Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-45288 (GCVE-0-2023-45288)
Vulnerability from cvelistv5 – Published: 2024-04-04 20:37 – Updated: 2025-11-04 18:17
VLAI
EPSS
Title
HTTP/2 CONTINUATION flood in net/http
Summary
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
9 references
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | net/http |
Affected:
0 , < 1.21.9
(semver)
Affected: 1.22.0-0 , < 1.22.2 (semver) |
|
| golang.org/x/net | golang.org/x/net/http2 |
Affected:
0 , < 0.23.0
(semver)
|
|
| go_standard_library | net\/http |
Affected:
0 , < 1.21.9
(custom)
Affected: 1.22.0-0 , < 1.22.2 (custom) cpe:2.3:a:go_standard_library:net\/http:*:*:*:*:*:*:*:* |
|
| golang | http2 |
Affected:
0 , < 0.23.0
(custom)
cpe:2.3:a:golang:http2:*:*:*:*:*:*:*:* |
Credits
Bartek Nowotarski (https://nowotarski.info/)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:17:43.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/issue/65051"
},
{
"tags": [
"x_transferred"
],
"url": "https://go.dev/cl/576155"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M"
},
{
"tags": [
"x_transferred"
],
"url": "https://pkg.go.dev/vuln/GO-2024-2687"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240419-0009/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/05/4"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/03/16"
},
{
"url": "https://www.kb.cert.org/vuls/id/421644"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:go_standard_library:net\\/http:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "net\\/http",
"vendor": "go_standard_library",
"versions": [
{
"lessThan": "1.21.9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "1.22.2",
"status": "affected",
"version": "1.22.0-0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:golang:http2:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "http2",
"vendor": "golang",
"versions": [
{
"lessThan": "0.23.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-45288",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-05T17:08:42.212936Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T20:40:01.996Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "net/http",
"product": "net/http",
"programRoutines": [
{
"name": "http2Framer.readMetaFrame"
},
{
"name": "CanonicalHeaderKey"
},
{
"name": "Client.CloseIdleConnections"
},
{
"name": "Client.Do"
},
{
"name": "Client.Get"
},
{
"name": "Client.Head"
},
{
"name": "Client.Post"
},
{
"name": "Client.PostForm"
},
{
"name": "Cookie.String"
},
{
"name": "Cookie.Valid"
},
{
"name": "Dir.Open"
},
{
"name": "Error"
},
{
"name": "Get"
},
{
"name": "HandlerFunc.ServeHTTP"
},
{
"name": "Head"
},
{
"name": "Header.Add"
},
{
"name": "Header.Del"
},
{
"name": "Header.Get"
},
{
"name": "Header.Set"
},
{
"name": "Header.Values"
},
{
"name": "Header.Write"
},
{
"name": "Header.WriteSubset"
},
{
"name": "ListenAndServe"
},
{
"name": "ListenAndServeTLS"
},
{
"name": "NewRequest"
},
{
"name": "NewRequestWithContext"
},
{
"name": "NotFound"
},
{
"name": "ParseTime"
},
{
"name": "Post"
},
{
"name": "PostForm"
},
{
"name": "ProxyFromEnvironment"
},
{
"name": "ReadRequest"
},
{
"name": "ReadResponse"
},
{
"name": "Redirect"
},
{
"name": "Request.AddCookie"
},
{
"name": "Request.BasicAuth"
},
{
"name": "Request.FormFile"
},
{
"name": "Request.FormValue"
},
{
"name": "Request.MultipartReader"
},
{
"name": "Request.ParseForm"
},
{
"name": "Request.ParseMultipartForm"
},
{
"name": "Request.PostFormValue"
},
{
"name": "Request.Referer"
},
{
"name": "Request.SetBasicAuth"
},
{
"name": "Request.UserAgent"
},
{
"name": "Request.Write"
},
{
"name": "Request.WriteProxy"
},
{
"name": "Response.Cookies"
},
{
"name": "Response.Location"
},
{
"name": "Response.Write"
},
{
"name": "ResponseController.EnableFullDuplex"
},
{
"name": "ResponseController.Flush"
},
{
"name": "ResponseController.Hijack"
},
{
"name": "ResponseController.SetReadDeadline"
},
{
"name": "ResponseController.SetWriteDeadline"
},
{
"name": "Serve"
},
{
"name": "ServeContent"
},
{
"name": "ServeFile"
},
{
"name": "ServeMux.ServeHTTP"
},
{
"name": "ServeTLS"
},
{
"name": "Server.Close"
},
{
"name": "Server.ListenAndServe"
},
{
"name": "Server.ListenAndServeTLS"
},
{
"name": "Server.Serve"
},
{
"name": "Server.ServeTLS"
},
{
"name": "Server.SetKeepAlivesEnabled"
},
{
"name": "Server.Shutdown"
},
{
"name": "SetCookie"
},
{
"name": "Transport.CancelRequest"
},
{
"name": "Transport.Clone"
},
{
"name": "Transport.CloseIdleConnections"
},
{
"name": "Transport.RoundTrip"
},
{
"name": "body.Close"
},
{
"name": "body.Read"
},
{
"name": "bodyEOFSignal.Close"
},
{
"name": "bodyEOFSignal.Read"
},
{
"name": "bodyLocked.Read"
},
{
"name": "bufioFlushWriter.Write"
},
{
"name": "cancelTimerBody.Close"
},
{
"name": "cancelTimerBody.Read"
},
{
"name": "checkConnErrorWriter.Write"
},
{
"name": "chunkWriter.Write"
},
{
"name": "connReader.Read"
},
{
"name": "connectMethodKey.String"
},
{
"name": "expectContinueReader.Close"
},
{
"name": "expectContinueReader.Read"
},
{
"name": "extraHeader.Write"
},
{
"name": "fileHandler.ServeHTTP"
},
{
"name": "fileTransport.RoundTrip"
},
{
"name": "globalOptionsHandler.ServeHTTP"
},
{
"name": "gzipReader.Close"
},
{
"name": "gzipReader.Read"
},
{
"name": "http2ClientConn.Close"
},
{
"name": "http2ClientConn.Ping"
},
{
"name": "http2ClientConn.RoundTrip"
},
{
"name": "http2ClientConn.Shutdown"
},
{
"name": "http2ConnectionError.Error"
},
{
"name": "http2ErrCode.String"
},
{
"name": "http2FrameHeader.String"
},
{
"name": "http2FrameType.String"
},
{
"name": "http2FrameWriteRequest.String"
},
{
"name": "http2Framer.ReadFrame"
},
{
"name": "http2Framer.WriteContinuation"
},
{
"name": "http2Framer.WriteData"
},
{
"name": "http2Framer.WriteDataPadded"
},
{
"name": "http2Framer.WriteGoAway"
},
{
"name": "http2Framer.WriteHeaders"
},
{
"name": "http2Framer.WritePing"
},
{
"name": "http2Framer.WritePriority"
},
{
"name": "http2Framer.WritePushPromise"
},
{
"name": "http2Framer.WriteRSTStream"
},
{
"name": "http2Framer.WriteRawFrame"
},
{
"name": "http2Framer.WriteSettings"
},
{
"name": "http2Framer.WriteSettingsAck"
},
{
"name": "http2Framer.WriteWindowUpdate"
},
{
"name": "http2GoAwayError.Error"
},
{
"name": "http2Server.ServeConn"
},
{
"name": "http2Setting.String"
},
{
"name": "http2SettingID.String"
},
{
"name": "http2SettingsFrame.ForeachSetting"
},
{
"name": "http2StreamError.Error"
},
{
"name": "http2Transport.CloseIdleConnections"
},
{
"name": "http2Transport.NewClientConn"
},
{
"name": "http2Transport.RoundTrip"
},
{
"name": "http2Transport.RoundTripOpt"
},
{
"name": "http2bufferedWriter.Flush"
},
{
"name": "http2bufferedWriter.Write"
},
{
"name": "http2chunkWriter.Write"
},
{
"name": "http2clientConnPool.GetClientConn"
},
{
"name": "http2connError.Error"
},
{
"name": "http2dataBuffer.Read"
},
{
"name": "http2duplicatePseudoHeaderError.Error"
},
{
"name": "http2gzipReader.Close"
},
{
"name": "http2gzipReader.Read"
},
{
"name": "http2headerFieldNameError.Error"
},
{
"name": "http2headerFieldValueError.Error"
},
{
"name": "http2noDialClientConnPool.GetClientConn"
},
{
"name": "http2noDialH2RoundTripper.RoundTrip"
},
{
"name": "http2pipe.Read"
},
{
"name": "http2priorityWriteScheduler.CloseStream"
},
{
"name": "http2priorityWriteScheduler.OpenStream"
},
{
"name": "http2pseudoHeaderError.Error"
},
{
"name": "http2requestBody.Close"
},
{
"name": "http2requestBody.Read"
},
{
"name": "http2responseWriter.Flush"
},
{
"name": "http2responseWriter.FlushError"
},
{
"name": "http2responseWriter.Push"
},
{
"name": "http2responseWriter.SetReadDeadline"
},
{
"name": "http2responseWriter.SetWriteDeadline"
},
{
"name": "http2responseWriter.Write"
},
{
"name": "http2responseWriter.WriteHeader"
},
{
"name": "http2responseWriter.WriteString"
},
{
"name": "http2roundRobinWriteScheduler.OpenStream"
},
{
"name": "http2serverConn.CloseConn"
},
{
"name": "http2serverConn.Flush"
},
{
"name": "http2stickyErrWriter.Write"
},
{
"name": "http2transportResponseBody.Close"
},
{
"name": "http2transportResponseBody.Read"
},
{
"name": "http2writeData.String"
},
{
"name": "initALPNRequest.ServeHTTP"
},
{
"name": "loggingConn.Close"
},
{
"name": "loggingConn.Read"
},
{
"name": "loggingConn.Write"
},
{
"name": "maxBytesReader.Close"
},
{
"name": "maxBytesReader.Read"
},
{
"name": "onceCloseListener.Close"
},
{
"name": "persistConn.Read"
},
{
"name": "persistConnWriter.ReadFrom"
},
{
"name": "persistConnWriter.Write"
},
{
"name": "populateResponse.Write"
},
{
"name": "populateResponse.WriteHeader"
},
{
"name": "readTrackingBody.Close"
},
{
"name": "readTrackingBody.Read"
},
{
"name": "readWriteCloserBody.Read"
},
{
"name": "redirectHandler.ServeHTTP"
},
{
"name": "response.Flush"
},
{
"name": "response.FlushError"
},
{
"name": "response.Hijack"
},
{
"name": "response.ReadFrom"
},
{
"name": "response.Write"
},
{
"name": "response.WriteHeader"
},
{
"name": "response.WriteString"
},
{
"name": "serverHandler.ServeHTTP"
},
{
"name": "socksDialer.DialWithConn"
},
{
"name": "socksUsernamePassword.Authenticate"
},
{
"name": "stringWriter.WriteString"
},
{
"name": "timeoutHandler.ServeHTTP"
},
{
"name": "timeoutWriter.Write"
},
{
"name": "timeoutWriter.WriteHeader"
},
{
"name": "transportReadFromServerError.Error"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.21.9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.22.2",
"status": "affected",
"version": "1.22.0-0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "golang.org/x/net/http2",
"product": "golang.org/x/net/http2",
"programRoutines": [
{
"name": "Framer.readMetaFrame"
},
{
"name": "ClientConn.Close"
},
{
"name": "ClientConn.Ping"
},
{
"name": "ClientConn.RoundTrip"
},
{
"name": "ClientConn.Shutdown"
},
{
"name": "ConfigureServer"
},
{
"name": "ConfigureTransport"
},
{
"name": "ConfigureTransports"
},
{
"name": "ConnectionError.Error"
},
{
"name": "ErrCode.String"
},
{
"name": "FrameHeader.String"
},
{
"name": "FrameType.String"
},
{
"name": "FrameWriteRequest.String"
},
{
"name": "Framer.ReadFrame"
},
{
"name": "Framer.WriteContinuation"
},
{
"name": "Framer.WriteData"
},
{
"name": "Framer.WriteDataPadded"
},
{
"name": "Framer.WriteGoAway"
},
{
"name": "Framer.WriteHeaders"
},
{
"name": "Framer.WritePing"
},
{
"name": "Framer.WritePriority"
},
{
"name": "Framer.WritePushPromise"
},
{
"name": "Framer.WriteRSTStream"
},
{
"name": "Framer.WriteRawFrame"
},
{
"name": "Framer.WriteSettings"
},
{
"name": "Framer.WriteSettingsAck"
},
{
"name": "Framer.WriteWindowUpdate"
},
{
"name": "GoAwayError.Error"
},
{
"name": "ReadFrameHeader"
},
{
"name": "Server.ServeConn"
},
{
"name": "Setting.String"
},
{
"name": "SettingID.String"
},
{
"name": "SettingsFrame.ForeachSetting"
},
{
"name": "StreamError.Error"
},
{
"name": "Transport.CloseIdleConnections"
},
{
"name": "Transport.NewClientConn"
