues fixed in the go1.18-1.18.6-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-12309
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.18-1.18.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.18-1.18.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.18-1.18.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.18-1.18.6-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.18-doc-1.18.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.18-doc-1.18.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.18-doc-1.18.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.18-doc-1.18.6-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.18-race-1.18.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.18-race-1.18.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.18-race-1.18.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.18-race-1.18.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
6 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "go1.18-1.18.6-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the go1.18-1.18.6-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12309",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12309-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-27664 page",
"url": "https://www.suse.com/security/cve/CVE-2022-27664/"
}
],
"title": "go1.18-1.18.6-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12309-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.18-1.18.6-1.1.aarch64",
"product": {
"name": "go1.18-1.18.6-1.1.aarch64",
"product_id": "go1.18-1.18.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.18-doc-1.18.6-1.1.aarch64",
"product": {
"name": "go1.18-doc-1.18.6-1.1.aarch64",
"product_id": "go1.18-doc-1.18.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.18-race-1.18.6-1.1.aarch64",
"product": {
"name": "go1.18-race-1.18.6-1.1.aarch64",
"product_id": "go1.18-race-1.18.6-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.18-1.18.6-1.1.ppc64le",
"product": {
"name": "go1.18-1.18.6-1.1.ppc64le",
"product_id": "go1.18-1.18.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.18-doc-1.18.6-1.1.ppc64le",
"product": {
"name": "go1.18-doc-1.18.6-1.1.ppc64le",
"product_id": "go1.18-doc-1.18.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.18-race-1.18.6-1.1.ppc64le",
"product": {
"name": "go1.18-race-1.18.6-1.1.ppc64le",
"product_id": "go1.18-race-1.18.6-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.18-1.18.6-1.1.s390x",
"product": {
"name": "go1.18-1.18.6-1.1.s390x",
"product_id": "go1.18-1.18.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.18-doc-1.18.6-1.1.s390x",
"product": {
"name": "go1.18-doc-1.18.6-1.1.s390x",
"product_id": "go1.18-doc-1.18.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.18-race-1.18.6-1.1.s390x",
"product": {
"name": "go1.18-race-1.18.6-1.1.s390x",
"product_id": "go1.18-race-1.18.6-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.18-1.18.6-1.1.x86_64",
"product": {
"name": "go1.18-1.18.6-1.1.x86_64",
"product_id": "go1.18-1.18.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.18-doc-1.18.6-1.1.x86_64",
"product": {
"name": "go1.18-doc-1.18.6-1.1.x86_64",
"product_id": "go1.18-doc-1.18.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.18-race-1.18.6-1.1.x86_64",
"product": {
"name": "go1.18-race-1.18.6-1.1.x86_64",
"product_id": "go1.18-race-1.18.6-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.18-1.18.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.18-1.18.6-1.1.aarch64"
},
"product_reference": "go1.18-1.18.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.18-1.18.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.18-1.18.6-1.1.ppc64le"
},
"product_reference": "go1.18-1.18.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.18-1.18.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.18-1.18.6-1.1.s390x"
},
"product_reference": "go1.18-1.18.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.18-1.18.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.18-1.18.6-1.1.x86_64"
},
"product_reference": "go1.18-1.18.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.18-doc-1.18.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.18-doc-1.18.6-1.1.aarch64"
},
"product_reference": "go1.18-doc-1.18.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.18-doc-1.18.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.18-doc-1.18.6-1.1.ppc64le"
},
"product_reference": "go1.18-doc-1.18.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.18-doc-1.18.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.18-doc-1.18.6-1.1.s390x"
},
"product_reference": "go1.18-doc-1.18.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.18-doc-1.18.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.18-doc-1.18.6-1.1.x86_64"
},
"product_reference": "go1.18-doc-1.18.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.18-race-1.18.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.18-race-1.18.6-1.1.aarch64"
},
"product_reference": "go1.18-race-1.18.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.18-race-1.18.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.18-race-1.18.6-1.1.ppc64le"
},
"product_reference": "go1.18-race-1.18.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.18-race-1.18.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.18-race-1.18.6-1.1.s390x"
},
"product_reference": "go1.18-race-1.18.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.18-race-1.18.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.18-race-1.18.6-1.1.x86_64"
},
"product_reference": "go1.18-race-1.18.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-27664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-27664"
}
],
"notes": [
{
"category": "general",
"text": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.18-1.18.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.18-1.18.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.18-1.18.6-1.1.s390x",
"openSUSE Tumbleweed:go1.18-1.18.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.18-doc-1.18.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.18-doc-1.18.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.18-doc-1.18.6-1.1.s390x",
"openSUSE Tumbleweed:go1.18-doc-1.18.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.18-race-1.18.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.18-race-1.18.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.18-race-1.18.6-1.1.s390x",
"openSUSE Tumbleweed:go1.18-race-1.18.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-27664",
"url": "https://www.suse.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "SUSE Bug 1203185 for CVE-2022-27664",
"url": "https://bugzilla.suse.com/1203185"
},
{
"category": "external",
"summary": "SUSE Bug 1203293 for CVE-2022-27664",
"url": "https://bugzilla.suse.com/1203293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.18-1.18.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.18-1.18.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.18-1.18.6-1.1.s390x",
"openSUSE Tumbleweed:go1.18-1.18.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.18-doc-1.18.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.18-doc-1.18.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.18-doc-1.18.6-1.1.s390x",
"openSUSE Tumbleweed:go1.18-doc-1.18.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.18-race-1.18.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.18-race-1.18.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.18-race-1.18.6-1.1.s390x",
"openSUSE Tumbleweed:go1.18-race-1.18.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.18-1.18.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.18-1.18.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.18-1.18.6-1.1.s390x",
"openSUSE Tumbleweed:go1.18-1.18.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.18-doc-1.18.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.18-doc-1.18.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.18-doc-1.18.6-1.1.s390x",
"openSUSE Tumbleweed:go1.18-doc-1.18.6-1.1.x86_64",
"openSUSE Tumbleweed:go1.18-race-1.18.6-1.1.aarch64",
"openSUSE Tumbleweed:go1.18-race-1.18.6-1.1.ppc64le",
"openSUSE Tumbleweed:go1.18-race-1.18.6-1.1.s390x",
"openSUSE Tumbleweed:go1.18-race-1.18.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-27664"
}
]
}
OPENSUSE-SU-2024:12310-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
go1.19-1.19.1-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: go1.19-1.19.1-1.1 on GA media
Description of the patch: These are all security issues fixed in the go1.19-1.19.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-12310
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.19-1.19.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.19-1.19.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.19-1.19.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.19-1.19.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.19-1.19.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.19-1.19.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.19-1.19.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.19-1.19.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "go1.19-1.19.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the go1.19-1.19.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12310",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12310-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-27664 page",
"url": "https://www.suse.com/security/cve/CVE-2022-27664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-32190 page",
"url": "https://www.suse.com/security/cve/CVE-2022-32190/"
}
],
"title": "go1.19-1.19.1-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12310-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.19-1.19.1-1.1.aarch64",
"product": {
"name": "go1.19-1.19.1-1.1.aarch64",
"product_id": "go1.19-1.19.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.19-doc-1.19.1-1.1.aarch64",
"product": {
"name": "go1.19-doc-1.19.1-1.1.aarch64",
"product_id": "go1.19-doc-1.19.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.19-race-1.19.1-1.1.aarch64",
"product": {
"name": "go1.19-race-1.19.1-1.1.aarch64",
"product_id": "go1.19-race-1.19.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.19-1.19.1-1.1.ppc64le",
"product": {
"name": "go1.19-1.19.1-1.1.ppc64le",
"product_id": "go1.19-1.19.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.19-doc-1.19.1-1.1.ppc64le",
"product": {
"name": "go1.19-doc-1.19.1-1.1.ppc64le",
"product_id": "go1.19-doc-1.19.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.19-race-1.19.1-1.1.ppc64le",
"product": {
"name": "go1.19-race-1.19.1-1.1.ppc64le",
"product_id": "go1.19-race-1.19.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.19-1.19.1-1.1.s390x",
"product": {
"name": "go1.19-1.19.1-1.1.s390x",
"product_id": "go1.19-1.19.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.19-doc-1.19.1-1.1.s390x",
"product": {
"name": "go1.19-doc-1.19.1-1.1.s390x",
"product_id": "go1.19-doc-1.19.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.19-race-1.19.1-1.1.s390x",
"product": {
"name": "go1.19-race-1.19.1-1.1.s390x",
"product_id": "go1.19-race-1.19.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.19-1.19.1-1.1.x86_64",
"product": {
"name": "go1.19-1.19.1-1.1.x86_64",
"product_id": "go1.19-1.19.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.19-doc-1.19.1-1.1.x86_64",
"product": {
"name": "go1.19-doc-1.19.1-1.1.x86_64",
"product_id": "go1.19-doc-1.19.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.19-race-1.19.1-1.1.x86_64",
"product": {
"name": "go1.19-race-1.19.1-1.1.x86_64",
"product_id": "go1.19-race-1.19.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.19-1.19.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.19-1.19.1-1.1.aarch64"
},
"product_reference": "go1.19-1.19.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.19-1.19.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.19-1.19.1-1.1.ppc64le"
},
"product_reference": "go1.19-1.19.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.19-1.19.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.19-1.19.1-1.1.s390x"
},
"product_reference": "go1.19-1.19.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.19-1.19.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.19-1.19.1-1.1.x86_64"
},
"product_reference": "go1.19-1.19.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.19-doc-1.19.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.aarch64"
},
"product_reference": "go1.19-doc-1.19.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.19-doc-1.19.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.ppc64le"
},
"product_reference": "go1.19-doc-1.19.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.19-doc-1.19.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.s390x"
},
"product_reference": "go1.19-doc-1.19.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.19-doc-1.19.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.x86_64"
},
"product_reference": "go1.19-doc-1.19.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.19-race-1.19.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.aarch64"
},
"product_reference": "go1.19-race-1.19.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.19-race-1.19.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.ppc64le"
},
"product_reference": "go1.19-race-1.19.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.19-race-1.19.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.s390x"
},
"product_reference": "go1.19-race-1.19.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.19-race-1.19.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.x86_64"
},
"product_reference": "go1.19-race-1.19.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-27664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-27664"
}
],
"notes": [
{
"category": "general",
"text": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.19-1.19.1-1.1.aarch64",
"openSUSE Tumbleweed:go1.19-1.19.1-1.1.ppc64le",
"openSUSE Tumbleweed:go1.19-1.19.1-1.1.s390x",
"openSUSE Tumbleweed:go1.19-1.19.1-1.1.x86_64",
"openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.aarch64",
"openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.ppc64le",
"openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.s390x",
"openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.x86_64",
"openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.aarch64",
"openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.ppc64le",
"openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.s390x",
"openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-27664",
"url": "https://www.suse.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "SUSE Bug 1203185 for CVE-2022-27664",
"url": "https://bugzilla.suse.com/1203185"
},
{
"category": "external",
"summary": "SUSE Bug 1203293 for CVE-2022-27664",
"url": "https://bugzilla.suse.com/1203293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.19-1.19.1-1.1.aarch64",
"openSUSE Tumbleweed:go1.19-1.19.1-1.1.ppc64le",
"openSUSE Tumbleweed:go1.19-1.19.1-1.1.s390x",
"openSUSE Tumbleweed:go1.19-1.19.1-1.1.x86_64",
"openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.aarch64",
"openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.ppc64le",
"openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.s390x",
"openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.x86_64",
"openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.aarch64",
"openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.ppc64le",
"openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.s390x",
"openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.19-1.19.1-1.1.aarch64",
"openSUSE Tumbleweed:go1.19-1.19.1-1.1.ppc64le",
"openSUSE Tumbleweed:go1.19-1.19.1-1.1.s390x",
"openSUSE Tumbleweed:go1.19-1.19.1-1.1.x86_64",
"openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.aarch64",
"openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.ppc64le",
"openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.s390x",
"openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.x86_64",
"openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.aarch64",
"openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.ppc64le",
"openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.s390x",
"openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-27664"
},
{
"cve": "CVE-2022-32190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-32190"
}
],
"notes": [
{
"category": "general",
"text": "JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath(\"https://go.dev\", \"../go\") returns the URL \"https://go.dev/../go\", despite the JoinPath documentation stating that ../ path elements are removed from the result.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.19-1.19.1-1.1.aarch64",
"openSUSE Tumbleweed:go1.19-1.19.1-1.1.ppc64le",
"openSUSE Tumbleweed:go1.19-1.19.1-1.1.s390x",
"openSUSE Tumbleweed:go1.19-1.19.1-1.1.x86_64",
"openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.aarch64",
"openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.ppc64le",
"openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.s390x",
"openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.x86_64",
"openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.aarch64",
"openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.ppc64le",
"openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.s390x",
"openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-32190",
"url": "https://www.suse.com/security/cve/CVE-2022-32190"
},
{
"category": "external",
"summary": "SUSE Bug 1203186 for CVE-2022-32190",
"url": "https://bugzilla.suse.com/1203186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.19-1.19.1-1.1.aarch64",
"openSUSE Tumbleweed:go1.19-1.19.1-1.1.ppc64le",
"openSUSE Tumbleweed:go1.19-1.19.1-1.1.s390x",
"openSUSE Tumbleweed:go1.19-1.19.1-1.1.x86_64",
"openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.aarch64",
"openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.ppc64le",
"openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.s390x",
"openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.x86_64",
"openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.aarch64",
"openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.ppc64le",
"openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.s390x",
"openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.19-1.19.1-1.1.aarch64",
"openSUSE Tumbleweed:go1.19-1.19.1-1.1.ppc64le",
"openSUSE Tumbleweed:go1.19-1.19.1-1.1.s390x",
"openSUSE Tumbleweed:go1.19-1.19.1-1.1.x86_64",
"openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.aarch64",
"openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.ppc64le",
"openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.s390x",
"openSUSE Tumbleweed:go1.19-doc-1.19.1-1.1.x86_64",
"openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.aarch64",
"openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.ppc64le",
"openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.s390x",
"openSUSE Tumbleweed:go1.19-race-1.19.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-32190"
}
]
}
OPENSUSE-SU-2024:12600-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
docker-compose-2.15.1-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: docker-compose-2.15.1-1.1 on GA media
Description of the patch: These are all security issues fixed in the docker-compose-2.15.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-12600
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-compose-2.15.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-compose-2.15.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-compose-2.15.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-compose-2.15.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
6 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "docker-compose-2.15.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the docker-compose-2.15.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12600",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12600-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-27664 page",
"url": "https://www.suse.com/security/cve/CVE-2022-27664/"
}
],