},
{
"name": "Transport.RoundTrip"
},
{
"name": "Transport.RoundTripOpt"
},
{
"name": "bufferedWriter.Flush"
},
{
"name": "bufferedWriter.Write"
},
{
"name": "chunkWriter.Write"
},
{
"name": "clientConnPool.GetClientConn"
},
{
"name": "connError.Error"
},
{
"name": "dataBuffer.Read"
},
{
"name": "duplicatePseudoHeaderError.Error"
},
{
"name": "gzipReader.Close"
},
{
"name": "gzipReader.Read"
},
{
"name": "headerFieldNameError.Error"
},
{
"name": "headerFieldValueError.Error"
},
{
"name": "noDialClientConnPool.GetClientConn"
},
{
"name": "noDialH2RoundTripper.RoundTrip"
},
{
"name": "pipe.Read"
},
{
"name": "priorityWriteScheduler.CloseStream"
},
{
"name": "priorityWriteScheduler.OpenStream"
},
{
"name": "pseudoHeaderError.Error"
},
{
"name": "requestBody.Close"
},
{
"name": "requestBody.Read"
},
{
"name": "responseWriter.Flush"
},
{
"name": "responseWriter.FlushError"
},
{
"name": "responseWriter.Push"
},
{
"name": "responseWriter.SetReadDeadline"
},
{
"name": "responseWriter.SetWriteDeadline"
},
{
"name": "responseWriter.Write"
},
{
"name": "responseWriter.WriteHeader"
},
{
"name": "responseWriter.WriteString"
},
{
"name": "roundRobinWriteScheduler.OpenStream"
},
{
"name": "serverConn.CloseConn"
},
{
"name": "serverConn.Flush"
},
{
"name": "stickyErrWriter.Write"
},
{
"name": "transportResponseBody.Close"
},
{
"name": "transportResponseBody.Read"
},
{
"name": "writeData.String"
}
],
"vendor": "golang.org/x/net",
"versions": [
{
"lessThan": "0.23.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bartek Nowotarski (https://nowotarski.info/)"
}
],
"descriptions": [
{
"lang": "en",
"value": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request\u0027s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T17:10:07.754Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/issue/65051"
},
{
"url": "https://go.dev/cl/576155"
},
{
"url": "https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M"
},
{
"url": "https://pkg.go.dev/vuln/GO-2024-2687"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240419-0009/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/05/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/03/16"
}
],
"title": "HTTP/2 CONTINUATION flood in net/http"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2023-45288",
"datePublished": "2024-04-04T20:37:30.714Z",
"dateReserved": "2023-10-06T17:06:26.221Z",
"dateUpdated": "2025-11-04T18:17:43.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-45288",
"date": "2026-06-20",
"epss": "0.91969",
"percentile": "0.99806"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request\u0027s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.\"}, {\"lang\": \"es\", \"value\": \"Un atacante puede hacer que un endpoint HTTP/2 lea cantidades arbitrarias de datos de encabezado enviando una cantidad excesiva de tramas de CONTINUACI\\u00d3N. Mantener el estado de HPACK requiere analizar y procesar todos los encabezados y tramas de CONTINUACI\\u00d3N en una conexi\\u00f3n. Cuando los encabezados de una solicitud exceden MaxHeaderBytes, no se asigna memoria para almacenar los encabezados sobrantes, pero a\\u00fan as\\u00ed se analizan. Esto permite a un atacante hacer que un endpoint HTTP/2 lea cantidades arbitrarias de datos de encabezado, todos asociados con una solicitud que ser\\u00e1 rechazada. Estos encabezados pueden incluir datos codificados por Huffman, cuya decodificaci\\u00f3n es significativamente m\\u00e1s costosa para el receptor que para el atacante. La soluci\\u00f3n establece un l\\u00edmite en la cantidad de fotogramas de encabezado excedentes que procesaremos antes de cerrar una conexi\\u00f3n.\"}]",
"id": "CVE-2023-45288",
"lastModified": "2024-11-21T08:26:42.380",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2024-04-04T21:15:16.113",
"references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/03/16\", \"source\": \"security@golang.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/05/4\", \"source\": \"security@golang.org\"}, {\"url\": \"https://go.dev/cl/576155\", \"source\": \"security@golang.org\"}, {\"url\": \"https://go.dev/issue/65051\", \"source\": \"security@golang.org\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M\", \"source\": \"security@golang.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/\", \"source\": \"security@golang.org\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2024-2687\", \"source\": \"security@golang.org\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240419-0009/\", \"source\": \"security@golang.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/03/16\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/05/4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://go.dev/cl/576155\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://go.dev/issue/65051\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2024-2687\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240419-0009/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security@golang.org",
"vulnStatus": "Awaiting Analysis"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-45288\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2024-04-04T21:15:16.113\",\"lastModified\":\"2025-11-04T19:16:01.263\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request\u0027s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.\"},{\"lang\":\"es\",\"value\":\"Un atacante puede hacer que un endpoint HTTP/2 lea cantidades arbitrarias de datos de encabezado enviando una cantidad excesiva de tramas de CONTINUACI\u00d3N. Mantener el estado de HPACK requiere analizar y procesar todos los encabezados y tramas de CONTINUACI\u00d3N en una conexi\u00f3n. Cuando los encabezados de una solicitud exceden MaxHeaderBytes, no se asigna memoria para almacenar los encabezados sobrantes, pero a\u00fan as\u00ed se analizan. Esto permite a un atacante hacer que un endpoint HTTP/2 lea cantidades arbitrarias de datos de encabezado, todos asociados con una solicitud que ser\u00e1 rechazada. Estos encabezados pueden incluir datos codificados por Huffman, cuya decodificaci\u00f3n es significativamente m\u00e1s costosa para el receptor que para el atacante. La soluci\u00f3n establece un l\u00edmite en la cantidad de fotogramas de encabezado excedentes que procesaremos antes de cerrar una conexi\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2024/04/03/16\",\"source\":\"security@golang.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/04/05/4\",\"source\":\"security@golang.org\"},{\"url\":\"https://go.dev/cl/576155\",\"source\":\"security@golang.org\"},{\"url\":\"https://go.dev/issue/65051\",\"source\":\"security@golang.org\"},{\"url\":\"https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M\",\"source\":\"security@golang.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/\",\"source\":\"security@golang.org\"},{\"url\":\"https://pkg.go.dev/vuln/GO-2024-2687\",\"source\":\"security@golang.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240419-0009/\",\"source\":\"security@golang.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/04/03/16\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/04/05/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://go.dev/cl/576155\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://go.dev/issue/65051\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://pkg.go.dev/vuln/GO-2024-2687\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240419-0009/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.kb.cert.org/vuls/id/421644\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://go.dev/issue/65051\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://go.dev/cl/576155\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://pkg.go.dev/vuln/GO-2024-2687\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240419-0009/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/05/4\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/03/16\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/421644\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T18:17:43.583Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-45288\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-05T17:08:42.212936Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:go_standard_library:net\\\\/http:*:*:*:*:*:*:*:*\"], \"vendor\": \"go_standard_library\", \"product\": \"net\\\\/http\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.21.9\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"1.22.0-0\", \"lessThan\": \"1.22.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:golang:http2:*:*:*:*:*:*:*:*\"], \"vendor\": \"golang\", \"product\": \"http2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"0.23.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-26T20:39:55.687Z\"}}], \"cna\": {\"title\": \"HTTP/2 CONTINUATION flood in net/http\", \"credits\": [{\"lang\": \"en\", \"value\": \"Bartek Nowotarski (https://nowotarski.info/)\"}], \"affected\": [{\"vendor\": \"Go standard library\", \"product\": \"net/http\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.21.9\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.22.0-0\", \"lessThan\": \"1.22.2\", \"versionType\": \"semver\"}], \"packageName\": \"net/http\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"http2Framer.readMetaFrame\"}, {\"name\": \"CanonicalHeaderKey\"}, {\"name\": \"Client.CloseIdleConnections\"}, {\"name\": \"Client.Do\"}, {\"name\": \"Client.Get\"}, {\"name\": \"Client.Head\"}, {\"name\": \"Client.Post\"}, {\"name\": \"Client.PostForm\"}, {\"name\": \"Cookie.String\"}, {\"name\": \"Cookie.Valid\"}, {\"name\": \"Dir.Open\"}, {\"name\": \"Error\"}, {\"name\": \"Get\"}, {\"name\": \"HandlerFunc.ServeHTTP\"}, {\"name\": \"Head\"}, {\"name\": \"Header.Add\"}, {\"name\": \"Header.Del\"}, {\"name\": \"Header.Get\"}, {\"name\": \"Header.Set\"}, {\"name\": \"Header.Values\"}, {\"name\": \"Header.Write\"}, {\"name\": \"Header.WriteSubset\"}, {\"name\": \"ListenAndServe\"}, {\"name\": \"ListenAndServeTLS\"}, {\"name\": \"NewRequest\"}, {\"name\": \"NewRequestWithContext\"}, {\"name\": \"NotFound\"}, {\"name\": \"ParseTime\"}, {\"name\": \"Post\"}, {\"name\": \"PostForm\"}, {\"name\": \"ProxyFromEnvironment\"}, {\"name\": \"ReadRequest\"}, {\"name\": \"ReadResponse\"}, {\"name\": \"Redirect\"}, {\"name\": \"Request.AddCookie\"}, {\"name\": \"Request.BasicAuth\"}, {\"name\": \"Request.FormFile\"}, {\"name\": \"Request.FormValue\"}, {\"name\": \"Request.MultipartReader\"}, {\"name\": \"Request.ParseForm\"}, {\"name\": \"Request.ParseMultipartForm\"}, {\"name\": \"Request.PostFormValue\"}, {\"name\": \"Request.Referer\"}, {\"name\": \"Request.SetBasicAuth\"}, {\"name\": \"Request.UserAgent\"}, {\"name\": \"Request.Write\"}, {\"name\": \"Request.WriteProxy\"}, {\"name\": \"Response.Cookies\"}, {\"name\": \"Response.Location\"}, {\"name\": \"Response.Write\"}, {\"name\": \"ResponseController.EnableFullDuplex\"}, {\"name\": \"ResponseController.Flush\"}, {\"name\": \"ResponseController.Hijack\"}, {\"name\": \"ResponseController.SetReadDeadline\"}, {\"name\": \"ResponseController.SetWriteDeadline\"}, {\"name\": \"Serve\"}, {\"name\": \"ServeContent\"}, {\"name\": \"ServeFile\"}, {\"name\": \"ServeMux.ServeHTTP\"}, {\"name\": \"ServeTLS\"}, {\"name\": \"Server.Close\"}, {\"name\": \"Server.ListenAndServe\"}, {\"name\": \"Server.ListenAndServeTLS\"}, {\"name\": \"Server.Serve\"}, {\"name\": \"Server.ServeTLS\"}, {\"name\": \"Server.SetKeepAlivesEnabled\"}, {\"name\": \"Server.Shutdown\"}, {\"name\": \"SetCookie\"}, {\"name\": \"Transport.CancelRequest\"}, {\"name\": \"Transport.Clone\"}, {\"name\": \"Transport.CloseIdleConnections\"}, {\"name\": \"Transport.RoundTrip\"}, {\"name\": \"body.Close\"}, {\"name\": \"body.Read\"}, {\"name\": \"bodyEOFSignal.Close\"}, {\"name\": \"bodyEOFSignal.Read\"}, {\"name\": \"bodyLocked.Read\"}, {\"name\": \"bufioFlushWriter.Write\"}, {\"name\": \"cancelTimerBody.Close\"}, {\"name\": \"cancelTimerBody.Read\"}, {\"name\": \"checkConnErrorWriter.Write\"}, {\"name\": \"chunkWriter.Write\"}, {\"name\": \"connReader.Read\"}, {\"name\": \"connectMethodKey.String\"}, {\"name\": \"expectContinueReader.Close\"}, {\"name\": \"expectContinueReader.Read\"}, {\"name\": \"extraHeader.Write\"}, {\"name\": \"fileHandler.ServeHTTP\"}, {\"name\": \"fileTransport.RoundTrip\"}, {\"name\": \"globalOptionsHandler.ServeHTTP\"}, {\"name\": \"gzipReader.Close\"}, {\"name\": \"gzipReader.Read\"}, {\"name\": \"http2ClientConn.Close\"}, {\"name\": \"http2ClientConn.Ping\"}, {\"name\": \"http2ClientConn.RoundTrip\"}, {\"name\": \"http2ClientConn.Shutdown\"}, {\"name\": \"http2ConnectionError.Error\"}, {\"name\": \"http2ErrCode.String\"}, {\"name\": \"http2FrameHeader.String\"}, {\"name\": \"http2FrameType.String\"}, {\"name\": \"http2FrameWriteRequest.String\"}, {\"name\": \"http2Framer.ReadFrame\"}, {\"name\": \"http2Framer.WriteContinuation\"}, {\"name\": \"http2Framer.WriteData\"}, {\"name\": \"http2Framer.WriteDataPadded\"}, {\"name\": \"http2Framer.WriteGoAway\"}, {\"name\": \"http2Framer.WriteHeaders\"}, {\"name\": \"http2Framer.WritePing\"}, {\"name\": \"http2Framer.WritePriority\"}, {\"name\": \"http2Framer.WritePushPromise\"}, {\"name\": \"http2Framer.WriteRSTStream\"}, {\"name\": \"http2Framer.WriteRawFrame\"}, {\"name\": \"http2Framer.WriteSettings\"}, {\"name\": \"http2Framer.WriteSettingsAck\"}, {\"name\": \"http2Framer.WriteWindowUpdate\"}, {\"name\": \"http2GoAwayError.Error\"}, {\"name\": \"http2Server.ServeConn\"}, {\"name\": \"http2Setting.String\"}, {\"name\": \"http2SettingID.String\"}, {\"name\": \"http2SettingsFrame.ForeachSetting\"}, {\"name\": \"http2StreamError.Error\"}, {\"name\": \"http2Transport.CloseIdleConnections\"}, {\"name\": \"http2Transport.NewClientConn\"}, {\"name\": \"http2Transport.RoundTrip\"}, {\"name\": \"http2Transport.RoundTripOpt\"}, {\"name\": \"http2bufferedWriter.Flush\"}, {\"name\": \"http2bufferedWriter.Write\"}, {\"name\": \"http2chunkWriter.Write\"}, {\"name\": \"http2clientConnPool.GetClientConn\"}, {\"name\": \"http2connError.Error\"}, {\"name\": \"http2dataBuffer.Read\"}, {\"name\": \"http2duplicatePseudoHeaderError.Error\"}, {\"name\": \"http2gzipReader.Close\"}, {\"name\": \"http2gzipReader.Read\"}, {\"name\": \"http2headerFieldNameError.Error\"}, {\"name\": \"http2headerFieldValueError.Error\"}, {\"name\": \"http2noDialClientConnPool.GetClientConn\"}, {\"name\": \"http2noDialH2RoundTripper.RoundTrip\"}, {\"name\": \"http2pipe.Read\"}, {\"name\": \"http2priorityWriteScheduler.CloseStream\"}, {\"name\": \"http2priorityWriteScheduler.OpenStream\"}, {\"name\": \"http2pseudoHeaderError.Error\"}, {\"name\": \"http2requestBody.Close\"}, {\"name\": \"http2requestBody.Read\"}, {\"name\": \"http2responseWriter.Flush\"}, {\"name\": \"http2responseWriter.FlushError\"}, {\"name\": \"http2responseWriter.Push\"}, {\"name\": \"http2responseWriter.SetReadDeadline\"}, {\"name\": \"http2responseWriter.SetWriteDeadline\"}, {\"name\": \"http2responseWriter.Write\"}, {\"name\": \"http2responseWriter.WriteHeader\"}, {\"name\": \"http2responseWriter.WriteString\"}, {\"name\": \"http2roundRobinWriteScheduler.OpenStream\"}, {\"name\": \"http2serverConn.CloseConn\"}, {\"name\": \"http2serverConn.Flush\"}, {\"name\": \"http2stickyErrWriter.Write\"}, {\"name\": \"http2transportResponseBody.Close\"}, {\"name\": \"http2transportResponseBody.Read\"}, {\"name\": \"http2writeData.String\"}, {\"name\": \"initALPNRequest.ServeHTTP\"}, {\"name\": \"loggingConn.Close\"}, {\"name\": \"loggingConn.Read\"}, {\"name\": \"loggingConn.Write\"}, {\"name\": \"maxBytesReader.Close\"}, {\"name\": \"maxBytesReader.Read\"}, {\"name\": \"onceCloseListener.Close\"}, {\"name\": \"persistConn.Read\"}, {\"name\": \"persistConnWriter.ReadFrom\"}, {\"name\": \"persistConnWriter.Write\"}, {\"name\": \"populateResponse.Write\"}, {\"name\": \"populateResponse.WriteHeader\"}, {\"name\": \"readTrackingBody.Close\"}, {\"name\": \"readTrackingBody.Read\"}, {\"name\": \"readWriteCloserBody.Read\"}, {\"name\": \"redirectHandler.ServeHTTP\"}, {\"name\": \"response.Flush\"}, {\"name\": \"response.FlushError\"}, {\"name\": \"response.Hijack\"}, {\"name\": \"response.ReadFrom\"}, {\"name\": \"response.Write\"}, {\"name\": \"response.WriteHeader\"}, {\"name\": \"response.WriteString\"}, {\"name\": \"serverHandler.ServeHTTP\"}, {\"name\": \"socksDialer.DialWithConn\"}, {\"name\": \"socksUsernamePassword.Authenticate\"}, {\"name\": \"stringWriter.WriteString\"}, {\"name\": \"timeoutHandler.ServeHTTP\"}, {\"name\": \"timeoutWriter.Write\"}, {\"name\": \"timeoutWriter.WriteHeader\"}, {\"name\": \"transportReadFromServerError.Error\"}]}, {\"vendor\": \"golang.org/x/net\", \"product\": \"golang.org/x/net/http2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"0.23.0\", \"versionType\": \"semver\"}], \"packageName\": \"golang.org/x/net/http2\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"Framer.readMetaFrame\"}, {\"name\": \"ClientConn.Close\"}, {\"name\": \"ClientConn.Ping\"}, {\"name\": \"ClientConn.RoundTrip\"}, {\"name\": \"ClientConn.Shutdown\"}, {\"name\": \"ConfigureServer\"}, {\"name\": \"ConfigureTransport\"}, {\"name\": \"ConfigureTransports\"}, {\"name\": \"ConnectionError.Error\"}, {\"name\": \"ErrCode.String\"}, {\"name\": \"FrameHeader.String\"}, {\"name\": \"FrameType.String\"}, {\"name\": \"FrameWriteRequest.String\"}, {\"name\": \"Framer.ReadFrame\"}, {\"name\": \"Framer.WriteContinuation\"}, {\"name\": \"Framer.WriteData\"}, {\"name\": \"Framer.WriteDataPadded\"}, {\"name\": \"Framer.WriteGoAway\"}, {\"name\": \"Framer.WriteHeaders\"}, {\"name\": \"Framer.WritePing\"}, {\"name\": \"Framer.WritePriority\"}, {\"name\": \"Framer.WritePushPromise\"}, {\"name\": \"Framer.WriteRSTStream\"}, {\"name\": \"Framer.WriteRawFrame\"}, {\"name\": \"Framer.WriteSettings\"}, {\"name\": \"Framer.WriteSettingsAck\"}, {\"name\": \"Framer.WriteWindowUpdate\"}, {\"name\": \"GoAwayError.Error\"}, {\"name\": \"ReadFrameHeader\"}, {\"name\": \"Server.ServeConn\"}, {\"name\": \"Setting.String\"}, {\"name\": \"SettingID.String\"}, {\"name\": \"SettingsFrame.ForeachSetting\"}, {\"name\": \"StreamError.Error\"}, {\"name\": \"Transport.CloseIdleConnections\"}, {\"name\": \"Transport.NewClientConn\"}, {\"name\": \"Transport.RoundTrip\"}, {\"name\": \"Transport.RoundTripOpt\"}, {\"name\": \"bufferedWriter.Flush\"}, {\"name\": \"bufferedWriter.Write\"}, {\"name\": \"chunkWriter.Write\"}, {\"name\": \"clientConnPool.GetClientConn\"}, {\"name\": \"connError.Error\"}, {\"name\": \"dataBuffer.Read\"}, {\"name\": \"duplicatePseudoHeaderError.Error\"}, {\"name\": \"gzipReader.Close\"}, {\"name\": \"gzipReader.Read\"}, {\"name\": \"headerFieldNameError.Error\"}, {\"name\": \"headerFieldValueError.Error\"}, {\"name\": \"noDialClientConnPool.GetClientConn\"}, {\"name\": \"noDialH2RoundTripper.RoundTrip\"}, {\"name\": \"pipe.Read\"}, {\"name\": \"priorityWriteScheduler.CloseStream\"}, {\"name\": \"priorityWriteScheduler.OpenStream\"}, {\"name\": \"pseudoHeaderError.Error\"}, {\"name\": \"requestBody.Close\"}, {\"name\": \"requestBody.Read\"}, {\"name\": \"responseWriter.Flush\"}, {\"name\": \"responseWriter.FlushError\"}, {\"name\": \"responseWriter.Push\"}, {\"name\": \"responseWriter.SetReadDeadline\"}, {\"name\": \"responseWriter.SetWriteDeadline\"}, {\"name\": \"responseWriter.Write\"}, {\"name\": \"responseWriter.WriteHeader\"}, {\"name\": \"responseWriter.WriteString\"}, {\"name\": \"roundRobinWriteScheduler.OpenStream\"}, {\"name\": \"serverConn.CloseConn\"}, {\"name\": \"serverConn.Flush\"}, {\"name\": \"stickyErrWriter.Write\"}, {\"name\": \"transportResponseBody.Close\"}, {\"name\": \"transportResponseBody.Read\"}, {\"name\": \"writeData.String\"}]}], \"references\": [{\"url\": \"https://go.dev/issue/65051\"}, {\"url\": \"https://go.dev/cl/576155\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2024-2687\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240419-0009/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/05/4\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/04/03/16\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request\u0027s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-400: Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2024-05-01T17:10:07.754Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-45288\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-04T18:17:43.583Z\", \"dateReserved\": \"2023-10-06T17:06:26.221Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2024-04-04T20:37:30.714Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2025:1332-1
Vulnerability from csaf_suse - Published: 2025-04-17 01:37 - Updated: 2025-04-17 01:37Summary
Security update for rekor
Severity
Important
Notes
Title of the patch: Security update for rekor
Description of the patch: This update for rekor fixes the following issues:
- CVE-2023-45288: rekor: golang.org/x/net/http2: Fixed close connections when receiving too many headers (bsc#1236519)
- CVE-2024-6104: rekor: hashicorp/go-retryablehttp: Fixed sensitive information disclosure inside log file (bsc#1227053)
- CVE-2025-22868: rekor: golang.org/x/oauth2/jws: Fixed unexpected memory consumption during token parsing (bsc#1239191)
- CVE-2025-22869: rekor: golang.org/x/crypto/ssh: Fixed denial of service in the Key Exchange (bsc#1239327)
- CVE-2025-27144: rekor: gopkg.in/go-jose/go-jose.v2,github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: Fixed denial of service in Go JOSE's parsing (bsc#1237638)