"title": "docker-compose-2.15.1-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12600-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-compose-2.15.1-1.1.aarch64",
"product": {
"name": "docker-compose-2.15.1-1.1.aarch64",
"product_id": "docker-compose-2.15.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-compose-2.15.1-1.1.ppc64le",
"product": {
"name": "docker-compose-2.15.1-1.1.ppc64le",
"product_id": "docker-compose-2.15.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-compose-2.15.1-1.1.s390x",
"product": {
"name": "docker-compose-2.15.1-1.1.s390x",
"product_id": "docker-compose-2.15.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-compose-2.15.1-1.1.x86_64",
"product": {
"name": "docker-compose-2.15.1-1.1.x86_64",
"product_id": "docker-compose-2.15.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.15.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-compose-2.15.1-1.1.aarch64"
},
"product_reference": "docker-compose-2.15.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.15.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-compose-2.15.1-1.1.ppc64le"
},
"product_reference": "docker-compose-2.15.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.15.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-compose-2.15.1-1.1.s390x"
},
"product_reference": "docker-compose-2.15.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.15.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-compose-2.15.1-1.1.x86_64"
},
"product_reference": "docker-compose-2.15.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-27664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-27664"
}
],
"notes": [
{
"category": "general",
"text": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-compose-2.15.1-1.1.aarch64",
"openSUSE Tumbleweed:docker-compose-2.15.1-1.1.ppc64le",
"openSUSE Tumbleweed:docker-compose-2.15.1-1.1.s390x",
"openSUSE Tumbleweed:docker-compose-2.15.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-27664",
"url": "https://www.suse.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "SUSE Bug 1203185 for CVE-2022-27664",
"url": "https://bugzilla.suse.com/1203185"
},
{
"category": "external",
"summary": "SUSE Bug 1203293 for CVE-2022-27664",
"url": "https://bugzilla.suse.com/1203293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-compose-2.15.1-1.1.aarch64",
"openSUSE Tumbleweed:docker-compose-2.15.1-1.1.ppc64le",
"openSUSE Tumbleweed:docker-compose-2.15.1-1.1.s390x",
"openSUSE Tumbleweed:docker-compose-2.15.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-compose-2.15.1-1.1.aarch64",
"openSUSE Tumbleweed:docker-compose-2.15.1-1.1.ppc64le",
"openSUSE Tumbleweed:docker-compose-2.15.1-1.1.s390x",
"openSUSE Tumbleweed:docker-compose-2.15.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-27664"
}
]
}
OPENSUSE-SU-2024:12723-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
grafana-9.3.6-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: grafana-9.3.6-1.1 on GA media
Description of the patch: These are all security issues fixed in the grafana-9.3.6-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-12723
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "grafana-9.3.6-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the grafana-9.3.6-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12723",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12723-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-7753 page",
"url": "https://www.suse.com/security/cve/CVE-2020-7753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3807 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3807/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3918 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43138 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43138/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0155 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0155/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-27664 page",
"url": "https://www.suse.com/security/cve/CVE-2022-27664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-32149 page",
"url": "https://www.suse.com/security/cve/CVE-2022-32149/"
}
],
"title": "grafana-9.3.6-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12723-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "grafana-9.3.6-1.1.aarch64",
"product": {
"name": "grafana-9.3.6-1.1.aarch64",
"product_id": "grafana-9.3.6-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-9.3.6-1.1.ppc64le",
"product": {
"name": "grafana-9.3.6-1.1.ppc64le",
"product_id": "grafana-9.3.6-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-9.3.6-1.1.s390x",
"product": {
"name": "grafana-9.3.6-1.1.s390x",
"product_id": "grafana-9.3.6-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-9.3.6-1.1.x86_64",
"product": {
"name": "grafana-9.3.6-1.1.x86_64",
"product_id": "grafana-9.3.6-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-9.3.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64"
},
"product_reference": "grafana-9.3.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-9.3.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le"
},
"product_reference": "grafana-9.3.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-9.3.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x"
},
"product_reference": "grafana-9.3.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-9.3.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
},
"product_reference": "grafana-9.3.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-7753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-7753"
}
],
"notes": [
{
"category": "general",
"text": "All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-7753",
"url": "https://www.suse.com/security/cve/CVE-2020-7753"
},
{
"category": "external",
"summary": "SUSE Bug 1218843 for CVE-2020-7753",
"url": "https://bugzilla.suse.com/1218843"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-7753"
},
{
"cve": "CVE-2021-3807",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3807"
}
],
"notes": [
{
"category": "general",
"text": "ansi-regex is vulnerable to Inefficient Regular Expression Complexity",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3807",
"url": "https://www.suse.com/security/cve/CVE-2021-3807"
},
{
"category": "external",
"summary": "SUSE Bug 1192154 for CVE-2021-3807",
"url": "https://bugzilla.suse.com/1192154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-3807"
},
{
"cve": "CVE-2021-3918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3918"
}
],
"notes": [
{
"category": "general",
"text": "json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3918",
"url": "https://www.suse.com/security/cve/CVE-2021-3918"
},
{
"category": "external",
"summary": "SUSE Bug 1192696 for CVE-2021-3918",
"url": "https://bugzilla.suse.com/1192696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-3918"
},
{
"cve": "CVE-2021-43138",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43138"
}
],
"notes": [
{
"category": "general",
"text": "In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43138",
"url": "https://www.suse.com/security/cve/CVE-2021-43138"
},
{
"category": "external",
"summary": "SUSE Bug 1200480 for CVE-2021-43138",
"url": "https://bugzilla.suse.com/1200480"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-43138"
},
{
"cve": "CVE-2022-0155",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0155"
}
],
"notes": [
{
"category": "general",
"text": "follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0155",
"url": "https://www.suse.com/security/cve/CVE-2022-0155"
},
{
"category": "external",
"summary": "SUSE Bug 1218844 for CVE-2022-0155",
"url": "https://bugzilla.suse.com/1218844"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-0155"
},
{
"cve": "CVE-2022-27664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-27664"
}
],
"notes": [
{
"category": "general",
"text": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-27664",
"url": "https://www.suse.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "SUSE Bug 1203185 for CVE-2022-27664",
"url": "https://bugzilla.suse.com/1203185"
},
{
"category": "external",
"summary": "SUSE Bug 1203293 for CVE-2022-27664",
"url": "https://bugzilla.suse.com/1203293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-27664"
},
{
"cve": "CVE-2022-32149",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-32149"
}
],
"notes": [
{
"category": "general",
"text": "An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-32149",
"url": "https://www.suse.com/security/cve/CVE-2022-32149"
},
{
"category": "external",
"summary": "SUSE Bug 1204501 for CVE-2022-32149",
"url": "https://bugzilla.suse.com/1204501"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:grafana-9.3.6-1.1.aarch64",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.ppc64le",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.s390x",
"openSUSE Tumbleweed:grafana-9.3.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-32149"
}
]
}
OPENSUSE-SU-2024:12781-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
kubernetes1.24-apiserver-1.24.11-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: kubernetes1.24-apiserver-1.24.11-1.1 on GA media
Description of the patch: These are all security issues fixed in the kubernetes1.24-apiserver-1.24.11-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-12781
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.6 (Medium)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "kubernetes1.24-apiserver-1.24.11-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the kubernetes1.24-apiserver-1.24.11-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12781",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12781-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-27664 page",
"url": "https://www.suse.com/security/cve/CVE-2022-27664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3162 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3162/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3294 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3294/"
}
],
"title": "kubernetes1.24-apiserver-1.24.11-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12781-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kubernetes1.24-apiserver-1.24.11-1.1.aarch64",
"product": {
"name": "kubernetes1.24-apiserver-1.24.11-1.1.aarch64",
"product_id": "kubernetes1.24-apiserver-1.24.11-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-client-1.24.11-1.1.aarch64",
"product": {
"name": "kubernetes1.24-client-1.24.11-1.1.aarch64",
"product_id": "kubernetes1.24-client-1.24.11-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-client-common-1.24.11-1.1.aarch64",
"product": {
"name": "kubernetes1.24-client-common-1.24.11-1.1.aarch64",
"product_id": "kubernetes1.24-client-common-1.24.11-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-controller-manager-1.24.11-1.1.aarch64",
"product": {
"name": "kubernetes1.24-controller-manager-1.24.11-1.1.aarch64",
"product_id": "kubernetes1.24-controller-manager-1.24.11-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-kubeadm-1.24.11-1.1.aarch64",
"product": {
"name": "kubernetes1.24-kubeadm-1.24.11-1.1.aarch64",
"product_id": "kubernetes1.24-kubeadm-1.24.11-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-kubelet-1.24.11-1.1.aarch64",
"product": {
"name": "kubernetes1.24-kubelet-1.24.11-1.1.aarch64",
"product_id": "kubernetes1.24-kubelet-1.24.11-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-kubelet-common-1.24.11-1.1.aarch64",
"product": {
"name": "kubernetes1.24-kubelet-common-1.24.11-1.1.aarch64",
"product_id": "kubernetes1.24-kubelet-common-1.24.11-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-proxy-1.24.11-1.1.aarch64",
"product": {
"name": "kubernetes1.24-proxy-1.24.11-1.1.aarch64",
"product_id": "kubernetes1.24-proxy-1.24.11-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-scheduler-1.24.11-1.1.aarch64",
"product": {
"name": "kubernetes1.24-scheduler-1.24.11-1.1.aarch64",
"product_id": "kubernetes1.24-scheduler-1.24.11-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kubernetes1.24-apiserver-1.24.11-1.1.ppc64le",
"product": {
"name": "kubernetes1.24-apiserver-1.24.11-1.1.ppc64le",
"product_id": "kubernetes1.24-apiserver-1.24.11-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-client-1.24.11-1.1.ppc64le",
"product": {
"name": "kubernetes1.24-client-1.24.11-1.1.ppc64le",
"product_id": "kubernetes1.24-client-1.24.11-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-client-common-1.24.11-1.1.ppc64le",
"product": {
"name": "kubernetes1.24-client-common-1.24.11-1.1.ppc64le",
"product_id": "kubernetes1.24-client-common-1.24.11-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-controller-manager-1.24.11-1.1.ppc64le",
"product": {
"name": "kubernetes1.24-controller-manager-1.24.11-1.1.ppc64le",
"product_id": "kubernetes1.24-controller-manager-1.24.11-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-kubeadm-1.24.11-1.1.ppc64le",
"product": {
"name": "kubernetes1.24-kubeadm-1.24.11-1.1.ppc64le",
"product_id": "kubernetes1.24-kubeadm-1.24.11-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-kubelet-1.24.11-1.1.ppc64le",
"product": {
"name": "kubernetes1.24-kubelet-1.24.11-1.1.ppc64le",
"product_id": "kubernetes1.24-kubelet-1.24.11-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-kubelet-common-1.24.11-1.1.ppc64le",
"product": {
"name": "kubernetes1.24-kubelet-common-1.24.11-1.1.ppc64le",
"product_id": "kubernetes1.24-kubelet-common-1.24.11-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-proxy-1.24.11-1.1.ppc64le",
"product": {
"name": "kubernetes1.24-proxy-1.24.11-1.1.ppc64le",
"product_id": "kubernetes1.24-proxy-1.24.11-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-scheduler-1.24.11-1.1.ppc64le",
"product": {
"name": "kubernetes1.24-scheduler-1.24.11-1.1.ppc64le",
"product_id": "kubernetes1.24-scheduler-1.24.11-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kubernetes1.24-apiserver-1.24.11-1.1.s390x",
"product": {
"name": "kubernetes1.24-apiserver-1.24.11-1.1.s390x",
"product_id": "kubernetes1.24-apiserver-1.24.11-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-client-1.24.11-1.1.s390x",
"product": {
"name": "kubernetes1.24-client-1.24.11-1.1.s390x",
"product_id": "kubernetes1.24-client-1.24.11-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-client-common-1.24.11-1.1.s390x",
"product": {
"name": "kubernetes1.24-client-common-1.24.11-1.1.s390x",
"product_id": "kubernetes1.24-client-common-1.24.11-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-controller-manager-1.24.11-1.1.s390x",
"product": {
"name": "kubernetes1.24-controller-manager-1.24.11-1.1.s390x",
"product_id": "kubernetes1.24-controller-manager-1.24.11-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-kubeadm-1.24.11-1.1.s390x",
"product": {
"name": "kubernetes1.24-kubeadm-1.24.11-1.1.s390x",
"product_id": "kubernetes1.24-kubeadm-1.24.11-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-kubelet-1.24.11-1.1.s390x",
"product": {
"name": "kubernetes1.24-kubelet-1.24.11-1.1.s390x",
"product_id": "kubernetes1.24-kubelet-1.24.11-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-kubelet-common-1.24.11-1.1.s390x",
"product": {
"name": "kubernetes1.24-kubelet-common-1.24.11-1.1.s390x",
"product_id": "kubernetes1.24-kubelet-common-1.24.11-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-proxy-1.24.11-1.1.s390x",
"product": {
"name": "kubernetes1.24-proxy-1.24.11-1.1.s390x",
"product_id": "kubernetes1.24-proxy-1.24.11-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-scheduler-1.24.11-1.1.s390x",
"product": {
"name": "kubernetes1.24-scheduler-1.24.11-1.1.s390x",
"product_id": "kubernetes1.24-scheduler-1.24.11-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kubernetes1.24-apiserver-1.24.11-1.1.x86_64",
"product": {
"name": "kubernetes1.24-apiserver-1.24.11-1.1.x86_64",
"product_id": "kubernetes1.24-apiserver-1.24.11-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-client-1.24.11-1.1.x86_64",
"product": {
"name": "kubernetes1.24-client-1.24.11-1.1.x86_64",
"product_id": "kubernetes1.24-client-1.24.11-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-client-common-1.24.11-1.1.x86_64",
"product": {
"name": "kubernetes1.24-client-common-1.24.11-1.1.x86_64",
"product_id": "kubernetes1.24-client-common-1.24.11-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-controller-manager-1.24.11-1.1.x86_64",
"product": {
"name": "kubernetes1.24-controller-manager-1.24.11-1.1.x86_64",
"product_id": "kubernetes1.24-controller-manager-1.24.11-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-kubeadm-1.24.11-1.1.x86_64",
"product": {
"name": "kubernetes1.24-kubeadm-1.24.11-1.1.x86_64",
"product_id": "kubernetes1.24-kubeadm-1.24.11-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-kubelet-1.24.11-1.1.x86_64",
"product": {
"name": "kubernetes1.24-kubelet-1.24.11-1.1.x86_64",
"product_id": "kubernetes1.24-kubelet-1.24.11-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-kubelet-common-1.24.11-1.1.x86_64",
"product": {
"name": "kubernetes1.24-kubelet-common-1.24.11-1.1.x86_64",
"product_id": "kubernetes1.24-kubelet-common-1.24.11-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-proxy-1.24.11-1.1.x86_64",
"product": {
"name": "kubernetes1.24-proxy-1.24.11-1.1.x86_64",
"product_id": "kubernetes1.24-proxy-1.24.11-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.24-scheduler-1.24.11-1.1.x86_64",
"product": {
"name": "kubernetes1.24-scheduler-1.24.11-1.1.x86_64",
"product_id": "kubernetes1.24-scheduler-1.24.11-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-apiserver-1.24.11-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.aarch64"
},
"product_reference": "kubernetes1.24-apiserver-1.24.11-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-apiserver-1.24.11-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.ppc64le"
},
"product_reference": "kubernetes1.24-apiserver-1.24.11-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-apiserver-1.24.11-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.s390x"
},
"product_reference": "kubernetes1.24-apiserver-1.24.11-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-apiserver-1.24.11-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.x86_64"
},
"product_reference": "kubernetes1.24-apiserver-1.24.11-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-1.24.11-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.aarch64"
},
"product_reference": "kubernetes1.24-client-1.24.11-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-1.24.11-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.ppc64le"
},
"product_reference": "kubernetes1.24-client-1.24.11-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-1.24.11-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.s390x"
},
"product_reference": "kubernetes1.24-client-1.24.11-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-1.24.11-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.x86_64"
},
"product_reference": "kubernetes1.24-client-1.24.11-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-common-1.24.11-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.aarch64"
},
"product_reference": "kubernetes1.24-client-common-1.24.11-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-common-1.24.11-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.ppc64le"
},
"product_reference": "kubernetes1.24-client-common-1.24.11-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-common-1.24.11-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.s390x"
},
"product_reference": "kubernetes1.24-client-common-1.24.11-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-client-common-1.24.11-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.x86_64"
},
"product_reference": "kubernetes1.24-client-common-1.24.11-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-controller-manager-1.24.11-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.aarch64"
},
"product_reference": "kubernetes1.24-controller-manager-1.24.11-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-controller-manager-1.24.11-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.ppc64le"
},
"product_reference": "kubernetes1.24-controller-manager-1.24.11-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-controller-manager-1.24.11-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.s390x"