- CVE-2025-30204: rekor: github.com/golang-jwt/jwt/v5: Fixed jwt-go allowing excessive memory allocation during header parsing (bsc#1240468)
Other fixes:
- Update to version 1.3.10:
* Features
- Added --client-signing-algorithms flag (#1974)
* Fixes / Misc
- emit unpopulated values when marshalling (#2438)
- pkg/api: better logs when algorithm registry rejects a key
(#2429)
- chore: improve mysql readiness checks (#2397)
- Added --client-signing-algorithms flag (#1974)
- Update to version 1.3.9 (jsc#SLE-23476):
* Cache checkpoint for inactive shards (#2332)
* Support per-shard signing keys (#2330)
- Update to version 1.3.8:
* Bug Fixes
- fix zizmor issues (#2298)
- remove unneeded value in log message (#2282)
* Quality Enhancements
- chore: relax go directive to permit 1.22.x
- fetch minisign from homebrew instead of custom ppa (#2329)
- fix(ci): simplify GOVERSION extraction
- chore(deps): bump actions pins to latest
- Updates go and golangci-lint (#2302)
- update builder to use go1.23.4 (#2301)
- clean up spaces
- log request body on 500 error to aid debugging (#2283)
- Update to version 1.3.7:
* New Features
- log request body on 500 error to aid debugging (#2283)
- Add support for signing with Tink keyset (#2228)
- Add public key hash check in Signed Note verification (#2214)
- update Trillian TLS configuration (#2202)
- Add TLS support for Trillian server (#2164)
- Replace docker-compose with plugin if available (#2153)
- Add flags to backfill script (#2146)
- Unset DisableKeepalive for backfill HTTP client (#2137)
- Add script to delete indexes from Redis (#2120)
- Run CREATE statement in backfill script (#2109)
- Add MySQL support to backfill script (#2081)
- Run e2e tests on mysql and redis index backends (#2079)
* Bug Fixes
- remove unneeded value in log message (#2282)
- Add error message when computing consistency proof (#2278)
- fix validation error handling on API (#2217)
- fix error in pretty-printed inclusion proof from verify
subcommand (#2210)
- Fix index scripts (#2203)
- fix failing sharding test
- Better error handling in backfill script (#2148)
- Batch entries in cleanup script (#2158)
- Add missing workflow for index cleanup test (#2121)
- hashedrekord: fix schema $id (#2092)
Patchnames: SUSE-2025-1332,SUSE-SLE-Module-Basesystem-15-SP6-2025-1332,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1332,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1332,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1332,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1332,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1332,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1332,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1332,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1332,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-1332,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1332,openSUSE-SLE-15.6-2025-1332
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.3:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6 (Medium)
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.3:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.3:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.3:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.3:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.3:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
31 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rekor",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rekor fixes the following issues:\n\n- CVE-2023-45288: rekor: golang.org/x/net/http2: Fixed close connections when receiving too many headers (bsc#1236519)\n- CVE-2024-6104: rekor: hashicorp/go-retryablehttp: Fixed sensitive information disclosure inside log file (bsc#1227053)\n- CVE-2025-22868: rekor: golang.org/x/oauth2/jws: Fixed unexpected memory consumption during token parsing (bsc#1239191)\n- CVE-2025-22869: rekor: golang.org/x/crypto/ssh: Fixed denial of service in the Key Exchange (bsc#1239327)\n- CVE-2025-27144: rekor: gopkg.in/go-jose/go-jose.v2,github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: Fixed denial of service in Go JOSE\u0027s parsing (bsc#1237638)\n- CVE-2025-30204: rekor: github.com/golang-jwt/jwt/v5: Fixed jwt-go allowing excessive memory allocation during header parsing (bsc#1240468)\n\nOther fixes:\n\n- Update to version 1.3.10:\n * Features\n - Added --client-signing-algorithms flag (#1974)\n * Fixes / Misc\n - emit unpopulated values when marshalling (#2438)\n - pkg/api: better logs when algorithm registry rejects a key\n (#2429)\n - chore: improve mysql readiness checks (#2397)\n - Added --client-signing-algorithms flag (#1974)\n\n- Update to version 1.3.9 (jsc#SLE-23476):\n * Cache checkpoint for inactive shards (#2332)\n * Support per-shard signing keys (#2330)\n\n- Update to version 1.3.8:\n * Bug Fixes\n - fix zizmor issues (#2298)\n - remove unneeded value in log message (#2282)\n * Quality Enhancements\n - chore: relax go directive to permit 1.22.x\n - fetch minisign from homebrew instead of custom ppa (#2329)\n - fix(ci): simplify GOVERSION extraction\n - chore(deps): bump actions pins to latest\n - Updates go and golangci-lint (#2302)\n - update builder to use go1.23.4 (#2301)\n - clean up spaces\n - log request body on 500 error to aid debugging (#2283)\n\n- Update to version 1.3.7:\n * New Features\n - log request body on 500 error to aid debugging (#2283)\n - Add support for signing with Tink keyset (#2228)\n - Add public key hash check in Signed Note verification (#2214)\n - update Trillian TLS configuration (#2202)\n - Add TLS support for Trillian server (#2164)\n - Replace docker-compose with plugin if available (#2153)\n - Add flags to backfill script (#2146)\n - Unset DisableKeepalive for backfill HTTP client (#2137)\n - Add script to delete indexes from Redis (#2120)\n - Run CREATE statement in backfill script (#2109)\n - Add MySQL support to backfill script (#2081)\n - Run e2e tests on mysql and redis index backends (#2079)\n * Bug Fixes\n - remove unneeded value in log message (#2282)\n - Add error message when computing consistency proof (#2278)\n - fix validation error handling on API (#2217)\n - fix error in pretty-printed inclusion proof from verify\n subcommand (#2210)\n - Fix index scripts (#2203)\n - fix failing sharding test\n - Better error handling in backfill script (#2148)\n - Batch entries in cleanup script (#2158)\n - Add missing workflow for index cleanup test (#2121)\n - hashedrekord: fix schema $id (#2092)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-1332,SUSE-SLE-Module-Basesystem-15-SP6-2025-1332,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-1332,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-1332,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-1332,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-1332,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-1332,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-1332,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-1332,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-1332,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-1332,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-1332,openSUSE-SLE-15.6-2025-1332",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_1332-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:1332-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20251332-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:1332-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-April/039053.html"
},
{
"category": "self",
"summary": "SUSE Bug 1227053",
"url": "https://bugzilla.suse.com/1227053"
},
{
"category": "self",
"summary": "SUSE Bug 1236519",
"url": "https://bugzilla.suse.com/1236519"
},
{
"category": "self",
"summary": "SUSE Bug 1237638",
"url": "https://bugzilla.suse.com/1237638"
},
{
"category": "self",
"summary": "SUSE Bug 1239191",
"url": "https://bugzilla.suse.com/1239191"
},
{
"category": "self",
"summary": "SUSE Bug 1239327",
"url": "https://bugzilla.suse.com/1239327"
},
{
"category": "self",
"summary": "SUSE Bug 1240468",
"url": "https://bugzilla.suse.com/1240468"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45288 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6104 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6104/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22868 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27144 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27144/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-30204 page",
"url": "https://www.suse.com/security/cve/CVE-2025-30204/"
}
],
"title": "Security update for rekor",
"tracking": {
"current_release_date": "2025-04-17T01:37:13Z",
"generator": {
"date": "2025-04-17T01:37:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:1332-1",
"initial_release_date": "2025-04-17T01:37:13Z",
"revision_history": [
{
"date": "2025-04-17T01:37:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rekor-1.3.10-150400.4.25.1.aarch64",
"product": {
"name": "rekor-1.3.10-150400.4.25.1.aarch64",
"product_id": "rekor-1.3.10-150400.4.25.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rekor-1.3.10-150400.4.25.1.i586",
"product": {
"name": "rekor-1.3.10-150400.4.25.1.i586",
"product_id": "rekor-1.3.10-150400.4.25.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "rekor-1.3.10-150400.4.25.1.ppc64le",
"product": {
"name": "rekor-1.3.10-150400.4.25.1.ppc64le",
"product_id": "rekor-1.3.10-150400.4.25.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rekor-1.3.10-150400.4.25.1.s390x",
"product": {
"name": "rekor-1.3.10-150400.4.25.1.s390x",
"product_id": "rekor-1.3.10-150400.4.25.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rekor-1.3.10-150400.4.25.1.x86_64",
"product": {
"name": "rekor-1.3.10-150400.4.25.1.x86_64",
"product_id": "rekor-1.3.10-150400.4.25.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.3",
"product": {
"name": "SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.3.10-150400.4.25.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.aarch64"
},
"product_reference": "rekor-1.3.10-150400.4.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.3.10-150400.4.25.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.ppc64le"
},
"product_reference": "rekor-1.3.10-150400.4.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.3.10-150400.4.25.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.s390x"
},
"product_reference": "rekor-1.3.10-150400.4.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.3.10-150400.4.25.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.x86_64"
},
"product_reference": "rekor-1.3.10-150400.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.3.10-150400.4.25.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64"
},
"product_reference": "rekor-1.3.10-150400.4.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.3.10-150400.4.25.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64"
},
"product_reference": "rekor-1.3.10-150400.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.3.10-150400.4.25.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64"
},
"product_reference": "rekor-1.3.10-150400.4.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.3.10-150400.4.25.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64"
},
"product_reference": "rekor-1.3.10-150400.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.3.10-150400.4.25.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64"
},
"product_reference": "rekor-1.3.10-150400.4.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.3.10-150400.4.25.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64"
},
"product_reference": "rekor-1.3.10-150400.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.3.10-150400.4.25.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64"
},
"product_reference": "rekor-1.3.10-150400.4.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.3.10-150400.4.25.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64"
},
"product_reference": "rekor-1.3.10-150400.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.3.10-150400.4.25.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64"
},
"product_reference": "rekor-1.3.10-150400.4.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.3.10-150400.4.25.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le"
},
"product_reference": "rekor-1.3.10-150400.4.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.3.10-150400.4.25.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.s390x"
},
"product_reference": "rekor-1.3.10-150400.4.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.3.10-150400.4.25.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64"
},
"product_reference": "rekor-1.3.10-150400.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.3.10-150400.4.25.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64"
},
"product_reference": "rekor-1.3.10-150400.4.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.3.10-150400.4.25.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le"
},
"product_reference": "rekor-1.3.10-150400.4.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.3.10-150400.4.25.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.s390x"
},
"product_reference": "rekor-1.3.10-150400.4.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.3.10-150400.4.25.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64"
},
"product_reference": "rekor-1.3.10-150400.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.3.10-150400.4.25.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.ppc64le"
},
"product_reference": "rekor-1.3.10-150400.4.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.3.10-150400.4.25.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.x86_64"
},
"product_reference": "rekor-1.3.10-150400.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.3.10-150400.4.25.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.ppc64le"
},
"product_reference": "rekor-1.3.10-150400.4.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.3.10-150400.4.25.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.x86_64"
},
"product_reference": "rekor-1.3.10-150400.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.3.10-150400.4.25.1.x86_64 as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:rekor-1.3.10-150400.4.25.1.x86_64"
},
"product_reference": "rekor-1.3.10-150400.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.3.10-150400.4.25.1.ppc64le as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.ppc64le"
},
"product_reference": "rekor-1.3.10-150400.4.25.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.3.10-150400.4.25.1.s390x as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.s390x"
},
"product_reference": "rekor-1.3.10-150400.4.25.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.3.10-150400.4.25.1.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.x86_64"
},
"product_reference": "rekor-1.3.10-150400.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.3.10-150400.4.25.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.aarch64"
},
"product_reference": "rekor-1.3.10-150400.4.25.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.3.10-150400.4.25.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.ppc64le"
},
"product_reference": "rekor-1.3.10-150400.4.25.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.3.10-150400.4.25.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.s390x"
},
"product_reference": "rekor-1.3.10-150400.4.25.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.3.10-150400.4.25.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.x86_64"
},
"product_reference": "rekor-1.3.10-150400.4.25.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45288"
}
],
"notes": [
{
"category": "general",
"text": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request\u0027s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Proxy 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.aarch64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.ppc64le",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.s390x",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45288",
"url": "https://www.suse.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "SUSE Bug 1221400 for CVE-2023-45288",
"url": "https://bugzilla.suse.com/1221400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Proxy 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.aarch64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.ppc64le",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.s390x",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Proxy 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.aarch64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.ppc64le",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.s390x",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T01:37:13Z",
"details": "moderate"
}
],
"title": "CVE-2023-45288"
},
{
"cve": "CVE-2024-6104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6104"
}
],
"notes": [
{
"category": "general",
"text": "go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Proxy 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.aarch64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.ppc64le",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.s390x",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6104",
"url": "https://www.suse.com/security/cve/CVE-2024-6104"
},
{
"category": "external",
"summary": "SUSE Bug 1227024 for CVE-2024-6104",
"url": "https://bugzilla.suse.com/1227024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Proxy 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.aarch64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.ppc64le",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.s390x",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Proxy 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.aarch64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.ppc64le",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.s390x",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T01:37:13Z",
"details": "moderate"
}
],
"title": "CVE-2024-6104"
},
{
"cve": "CVE-2025-22868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22868"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Proxy 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.aarch64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.ppc64le",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.s390x",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22868",
"url": "https://www.suse.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "SUSE Bug 1239185 for CVE-2025-22868",
"url": "https://bugzilla.suse.com/1239185"
},
{
"category": "external",
"summary": "SUSE Bug 1239186 for CVE-2025-22868",
"url": "https://bugzilla.suse.com/1239186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Proxy 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.aarch64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.ppc64le",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.s390x",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Proxy 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.aarch64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.ppc64le",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.s390x",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T01:37:13Z",
"details": "important"
}
],
"title": "CVE-2025-22868"
},
{
"cve": "CVE-2025-22869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22869"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Proxy 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.aarch64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.ppc64le",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.s390x",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22869",
"url": "https://www.suse.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "SUSE Bug 1239322 for CVE-2025-22869",
"url": "https://bugzilla.suse.com/1239322"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Proxy 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.aarch64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.ppc64le",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.s390x",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Proxy 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.aarch64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.ppc64le",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.s390x",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T01:37:13Z",
"details": "important"
}
],
"title": "CVE-2025-22869"
},
{
"cve": "CVE-2025-27144",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27144"
}
],
"notes": [
{
"category": "general",
"text": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, \".\") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Proxy 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.aarch64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.ppc64le",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.s390x",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27144",
"url": "https://www.suse.com/security/cve/CVE-2025-27144"
},
{
"category": "external",
"summary": "SUSE Bug 1237608 for CVE-2025-27144",
"url": "https://bugzilla.suse.com/1237608"
},
{
"category": "external",
"summary": "SUSE Bug 1237609 for CVE-2025-27144",