},
"product_reference": "kubernetes1.24-controller-manager-1.24.11-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-controller-manager-1.24.11-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.x86_64"
},
"product_reference": "kubernetes1.24-controller-manager-1.24.11-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-kubeadm-1.24.11-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.aarch64"
},
"product_reference": "kubernetes1.24-kubeadm-1.24.11-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-kubeadm-1.24.11-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.ppc64le"
},
"product_reference": "kubernetes1.24-kubeadm-1.24.11-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-kubeadm-1.24.11-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.s390x"
},
"product_reference": "kubernetes1.24-kubeadm-1.24.11-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-kubeadm-1.24.11-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.x86_64"
},
"product_reference": "kubernetes1.24-kubeadm-1.24.11-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-kubelet-1.24.11-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.aarch64"
},
"product_reference": "kubernetes1.24-kubelet-1.24.11-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-kubelet-1.24.11-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.ppc64le"
},
"product_reference": "kubernetes1.24-kubelet-1.24.11-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-kubelet-1.24.11-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.s390x"
},
"product_reference": "kubernetes1.24-kubelet-1.24.11-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-kubelet-1.24.11-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.x86_64"
},
"product_reference": "kubernetes1.24-kubelet-1.24.11-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-kubelet-common-1.24.11-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.aarch64"
},
"product_reference": "kubernetes1.24-kubelet-common-1.24.11-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-kubelet-common-1.24.11-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.ppc64le"
},
"product_reference": "kubernetes1.24-kubelet-common-1.24.11-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-kubelet-common-1.24.11-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.s390x"
},
"product_reference": "kubernetes1.24-kubelet-common-1.24.11-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-kubelet-common-1.24.11-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.x86_64"
},
"product_reference": "kubernetes1.24-kubelet-common-1.24.11-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-proxy-1.24.11-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.aarch64"
},
"product_reference": "kubernetes1.24-proxy-1.24.11-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-proxy-1.24.11-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.ppc64le"
},
"product_reference": "kubernetes1.24-proxy-1.24.11-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-proxy-1.24.11-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.s390x"
},
"product_reference": "kubernetes1.24-proxy-1.24.11-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-proxy-1.24.11-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.x86_64"
},
"product_reference": "kubernetes1.24-proxy-1.24.11-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-scheduler-1.24.11-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.aarch64"
},
"product_reference": "kubernetes1.24-scheduler-1.24.11-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-scheduler-1.24.11-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.ppc64le"
},
"product_reference": "kubernetes1.24-scheduler-1.24.11-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-scheduler-1.24.11-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.s390x"
},
"product_reference": "kubernetes1.24-scheduler-1.24.11-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.24-scheduler-1.24.11-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.x86_64"
},
"product_reference": "kubernetes1.24-scheduler-1.24.11-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-27664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-27664"
}
],
"notes": [
{
"category": "general",
"text": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-27664",
"url": "https://www.suse.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "SUSE Bug 1203185 for CVE-2022-27664",
"url": "https://bugzilla.suse.com/1203185"
},
{
"category": "external",
"summary": "SUSE Bug 1203293 for CVE-2022-27664",
"url": "https://bugzilla.suse.com/1203293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-27664"
},
{
"cve": "CVE-2022-3162",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3162"
}
],
"notes": [
{
"category": "general",
"text": "Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3162",
"url": "https://www.suse.com/security/cve/CVE-2022-3162"
},
{
"category": "external",
"summary": "SUSE Bug 1204388 for CVE-2022-3162",
"url": "https://bugzilla.suse.com/1204388"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-3162"
},
{
"cve": "CVE-2022-3294",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3294"
}
],
"notes": [
{
"category": "general",
"text": "Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to to the API server\u0027s private network.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3294",
"url": "https://www.suse.com/security/cve/CVE-2022-3294"
},
{
"category": "external",
"summary": "SUSE Bug 1204387 for CVE-2022-3294",
"url": "https://bugzilla.suse.com/1204387"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-apiserver-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-client-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-client-common-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-controller-manager-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-kubeadm-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-kubelet-common-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-proxy-1.24.11-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.24-scheduler-1.24.11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-3294"
}
]
}
OPENSUSE-SU-2024:12810-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
kubernetes1.25-apiserver-1.25.7-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: kubernetes1.25-apiserver-1.25.7-1.1 on GA media
Description of the patch: These are all security issues fixed in the kubernetes1.25-apiserver-1.25.7-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-12810
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.6 (Medium)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "kubernetes1.25-apiserver-1.25.7-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the kubernetes1.25-apiserver-1.25.7-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12810",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12810-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-27664 page",
"url": "https://www.suse.com/security/cve/CVE-2022-27664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3162 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3162/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3294 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3294/"
}
],
"title": "kubernetes1.25-apiserver-1.25.7-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12810-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kubernetes1.25-apiserver-1.25.7-1.1.aarch64",
"product": {
"name": "kubernetes1.25-apiserver-1.25.7-1.1.aarch64",
"product_id": "kubernetes1.25-apiserver-1.25.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.25-client-1.25.7-1.1.aarch64",
"product": {
"name": "kubernetes1.25-client-1.25.7-1.1.aarch64",
"product_id": "kubernetes1.25-client-1.25.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.25-client-common-1.25.7-1.1.aarch64",
"product": {
"name": "kubernetes1.25-client-common-1.25.7-1.1.aarch64",
"product_id": "kubernetes1.25-client-common-1.25.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.25-controller-manager-1.25.7-1.1.aarch64",
"product": {
"name": "kubernetes1.25-controller-manager-1.25.7-1.1.aarch64",
"product_id": "kubernetes1.25-controller-manager-1.25.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.25-kubeadm-1.25.7-1.1.aarch64",
"product": {
"name": "kubernetes1.25-kubeadm-1.25.7-1.1.aarch64",
"product_id": "kubernetes1.25-kubeadm-1.25.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.25-kubelet-1.25.7-1.1.aarch64",
"product": {
"name": "kubernetes1.25-kubelet-1.25.7-1.1.aarch64",
"product_id": "kubernetes1.25-kubelet-1.25.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.25-kubelet-common-1.25.7-1.1.aarch64",
"product": {
"name": "kubernetes1.25-kubelet-common-1.25.7-1.1.aarch64",
"product_id": "kubernetes1.25-kubelet-common-1.25.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.25-proxy-1.25.7-1.1.aarch64",
"product": {
"name": "kubernetes1.25-proxy-1.25.7-1.1.aarch64",
"product_id": "kubernetes1.25-proxy-1.25.7-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kubernetes1.25-scheduler-1.25.7-1.1.aarch64",
"product": {
"name": "kubernetes1.25-scheduler-1.25.7-1.1.aarch64",
"product_id": "kubernetes1.25-scheduler-1.25.7-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kubernetes1.25-apiserver-1.25.7-1.1.ppc64le",
"product": {
"name": "kubernetes1.25-apiserver-1.25.7-1.1.ppc64le",
"product_id": "kubernetes1.25-apiserver-1.25.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.25-client-1.25.7-1.1.ppc64le",
"product": {
"name": "kubernetes1.25-client-1.25.7-1.1.ppc64le",
"product_id": "kubernetes1.25-client-1.25.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.25-client-common-1.25.7-1.1.ppc64le",
"product": {
"name": "kubernetes1.25-client-common-1.25.7-1.1.ppc64le",
"product_id": "kubernetes1.25-client-common-1.25.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.25-controller-manager-1.25.7-1.1.ppc64le",
"product": {
"name": "kubernetes1.25-controller-manager-1.25.7-1.1.ppc64le",
"product_id": "kubernetes1.25-controller-manager-1.25.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.25-kubeadm-1.25.7-1.1.ppc64le",
"product": {