"url": "https://bugzilla.suse.com/1237609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Proxy 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.aarch64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.ppc64le",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.s390x",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Proxy 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.aarch64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.ppc64le",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.s390x",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T01:37:13Z",
"details": "important"
}
],
"title": "CVE-2025-27144"
},
{
"cve": "CVE-2025-30204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-30204"
}
],
"notes": [
{
"category": "general",
"text": "golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function\u0027s argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Proxy 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.aarch64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.ppc64le",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.s390x",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-30204",
"url": "https://www.suse.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "SUSE Bug 1240441 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240441"
},
{
"category": "external",
"summary": "SUSE Bug 1240442 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Proxy 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.aarch64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.ppc64le",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.s390x",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Proxy 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.ppc64le",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.s390x",
"SUSE Manager Server 4.3:rekor-1.3.10-150400.4.25.1.x86_64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.aarch64",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.ppc64le",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.s390x",
"openSUSE Leap 15.6:rekor-1.3.10-150400.4.25.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-17T01:37:13Z",
"details": "important"
}
],
"title": "CVE-2025-30204"
}
]
}
SUSE-SU-2025:20091-1
Vulnerability from csaf_suse - Published: 2025-02-03 09:10 - Updated: 2025-02-03 09:10Summary
Security update for containerd
Severity
Important
Notes
Title of the patch: Security update for containerd
Description of the patch: This update for containerd fixes the following issues:
- Update to containerd v1.7.21. Upstream release notes:
https://github.com/containerd/containerd/releases/tag/v1.7.21
Fixes CVE-2023-47108. bsc#1217070
Fixes CVE-2023-45142. bsc#1228553
- Update to containerd v1.7.17. Upstream release notes:
https://github.com/containerd/containerd/releases/tag/v1.7.17
- Update to containerd v1.7.16. Upstream release notes:
https://github.com/containerd/containerd/releases/tag/v1.7.16
CVE-2023-45288 bsc#1221400
- Update to containerd v1.7.15. Upstream release notes:
https://github.com/containerd/containerd/releases/tag/v1.7.15
- Update to containerd v1.7.14. Upstream release notes:
https://github.com/containerd/containerd/releases/tag/v1.7.14
- Update to containerd v1.7.13. Upstream release notes:
https://github.com/containerd/containerd/releases/tag/v1.7.13
- Update to containerd v1.7.12. Upstream release notes:
https://github.com/containerd/containerd/releases/tag/v1.7.12
- Update to containerd v1.7.11. Upstream release notes:
https://github.com/containerd/containerd/releases/tag/v1.7.11
GHSA-jq35-85cj-fj4p bsc#1224323
Patchnames: SUSE-SLE-Micro-6.0-147
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.1 (Critical)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:containerd-1.7.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:containerd-1.7.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:containerd-1.7.21-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:containerd-1.7.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:containerd-1.7.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:containerd-1.7.21-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:containerd-1.7.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:containerd-1.7.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:containerd-1.7.21-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:containerd-1.7.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:containerd-1.7.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:containerd-1.7.21-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for containerd",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for containerd fixes the following issues:\n\n- Update to containerd v1.7.21. Upstream release notes:\n https://github.com/containerd/containerd/releases/tag/v1.7.21\n Fixes CVE-2023-47108. bsc#1217070\n Fixes CVE-2023-45142. bsc#1228553\n\n- Update to containerd v1.7.17. Upstream release notes:\n https://github.com/containerd/containerd/releases/tag/v1.7.17\n\n- Update to containerd v1.7.16. Upstream release notes:\n https://github.com/containerd/containerd/releases/tag/v1.7.16\n CVE-2023-45288 bsc#1221400\n\n- Update to containerd v1.7.15. Upstream release notes:\n https://github.com/containerd/containerd/releases/tag/v1.7.15\n\n- Update to containerd v1.7.14. Upstream release notes:\n https://github.com/containerd/containerd/releases/tag/v1.7.14\n\n- Update to containerd v1.7.13. Upstream release notes:\n https://github.com/containerd/containerd/releases/tag/v1.7.13\n\n- Update to containerd v1.7.12. Upstream release notes:\n https://github.com/containerd/containerd/releases/tag/v1.7.12\n\n- Update to containerd v1.7.11. Upstream release notes:\n https://github.com/containerd/containerd/releases/tag/v1.7.11\n GHSA-jq35-85cj-fj4p bsc#1224323\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-147",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20091-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20091-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520091-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20091-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021225.html"
},
{
"category": "self",
"summary": "SUSE Bug 1200528",
"url": "https://bugzilla.suse.com/1200528"
},
{
"category": "self",
"summary": "SUSE Bug 1217070",
"url": "https://bugzilla.suse.com/1217070"
},
{
"category": "self",
"summary": "SUSE Bug 1221400",
"url": "https://bugzilla.suse.com/1221400"
},
{
"category": "self",
"summary": "SUSE Bug 1224323",
"url": "https://bugzilla.suse.com/1224323"
},
{
"category": "self",
"summary": "SUSE Bug 1228553",
"url": "https://bugzilla.suse.com/1228553"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1996 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45142 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45142/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45288 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-47108 page",
"url": "https://www.suse.com/security/cve/CVE-2023-47108/"
}
],
"title": "Security update for containerd",
"tracking": {
"current_release_date": "2025-02-03T09:10:07Z",
"generator": {
"date": "2025-02-03T09:10:07Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20091-1",
"initial_release_date": "2025-02-03T09:10:07Z",
"revision_history": [
{
"date": "2025-02-03T09:10:07Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.7.21-1.1.aarch64",
"product": {
"name": "containerd-1.7.21-1.1.aarch64",
"product_id": "containerd-1.7.21-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.7.21-1.1.s390x",
"product": {
"name": "containerd-1.7.21-1.1.s390x",
"product_id": "containerd-1.7.21-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.7.21-1.1.x86_64",
"product": {
"name": "containerd-1.7.21-1.1.x86_64",
"product_id": "containerd-1.7.21-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.7.21-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:containerd-1.7.21-1.1.aarch64"
},
"product_reference": "containerd-1.7.21-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.7.21-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:containerd-1.7.21-1.1.s390x"
},
"product_reference": "containerd-1.7.21-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.7.21-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:containerd-1.7.21-1.1.x86_64"
},
"product_reference": "containerd-1.7.21-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1996"
}
],
"notes": [
{
"category": "general",
"text": "Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.aarch64",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.s390x",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1996",
"url": "https://www.suse.com/security/cve/CVE-2022-1996"
},
{
"category": "external",
"summary": "SUSE Bug 1200528 for CVE-2022-1996",
"url": "https://bugzilla.suse.com/1200528"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.aarch64",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.s390x",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.aarch64",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.s390x",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T09:10:07Z",
"details": "critical"
}
],
"title": "CVE-2022-1996"
},
{
"cve": "CVE-2023-45142",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45142"
}
],
"notes": [
{
"category": "general",
"text": "OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server\u0027s potential memory exhaustion when many malicious requests are sent to it. HTTP header User-Agent or HTTP method for requests can be easily set by an attacker to be random and long. The library internally uses `httpconv.ServerRequest` that records every value for HTTP `method` and `User-Agent`. In order to be affected, a program has to use the `otelhttp.NewHandler` wrapper and not filter any unknown HTTP methods or User agents on the level of CDN, LB, previous middleware, etc. Version 0.44.0 fixed this issue when the values collected for attribute `http.request.method` were changed to be restricted to a set of well-known values and other high cardinality attributes were removed. As a workaround to stop being affected, `otelhttp.WithFilter()` can be used, but it requires manual careful configuration to not log certain requests entirely. For convenience and safe usage of this library, it should by default mark with the label `unknown` non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.aarch64",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.s390x",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45142",
"url": "https://www.suse.com/security/cve/CVE-2023-45142"
},
{
"category": "external",
"summary": "SUSE Bug 1228553 for CVE-2023-45142",
"url": "https://bugzilla.suse.com/1228553"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.aarch64",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.s390x",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.aarch64",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.s390x",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T09:10:07Z",