"name": "kubernetes1.25-kubeadm-1.25.7-1.1.ppc64le",
"product_id": "kubernetes1.25-kubeadm-1.25.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.25-kubelet-1.25.7-1.1.ppc64le",
"product": {
"name": "kubernetes1.25-kubelet-1.25.7-1.1.ppc64le",
"product_id": "kubernetes1.25-kubelet-1.25.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.25-kubelet-common-1.25.7-1.1.ppc64le",
"product": {
"name": "kubernetes1.25-kubelet-common-1.25.7-1.1.ppc64le",
"product_id": "kubernetes1.25-kubelet-common-1.25.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.25-proxy-1.25.7-1.1.ppc64le",
"product": {
"name": "kubernetes1.25-proxy-1.25.7-1.1.ppc64le",
"product_id": "kubernetes1.25-proxy-1.25.7-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kubernetes1.25-scheduler-1.25.7-1.1.ppc64le",
"product": {
"name": "kubernetes1.25-scheduler-1.25.7-1.1.ppc64le",
"product_id": "kubernetes1.25-scheduler-1.25.7-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kubernetes1.25-apiserver-1.25.7-1.1.s390x",
"product": {
"name": "kubernetes1.25-apiserver-1.25.7-1.1.s390x",
"product_id": "kubernetes1.25-apiserver-1.25.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.25-client-1.25.7-1.1.s390x",
"product": {
"name": "kubernetes1.25-client-1.25.7-1.1.s390x",
"product_id": "kubernetes1.25-client-1.25.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.25-client-common-1.25.7-1.1.s390x",
"product": {
"name": "kubernetes1.25-client-common-1.25.7-1.1.s390x",
"product_id": "kubernetes1.25-client-common-1.25.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.25-controller-manager-1.25.7-1.1.s390x",
"product": {
"name": "kubernetes1.25-controller-manager-1.25.7-1.1.s390x",
"product_id": "kubernetes1.25-controller-manager-1.25.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.25-kubeadm-1.25.7-1.1.s390x",
"product": {
"name": "kubernetes1.25-kubeadm-1.25.7-1.1.s390x",
"product_id": "kubernetes1.25-kubeadm-1.25.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.25-kubelet-1.25.7-1.1.s390x",
"product": {
"name": "kubernetes1.25-kubelet-1.25.7-1.1.s390x",
"product_id": "kubernetes1.25-kubelet-1.25.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.25-kubelet-common-1.25.7-1.1.s390x",
"product": {
"name": "kubernetes1.25-kubelet-common-1.25.7-1.1.s390x",
"product_id": "kubernetes1.25-kubelet-common-1.25.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.25-proxy-1.25.7-1.1.s390x",
"product": {
"name": "kubernetes1.25-proxy-1.25.7-1.1.s390x",
"product_id": "kubernetes1.25-proxy-1.25.7-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kubernetes1.25-scheduler-1.25.7-1.1.s390x",
"product": {
"name": "kubernetes1.25-scheduler-1.25.7-1.1.s390x",
"product_id": "kubernetes1.25-scheduler-1.25.7-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kubernetes1.25-apiserver-1.25.7-1.1.x86_64",
"product": {
"name": "kubernetes1.25-apiserver-1.25.7-1.1.x86_64",
"product_id": "kubernetes1.25-apiserver-1.25.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.25-client-1.25.7-1.1.x86_64",
"product": {
"name": "kubernetes1.25-client-1.25.7-1.1.x86_64",
"product_id": "kubernetes1.25-client-1.25.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.25-client-common-1.25.7-1.1.x86_64",
"product": {
"name": "kubernetes1.25-client-common-1.25.7-1.1.x86_64",
"product_id": "kubernetes1.25-client-common-1.25.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.25-controller-manager-1.25.7-1.1.x86_64",
"product": {
"name": "kubernetes1.25-controller-manager-1.25.7-1.1.x86_64",
"product_id": "kubernetes1.25-controller-manager-1.25.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.25-kubeadm-1.25.7-1.1.x86_64",
"product": {
"name": "kubernetes1.25-kubeadm-1.25.7-1.1.x86_64",
"product_id": "kubernetes1.25-kubeadm-1.25.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.25-kubelet-1.25.7-1.1.x86_64",
"product": {
"name": "kubernetes1.25-kubelet-1.25.7-1.1.x86_64",
"product_id": "kubernetes1.25-kubelet-1.25.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.25-kubelet-common-1.25.7-1.1.x86_64",
"product": {
"name": "kubernetes1.25-kubelet-common-1.25.7-1.1.x86_64",
"product_id": "kubernetes1.25-kubelet-common-1.25.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.25-proxy-1.25.7-1.1.x86_64",
"product": {
"name": "kubernetes1.25-proxy-1.25.7-1.1.x86_64",
"product_id": "kubernetes1.25-proxy-1.25.7-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kubernetes1.25-scheduler-1.25.7-1.1.x86_64",
"product": {
"name": "kubernetes1.25-scheduler-1.25.7-1.1.x86_64",
"product_id": "kubernetes1.25-scheduler-1.25.7-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-apiserver-1.25.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.aarch64"
},
"product_reference": "kubernetes1.25-apiserver-1.25.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-apiserver-1.25.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.ppc64le"
},
"product_reference": "kubernetes1.25-apiserver-1.25.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-apiserver-1.25.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.s390x"
},
"product_reference": "kubernetes1.25-apiserver-1.25.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-apiserver-1.25.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.x86_64"
},
"product_reference": "kubernetes1.25-apiserver-1.25.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-client-1.25.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.aarch64"
},
"product_reference": "kubernetes1.25-client-1.25.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-client-1.25.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.ppc64le"
},
"product_reference": "kubernetes1.25-client-1.25.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-client-1.25.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.s390x"
},
"product_reference": "kubernetes1.25-client-1.25.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-client-1.25.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.x86_64"
},
"product_reference": "kubernetes1.25-client-1.25.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-client-common-1.25.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.aarch64"
},
"product_reference": "kubernetes1.25-client-common-1.25.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-client-common-1.25.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.ppc64le"
},
"product_reference": "kubernetes1.25-client-common-1.25.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-client-common-1.25.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.s390x"
},
"product_reference": "kubernetes1.25-client-common-1.25.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-client-common-1.25.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.x86_64"
},
"product_reference": "kubernetes1.25-client-common-1.25.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-controller-manager-1.25.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.aarch64"
},
"product_reference": "kubernetes1.25-controller-manager-1.25.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-controller-manager-1.25.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.ppc64le"
},
"product_reference": "kubernetes1.25-controller-manager-1.25.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-controller-manager-1.25.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.s390x"
},
"product_reference": "kubernetes1.25-controller-manager-1.25.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-controller-manager-1.25.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.x86_64"
},
"product_reference": "kubernetes1.25-controller-manager-1.25.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-kubeadm-1.25.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.aarch64"
},
"product_reference": "kubernetes1.25-kubeadm-1.25.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-kubeadm-1.25.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.ppc64le"
},
"product_reference": "kubernetes1.25-kubeadm-1.25.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-kubeadm-1.25.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.s390x"
},
"product_reference": "kubernetes1.25-kubeadm-1.25.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-kubeadm-1.25.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.x86_64"
},
"product_reference": "kubernetes1.25-kubeadm-1.25.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-kubelet-1.25.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.aarch64"
},
"product_reference": "kubernetes1.25-kubelet-1.25.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-kubelet-1.25.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.ppc64le"
},
"product_reference": "kubernetes1.25-kubelet-1.25.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-kubelet-1.25.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.s390x"
},
"product_reference": "kubernetes1.25-kubelet-1.25.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-kubelet-1.25.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.x86_64"
},
"product_reference": "kubernetes1.25-kubelet-1.25.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-kubelet-common-1.25.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.aarch64"
},
"product_reference": "kubernetes1.25-kubelet-common-1.25.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-kubelet-common-1.25.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.ppc64le"
},
"product_reference": "kubernetes1.25-kubelet-common-1.25.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-kubelet-common-1.25.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.s390x"
},
"product_reference": "kubernetes1.25-kubelet-common-1.25.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-kubelet-common-1.25.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.x86_64"
},
"product_reference": "kubernetes1.25-kubelet-common-1.25.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-proxy-1.25.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.aarch64"
},
"product_reference": "kubernetes1.25-proxy-1.25.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-proxy-1.25.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.ppc64le"
},
"product_reference": "kubernetes1.25-proxy-1.25.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-proxy-1.25.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.s390x"
},
"product_reference": "kubernetes1.25-proxy-1.25.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-proxy-1.25.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.x86_64"
},
"product_reference": "kubernetes1.25-proxy-1.25.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-scheduler-1.25.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.aarch64"
},
"product_reference": "kubernetes1.25-scheduler-1.25.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-scheduler-1.25.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.ppc64le"
},
"product_reference": "kubernetes1.25-scheduler-1.25.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-scheduler-1.25.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.s390x"
},
"product_reference": "kubernetes1.25-scheduler-1.25.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kubernetes1.25-scheduler-1.25.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.x86_64"
},
"product_reference": "kubernetes1.25-scheduler-1.25.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-27664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-27664"
}
],
"notes": [
{
"category": "general",
"text": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-27664",
"url": "https://www.suse.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "SUSE Bug 1203185 for CVE-2022-27664",
"url": "https://bugzilla.suse.com/1203185"
},
{
"category": "external",
"summary": "SUSE Bug 1203293 for CVE-2022-27664",
"url": "https://bugzilla.suse.com/1203293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-27664"
},
{
"cve": "CVE-2022-3162",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3162"
}
],
"notes": [
{
"category": "general",
"text": "Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3162",
"url": "https://www.suse.com/security/cve/CVE-2022-3162"
},
{
"category": "external",
"summary": "SUSE Bug 1204388 for CVE-2022-3162",
"url": "https://bugzilla.suse.com/1204388"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-3162"
},
{
"cve": "CVE-2022-3294",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3294"
}
],
"notes": [
{
"category": "general",
"text": "Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to to the API server\u0027s private network.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3294",
"url": "https://www.suse.com/security/cve/CVE-2022-3294"
},
{
"category": "external",
"summary": "SUSE Bug 1204387 for CVE-2022-3294",
"url": "https://bugzilla.suse.com/1204387"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-apiserver-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-client-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-client-common-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-controller-manager-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-kubeadm-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-kubelet-common-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-proxy-1.25.7-1.1.x86_64",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.aarch64",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.ppc64le",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.s390x",
"openSUSE Tumbleweed:kubernetes1.25-scheduler-1.25.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-3294"
}
]
}
OPENSUSE-SU-2024:13239-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
sonobuoy-0.56.16-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: sonobuoy-0.56.16-1.1 on GA media
Description of the patch: These are all security issues fixed in the sonobuoy-0.56.16-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-13239
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:sonobuoy-0.56.16-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sonobuoy-0.56.16-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sonobuoy-0.56.16-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sonobuoy-0.56.16-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sonobuoy-bash-completion-0.56.16-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sonobuoy-bash-completion-0.56.16-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sonobuoy-bash-completion-0.56.16-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sonobuoy-bash-completion-0.56.16-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sonobuoy-fish-completion-0.56.16-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sonobuoy-fish-completion-0.56.16-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sonobuoy-fish-completion-0.56.16-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sonobuoy-fish-completion-0.56.16-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sonobuoy-zsh-completion-0.56.16-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sonobuoy-zsh-completion-0.56.16-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sonobuoy-zsh-completion-0.56.16-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:sonobuoy-zsh-completion-0.56.16-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
6 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "sonobuoy-0.56.16-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the sonobuoy-0.56.16-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13239",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13239-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-27664 page",
"url": "https://www.suse.com/security/cve/CVE-2022-27664/"
}
],
"title": "sonobuoy-0.56.16-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13239-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "sonobuoy-0.56.16-1.1.aarch64",
"product": {
"name": "sonobuoy-0.56.16-1.1.aarch64",
"product_id": "sonobuoy-0.56.16-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "sonobuoy-bash-completion-0.56.16-1.1.aarch64",
"product": {
"name": "sonobuoy-bash-completion-0.56.16-1.1.aarch64",
"product_id": "sonobuoy-bash-completion-0.56.16-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "sonobuoy-fish-completion-0.56.16-1.1.aarch64",
"product": {
"name": "sonobuoy-fish-completion-0.56.16-1.1.aarch64",
"product_id": "sonobuoy-fish-completion-0.56.16-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "sonobuoy-zsh-completion-0.56.16-1.1.aarch64",
"product": {
"name": "sonobuoy-zsh-completion-0.56.16-1.1.aarch64",
"product_id": "sonobuoy-zsh-completion-0.56.16-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "sonobuoy-0.56.16-1.1.ppc64le",
"product": {
"name": "sonobuoy-0.56.16-1.1.ppc64le",
"product_id": "sonobuoy-0.56.16-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "sonobuoy-bash-completion-0.56.16-1.1.ppc64le",
"product": {
"name": "sonobuoy-bash-completion-0.56.16-1.1.ppc64le",
"product_id": "sonobuoy-bash-completion-0.56.16-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "sonobuoy-fish-completion-0.56.16-1.1.ppc64le",
"product": {
"name": "sonobuoy-fish-completion-0.56.16-1.1.ppc64le",
"product_id": "sonobuoy-fish-completion-0.56.16-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "sonobuoy-zsh-completion-0.56.16-1.1.ppc64le",
"product": {
"name": "sonobuoy-zsh-completion-0.56.16-1.1.ppc64le",
"product_id": "sonobuoy-zsh-completion-0.56.16-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "sonobuoy-0.56.16-1.1.s390x",
"product": {
"name": "sonobuoy-0.56.16-1.1.s390x",
"product_id": "sonobuoy-0.56.16-1.1.s390x"
}
},
{
"category": "product_version",
"name": "sonobuoy-bash-completion-0.56.16-1.1.s390x",
"product": {
"name": "sonobuoy-bash-completion-0.56.16-1.1.s390x",
"product_id": "sonobuoy-bash-completion-0.56.16-1.1.s390x"
}
},
{
"category": "product_version",
"name": "sonobuoy-fish-completion-0.56.16-1.1.s390x",
"product": {
"name": "sonobuoy-fish-completion-0.56.16-1.1.s390x",
"product_id": "sonobuoy-fish-completion-0.56.16-1.1.s390x"
}
},
{
"category": "product_version",
"name": "sonobuoy-zsh-completion-0.56.16-1.1.s390x",
"product": {
"name": "sonobuoy-zsh-completion-0.56.16-1.1.s390x",
"product_id": "sonobuoy-zsh-completion-0.56.16-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "sonobuoy-0.56.16-1.1.x86_64",
"product": {
"name": "sonobuoy-0.56.16-1.1.x86_64",
"product_id": "sonobuoy-0.56.16-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "sonobuoy-bash-completion-0.56.16-1.1.x86_64",
"product": {
"name": "sonobuoy-bash-completion-0.56.16-1.1.x86_64",
"product_id": "sonobuoy-bash-completion-0.56.16-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "sonobuoy-fish-completion-0.56.16-1.1.x86_64",
"product": {
"name": "sonobuoy-fish-completion-0.56.16-1.1.x86_64",
"product_id": "sonobuoy-fish-completion-0.56.16-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "sonobuoy-zsh-completion-0.56.16-1.1.x86_64",
"product": {
"name": "sonobuoy-zsh-completion-0.56.16-1.1.x86_64",
"product_id": "sonobuoy-zsh-completion-0.56.16-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sonobuoy-0.56.16-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sonobuoy-0.56.16-1.1.aarch64"
},
"product_reference": "sonobuoy-0.56.16-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sonobuoy-0.56.16-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sonobuoy-0.56.16-1.1.ppc64le"
},
"product_reference": "sonobuoy-0.56.16-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sonobuoy-0.56.16-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sonobuoy-0.56.16-1.1.s390x"
},
"product_reference": "sonobuoy-0.56.16-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sonobuoy-0.56.16-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sonobuoy-0.56.16-1.1.x86_64"
},
"product_reference": "sonobuoy-0.56.16-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sonobuoy-bash-completion-0.56.16-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sonobuoy-bash-completion-0.56.16-1.1.aarch64"
},
"product_reference": "sonobuoy-bash-completion-0.56.16-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sonobuoy-bash-completion-0.56.16-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sonobuoy-bash-completion-0.56.16-1.1.ppc64le"
},