"details": "important"
}
],
"title": "CVE-2023-45142"
},
{
"cve": "CVE-2023-45288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45288"
}
],
"notes": [
{
"category": "general",
"text": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request\u0027s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.aarch64",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.s390x",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45288",
"url": "https://www.suse.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "SUSE Bug 1221400 for CVE-2023-45288",
"url": "https://bugzilla.suse.com/1221400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.aarch64",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.s390x",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.aarch64",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.s390x",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T09:10:07Z",
"details": "moderate"
}
],
"title": "CVE-2023-45288"
},
{
"cve": "CVE-2023-47108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-47108"
}
],
"notes": [
{
"category": "general",
"text": "OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server\u0027s potential memory exhaustion when many malicious requests are sent. An attacker can easily flood the peer address and port for requests. Version 0.46.0 contains a fix for this issue. As a workaround to stop being affected, a view removing the attributes can be used. The other possibility is to disable grpc metrics instrumentation by passing `otelgrpc.WithMeterProvider` option with `noop.NewMeterProvider`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.aarch64",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.s390x",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-47108",
"url": "https://www.suse.com/security/cve/CVE-2023-47108"
},
{
"category": "external",
"summary": "SUSE Bug 1217070 for CVE-2023-47108",
"url": "https://bugzilla.suse.com/1217070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.aarch64",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.s390x",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.aarch64",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.s390x",
"SUSE Linux Micro 6.0:containerd-1.7.21-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T09:10:07Z",
"details": "important"
}
],
"title": "CVE-2023-47108"
}
]
}
SUSE-SU-2025:20143-1
Vulnerability from csaf_suse - Published: 2025-03-12 10:31 - Updated: 2025-03-12 10:31Summary
Security update for podman
Severity
Important
Notes
Title of the patch: Security update for podman
Description of the patch: This update for podman fixes the following issues:
- CVE-2025-27144: Fixed gopkg.in/square/go-jose.v2,gopkg.in/go-jose/go-jose.v2,github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: Go JOSE's Parsing Vulnerable to Denial of Service (bsc#1237641):
- CVE-2024-11218: Fixed github.com/containers/buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile (bsc#1236270):
- CVE-2023-45288: Fixed golang.org/x/net/http2: close connections when receiving too many headers (bsc#1236507):
- CVE-2024-6104: Fixed hashicorp/go-retryablehttp: url might write sensitive information to log file (bsc#1227052):
Patchnames: SUSE-SLE-Micro-6.0-238
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:podman-4.9.5-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podman-4.9.5-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podman-4.9.5-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podman-docker-4.9.5-3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.7 (High)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:podman-4.9.5-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podman-4.9.5-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podman-4.9.5-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podman-docker-4.9.5-3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:podman-4.9.5-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podman-4.9.5-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podman-4.9.5-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podman-docker-4.9.5-3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:podman-4.9.5-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podman-4.9.5-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podman-4.9.5-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podman-docker-4.9.5-3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:podman-4.9.5-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podman-4.9.5-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podman-4.9.5-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podman-docker-4.9.5-3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for podman",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for podman fixes the following issues:\n\n- CVE-2025-27144: Fixed gopkg.in/square/go-jose.v2,gopkg.in/go-jose/go-jose.v2,github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: Go JOSE\u0027s Parsing Vulnerable to Denial of Service (bsc#1237641):\n- CVE-2024-11218: Fixed github.com/containers/buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile (bsc#1236270):\n- CVE-2023-45288: Fixed golang.org/x/net/http2: close connections when receiving too many headers (bsc#1236507):\n- CVE-2024-6104: Fixed hashicorp/go-retryablehttp: url might write sensitive information to log file (bsc#1227052):\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-238",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20143-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20143-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520143-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20143-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021194.html"
},
{
"category": "self",
"summary": "SUSE Bug 1227052",
"url": "https://bugzilla.suse.com/1227052"
},
{
"category": "self",
"summary": "SUSE Bug 1236270",
"url": "https://bugzilla.suse.com/1236270"
},
{
"category": "self",
"summary": "SUSE Bug 1236507",
"url": "https://bugzilla.suse.com/1236507"
},
{
"category": "self",
"summary": "SUSE Bug 1237641",
"url": "https://bugzilla.suse.com/1237641"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45288 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-11218 page",
"url": "https://www.suse.com/security/cve/CVE-2024-11218/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6104 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6104/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-9407 page",
"url": "https://www.suse.com/security/cve/CVE-2024-9407/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27144 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27144/"
}
],
"title": "Security update for podman",
"tracking": {
"current_release_date": "2025-03-12T10:31:01Z",
"generator": {
"date": "2025-03-12T10:31:01Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20143-1",
"initial_release_date": "2025-03-12T10:31:01Z",
"revision_history": [
{
"date": "2025-03-12T10:31:01Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "podman-4.9.5-3.1.aarch64",
"product": {
"name": "podman-4.9.5-3.1.aarch64",
"product_id": "podman-4.9.5-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "podman-remote-4.9.5-3.1.aarch64",
"product": {
"name": "podman-remote-4.9.5-3.1.aarch64",
"product_id": "podman-remote-4.9.5-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "podmansh-4.9.5-3.1.aarch64",
"product": {
"name": "podmansh-4.9.5-3.1.aarch64",
"product_id": "podmansh-4.9.5-3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-docker-4.9.5-3.1.noarch",
"product": {
"name": "podman-docker-4.9.5-3.1.noarch",
"product_id": "podman-docker-4.9.5-3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-4.9.5-3.1.s390x",
"product": {
"name": "podman-4.9.5-3.1.s390x",
"product_id": "podman-4.9.5-3.1.s390x"
}
},
{
"category": "product_version",
"name": "podman-remote-4.9.5-3.1.s390x",
"product": {
"name": "podman-remote-4.9.5-3.1.s390x",
"product_id": "podman-remote-4.9.5-3.1.s390x"
}
},
{
"category": "product_version",
"name": "podmansh-4.9.5-3.1.s390x",
"product": {
"name": "podmansh-4.9.5-3.1.s390x",
"product_id": "podmansh-4.9.5-3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-4.9.5-3.1.x86_64",
"product": {
"name": "podman-4.9.5-3.1.x86_64",
"product_id": "podman-4.9.5-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "podman-remote-4.9.5-3.1.x86_64",
"product": {
"name": "podman-remote-4.9.5-3.1.x86_64",
"product_id": "podman-remote-4.9.5-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "podmansh-4.9.5-3.1.x86_64",
"product": {
"name": "podmansh-4.9.5-3.1.x86_64",
"product_id": "podmansh-4.9.5-3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-3.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:podman-4.9.5-3.1.aarch64"
},
"product_reference": "podman-4.9.5-3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-3.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:podman-4.9.5-3.1.s390x"
},
"product_reference": "podman-4.9.5-3.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-3.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:podman-4.9.5-3.1.x86_64"
},
"product_reference": "podman-4.9.5-3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-4.9.5-3.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:podman-docker-4.9.5-3.1.noarch"
},
"product_reference": "podman-docker-4.9.5-3.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-3.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.aarch64"
},
"product_reference": "podman-remote-4.9.5-3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-3.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.s390x"
},
"product_reference": "podman-remote-4.9.5-3.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-3.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.x86_64"
},
"product_reference": "podman-remote-4.9.5-3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-4.9.5-3.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.aarch64"
},
"product_reference": "podmansh-4.9.5-3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-4.9.5-3.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.s390x"
},
"product_reference": "podmansh-4.9.5-3.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-4.9.5-3.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.x86_64"
},
"product_reference": "podmansh-4.9.5-3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45288"
}
],
"notes": [
{
"category": "general",
"text": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request\u0027s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.x86_64",