"product_reference": "sonobuoy-bash-completion-0.56.16-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sonobuoy-bash-completion-0.56.16-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sonobuoy-bash-completion-0.56.16-1.1.s390x"
},
"product_reference": "sonobuoy-bash-completion-0.56.16-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sonobuoy-bash-completion-0.56.16-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sonobuoy-bash-completion-0.56.16-1.1.x86_64"
},
"product_reference": "sonobuoy-bash-completion-0.56.16-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sonobuoy-fish-completion-0.56.16-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sonobuoy-fish-completion-0.56.16-1.1.aarch64"
},
"product_reference": "sonobuoy-fish-completion-0.56.16-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sonobuoy-fish-completion-0.56.16-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sonobuoy-fish-completion-0.56.16-1.1.ppc64le"
},
"product_reference": "sonobuoy-fish-completion-0.56.16-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sonobuoy-fish-completion-0.56.16-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sonobuoy-fish-completion-0.56.16-1.1.s390x"
},
"product_reference": "sonobuoy-fish-completion-0.56.16-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sonobuoy-fish-completion-0.56.16-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sonobuoy-fish-completion-0.56.16-1.1.x86_64"
},
"product_reference": "sonobuoy-fish-completion-0.56.16-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sonobuoy-zsh-completion-0.56.16-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sonobuoy-zsh-completion-0.56.16-1.1.aarch64"
},
"product_reference": "sonobuoy-zsh-completion-0.56.16-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sonobuoy-zsh-completion-0.56.16-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sonobuoy-zsh-completion-0.56.16-1.1.ppc64le"
},
"product_reference": "sonobuoy-zsh-completion-0.56.16-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sonobuoy-zsh-completion-0.56.16-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sonobuoy-zsh-completion-0.56.16-1.1.s390x"
},
"product_reference": "sonobuoy-zsh-completion-0.56.16-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sonobuoy-zsh-completion-0.56.16-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sonobuoy-zsh-completion-0.56.16-1.1.x86_64"
},
"product_reference": "sonobuoy-zsh-completion-0.56.16-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-27664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-27664"
}
],
"notes": [
{
"category": "general",
"text": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:sonobuoy-0.56.16-1.1.aarch64",
"openSUSE Tumbleweed:sonobuoy-0.56.16-1.1.ppc64le",
"openSUSE Tumbleweed:sonobuoy-0.56.16-1.1.s390x",
"openSUSE Tumbleweed:sonobuoy-0.56.16-1.1.x86_64",
"openSUSE Tumbleweed:sonobuoy-bash-completion-0.56.16-1.1.aarch64",
"openSUSE Tumbleweed:sonobuoy-bash-completion-0.56.16-1.1.ppc64le",
"openSUSE Tumbleweed:sonobuoy-bash-completion-0.56.16-1.1.s390x",
"openSUSE Tumbleweed:sonobuoy-bash-completion-0.56.16-1.1.x86_64",
"openSUSE Tumbleweed:sonobuoy-fish-completion-0.56.16-1.1.aarch64",
"openSUSE Tumbleweed:sonobuoy-fish-completion-0.56.16-1.1.ppc64le",
"openSUSE Tumbleweed:sonobuoy-fish-completion-0.56.16-1.1.s390x",
"openSUSE Tumbleweed:sonobuoy-fish-completion-0.56.16-1.1.x86_64",
"openSUSE Tumbleweed:sonobuoy-zsh-completion-0.56.16-1.1.aarch64",
"openSUSE Tumbleweed:sonobuoy-zsh-completion-0.56.16-1.1.ppc64le",
"openSUSE Tumbleweed:sonobuoy-zsh-completion-0.56.16-1.1.s390x",
"openSUSE Tumbleweed:sonobuoy-zsh-completion-0.56.16-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-27664",
"url": "https://www.suse.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "SUSE Bug 1203185 for CVE-2022-27664",
"url": "https://bugzilla.suse.com/1203185"
},
{
"category": "external",
"summary": "SUSE Bug 1203293 for CVE-2022-27664",
"url": "https://bugzilla.suse.com/1203293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:sonobuoy-0.56.16-1.1.aarch64",
"openSUSE Tumbleweed:sonobuoy-0.56.16-1.1.ppc64le",
"openSUSE Tumbleweed:sonobuoy-0.56.16-1.1.s390x",
"openSUSE Tumbleweed:sonobuoy-0.56.16-1.1.x86_64",
"openSUSE Tumbleweed:sonobuoy-bash-completion-0.56.16-1.1.aarch64",
"openSUSE Tumbleweed:sonobuoy-bash-completion-0.56.16-1.1.ppc64le",
"openSUSE Tumbleweed:sonobuoy-bash-completion-0.56.16-1.1.s390x",
"openSUSE Tumbleweed:sonobuoy-bash-completion-0.56.16-1.1.x86_64",
"openSUSE Tumbleweed:sonobuoy-fish-completion-0.56.16-1.1.aarch64",
"openSUSE Tumbleweed:sonobuoy-fish-completion-0.56.16-1.1.ppc64le",
"openSUSE Tumbleweed:sonobuoy-fish-completion-0.56.16-1.1.s390x",
"openSUSE Tumbleweed:sonobuoy-fish-completion-0.56.16-1.1.x86_64",
"openSUSE Tumbleweed:sonobuoy-zsh-completion-0.56.16-1.1.aarch64",
"openSUSE Tumbleweed:sonobuoy-zsh-completion-0.56.16-1.1.ppc64le",
"openSUSE Tumbleweed:sonobuoy-zsh-completion-0.56.16-1.1.s390x",
"openSUSE Tumbleweed:sonobuoy-zsh-completion-0.56.16-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:sonobuoy-0.56.16-1.1.aarch64",
"openSUSE Tumbleweed:sonobuoy-0.56.16-1.1.ppc64le",
"openSUSE Tumbleweed:sonobuoy-0.56.16-1.1.s390x",
"openSUSE Tumbleweed:sonobuoy-0.56.16-1.1.x86_64",
"openSUSE Tumbleweed:sonobuoy-bash-completion-0.56.16-1.1.aarch64",
"openSUSE Tumbleweed:sonobuoy-bash-completion-0.56.16-1.1.ppc64le",
"openSUSE Tumbleweed:sonobuoy-bash-completion-0.56.16-1.1.s390x",
"openSUSE Tumbleweed:sonobuoy-bash-completion-0.56.16-1.1.x86_64",
"openSUSE Tumbleweed:sonobuoy-fish-completion-0.56.16-1.1.aarch64",
"openSUSE Tumbleweed:sonobuoy-fish-completion-0.56.16-1.1.ppc64le",
"openSUSE Tumbleweed:sonobuoy-fish-completion-0.56.16-1.1.s390x",
"openSUSE Tumbleweed:sonobuoy-fish-completion-0.56.16-1.1.x86_64",
"openSUSE Tumbleweed:sonobuoy-zsh-completion-0.56.16-1.1.aarch64",
"openSUSE Tumbleweed:sonobuoy-zsh-completion-0.56.16-1.1.ppc64le",
"openSUSE Tumbleweed:sonobuoy-zsh-completion-0.56.16-1.1.s390x",
"openSUSE Tumbleweed:sonobuoy-zsh-completion-0.56.16-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-27664"
}
]
}
OPENSUSE-SU-2024:14121-1
Vulnerability from csaf_opensuse - Published: 2024-07-12 00:00 - Updated: 2024-07-12 00:00Summary
cadvisor-0.49.1-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: cadvisor-0.49.1-1.1 on GA media
Description of the patch: These are all security issues fixed in the cadvisor-0.49.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-14121
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cadvisor-0.49.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cadvisor-0.49.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cadvisor-0.49.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cadvisor-0.49.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
6 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cadvisor-0.49.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the cadvisor-0.49.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14121",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14121-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-27664 page",
"url": "https://www.suse.com/security/cve/CVE-2022-27664/"
}
],
"title": "cadvisor-0.49.1-1.1 on GA media",
"tracking": {
"current_release_date": "2024-07-12T00:00:00Z",
"generator": {
"date": "2024-07-12T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14121-1",
"initial_release_date": "2024-07-12T00:00:00Z",
"revision_history": [
{
"date": "2024-07-12T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cadvisor-0.49.1-1.1.aarch64",
"product": {
"name": "cadvisor-0.49.1-1.1.aarch64",
"product_id": "cadvisor-0.49.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cadvisor-0.49.1-1.1.ppc64le",
"product": {
"name": "cadvisor-0.49.1-1.1.ppc64le",
"product_id": "cadvisor-0.49.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cadvisor-0.49.1-1.1.s390x",
"product": {
"name": "cadvisor-0.49.1-1.1.s390x",
"product_id": "cadvisor-0.49.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cadvisor-0.49.1-1.1.x86_64",
"product": {
"name": "cadvisor-0.49.1-1.1.x86_64",
"product_id": "cadvisor-0.49.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cadvisor-0.49.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cadvisor-0.49.1-1.1.aarch64"
},
"product_reference": "cadvisor-0.49.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cadvisor-0.49.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cadvisor-0.49.1-1.1.ppc64le"
},
"product_reference": "cadvisor-0.49.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cadvisor-0.49.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cadvisor-0.49.1-1.1.s390x"
},
"product_reference": "cadvisor-0.49.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cadvisor-0.49.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cadvisor-0.49.1-1.1.x86_64"
},
"product_reference": "cadvisor-0.49.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-27664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-27664"
}
],
"notes": [
{
"category": "general",
"text": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cadvisor-0.49.1-1.1.aarch64",
"openSUSE Tumbleweed:cadvisor-0.49.1-1.1.ppc64le",
"openSUSE Tumbleweed:cadvisor-0.49.1-1.1.s390x",
"openSUSE Tumbleweed:cadvisor-0.49.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-27664",
"url": "https://www.suse.com/security/cve/CVE-2022-27664"
},
{
"category": "external",
"summary": "SUSE Bug 1203185 for CVE-2022-27664",
"url": "https://bugzilla.suse.com/1203185"
},
{
"category": "external",
"summary": "SUSE Bug 1203293 for CVE-2022-27664",
"url": "https://bugzilla.suse.com/1203293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cadvisor-0.49.1-1.1.aarch64",
"openSUSE Tumbleweed:cadvisor-0.49.1-1.1.ppc64le",
"openSUSE Tumbleweed:cadvisor-0.49.1-1.1.s390x",
"openSUSE Tumbleweed:cadvisor-0.49.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cadvisor-0.49.1-1.1.aarch64",
"openSUSE Tumbleweed:cadvisor-0.49.1-1.1.ppc64le",
"openSUSE Tumbleweed:cadvisor-0.49.1-1.1.s390x",
"openSUSE Tumbleweed:cadvisor-0.49.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-07-12T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-27664"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…