"SUSE Linux Micro 6.0:podman-docker-4.9.5-3.1.noarch",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.x86_64",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45288",
"url": "https://www.suse.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "SUSE Bug 1221400 for CVE-2023-45288",
"url": "https://bugzilla.suse.com/1221400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.x86_64",
"SUSE Linux Micro 6.0:podman-docker-4.9.5-3.1.noarch",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.x86_64",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.x86_64",
"SUSE Linux Micro 6.0:podman-docker-4.9.5-3.1.noarch",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.x86_64",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T10:31:01Z",
"details": "moderate"
}
],
"title": "CVE-2023-45288"
},
{
"cve": "CVE-2024-11218",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-11218"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.x86_64",
"SUSE Linux Micro 6.0:podman-docker-4.9.5-3.1.noarch",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.x86_64",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-11218",
"url": "https://www.suse.com/security/cve/CVE-2024-11218"
},
{
"category": "external",
"summary": "SUSE Bug 1236269 for CVE-2024-11218",
"url": "https://bugzilla.suse.com/1236269"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.x86_64",
"SUSE Linux Micro 6.0:podman-docker-4.9.5-3.1.noarch",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.x86_64",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.x86_64",
"SUSE Linux Micro 6.0:podman-docker-4.9.5-3.1.noarch",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.x86_64",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T10:31:01Z",
"details": "important"
}
],
"title": "CVE-2024-11218"
},
{
"cve": "CVE-2024-6104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6104"
}
],
"notes": [
{
"category": "general",
"text": "go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.x86_64",
"SUSE Linux Micro 6.0:podman-docker-4.9.5-3.1.noarch",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.x86_64",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6104",
"url": "https://www.suse.com/security/cve/CVE-2024-6104"
},
{
"category": "external",
"summary": "SUSE Bug 1227024 for CVE-2024-6104",
"url": "https://bugzilla.suse.com/1227024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.x86_64",
"SUSE Linux Micro 6.0:podman-docker-4.9.5-3.1.noarch",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.x86_64",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.x86_64",
"SUSE Linux Micro 6.0:podman-docker-4.9.5-3.1.noarch",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.x86_64",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T10:31:01Z",
"details": "moderate"
}
],
"title": "CVE-2024-6104"
},
{
"cve": "CVE-2024-9407",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-9407"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.x86_64",
"SUSE Linux Micro 6.0:podman-docker-4.9.5-3.1.noarch",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.x86_64",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-9407",
"url": "https://www.suse.com/security/cve/CVE-2024-9407"
},
{
"category": "external",
"summary": "SUSE Bug 1231208 for CVE-2024-9407",
"url": "https://bugzilla.suse.com/1231208"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.x86_64",
"SUSE Linux Micro 6.0:podman-docker-4.9.5-3.1.noarch",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.x86_64",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.x86_64",
"SUSE Linux Micro 6.0:podman-docker-4.9.5-3.1.noarch",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.x86_64",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T10:31:01Z",
"details": "moderate"
}
],
"title": "CVE-2024-9407"
},
{
"cve": "CVE-2025-27144",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27144"
}
],
"notes": [
{
"category": "general",
"text": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, \".\") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.x86_64",
"SUSE Linux Micro 6.0:podman-docker-4.9.5-3.1.noarch",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.x86_64",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27144",
"url": "https://www.suse.com/security/cve/CVE-2025-27144"
},
{
"category": "external",
"summary": "SUSE Bug 1237608 for CVE-2025-27144",
"url": "https://bugzilla.suse.com/1237608"
},
{
"category": "external",
"summary": "SUSE Bug 1237609 for CVE-2025-27144",
"url": "https://bugzilla.suse.com/1237609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.x86_64",
"SUSE Linux Micro 6.0:podman-docker-4.9.5-3.1.noarch",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.x86_64",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podman-4.9.5-3.1.x86_64",
"SUSE Linux Micro 6.0:podman-docker-4.9.5-3.1.noarch",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podman-remote-4.9.5-3.1.x86_64",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.aarch64",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.s390x",
"SUSE Linux Micro 6.0:podmansh-4.9.5-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-12T10:31:01Z",
"details": "important"
}
],
"title": "CVE-2025-27144"
}
]
}
SUSE-SU-2025:20179-1
Vulnerability from csaf_suse - Published: 2025-04-07 09:36 - Updated: 2025-04-07 09:36Summary
Security update for skopeo
Severity
Important
Notes
Title of the patch: Security update for skopeo
Description of the patch: This update for skopeo fixes the following issues:
- CVE-2025-22870: golang.org/x/net/proxy: proxy bypass using IPv6 zone IDs (bsc#1238685)
- CVE-2025-27144: gopkg.in/square/go-jose.v2,gopkg.in/go-jose/go-jose.v2,github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: Go JOSE's Parsing Vulnerable to Denial of Service (bsc#1237613)
- CVE-2024-6104: hashicorp/go-retryablehttp: url might write sensitive information to log file (bsc#1227056)
- CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers (bsc#1236483)
Patchnames: SUSE-SLE-Micro-6.0-278
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
22 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for skopeo",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for skopeo fixes the following issues:\n\n- CVE-2025-22870: golang.org/x/net/proxy: proxy bypass using IPv6 zone IDs (bsc#1238685)\n- CVE-2025-27144: gopkg.in/square/go-jose.v2,gopkg.in/go-jose/go-jose.v2,github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: Go JOSE\u0027s Parsing Vulnerable to Denial of Service (bsc#1237613)\n- CVE-2024-6104: hashicorp/go-retryablehttp: url might write sensitive information to log file (bsc#1227056)\n- CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers (bsc#1236483)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-278",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20179-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20179-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520179-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20179-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021165.html"
},
{
"category": "self",
"summary": "SUSE Bug 1227056",
"url": "https://bugzilla.suse.com/1227056"
},
{
"category": "self",
"summary": "SUSE Bug 1236483",
"url": "https://bugzilla.suse.com/1236483"
},
{
"category": "self",
"summary": "SUSE Bug 1237613",
"url": "https://bugzilla.suse.com/1237613"
},
{
"category": "self",
"summary": "SUSE Bug 1238685",
"url": "https://bugzilla.suse.com/1238685"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45288 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6104 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6104/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27144 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27144/"
}
],
"title": "Security update for skopeo",
"tracking": {
"current_release_date": "2025-04-07T09:36:08Z",
"generator": {
"date": "2025-04-07T09:36:08Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20179-1",
"initial_release_date": "2025-04-07T09:36:08Z",
"revision_history": [
{
"date": "2025-04-07T09:36:08Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "skopeo-1.14.4-3.1.aarch64",
"product": {
"name": "skopeo-1.14.4-3.1.aarch64",
"product_id": "skopeo-1.14.4-3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-1.14.4-3.1.s390x",
"product": {
"name": "skopeo-1.14.4-3.1.s390x",
"product_id": "skopeo-1.14.4-3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-1.14.4-3.1.x86_64",
"product": {
"name": "skopeo-1.14.4-3.1.x86_64",
"product_id": "skopeo-1.14.4-3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-1.14.4-3.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.aarch64"
},
"product_reference": "skopeo-1.14.4-3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-1.14.4-3.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.s390x"
},
"product_reference": "skopeo-1.14.4-3.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-1.14.4-3.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.x86_64"
},
"product_reference": "skopeo-1.14.4-3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45288"
}
],
"notes": [
{
"category": "general",
"text": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request\u0027s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.aarch64",
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.s390x",
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45288",
"url": "https://www.suse.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "SUSE Bug 1221400 for CVE-2023-45288",
"url": "https://bugzilla.suse.com/1221400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.aarch64",
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.s390x",
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.aarch64",
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.s390x",
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-07T09:36:08Z",
"details": "moderate"
}
],
"title": "CVE-2023-45288"
},
{
"cve": "CVE-2024-6104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6104"
}
],
"notes": [
{
"category": "general",
"text": "go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.aarch64",
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.s390x",
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6104",
"url": "https://www.suse.com/security/cve/CVE-2024-6104"
},
{
"category": "external",
"summary": "SUSE Bug 1227024 for CVE-2024-6104",
"url": "https://bugzilla.suse.com/1227024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.aarch64",
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.s390x",
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.aarch64",
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.s390x",
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-07T09:36:08Z",
"details": "moderate"
}
],
"title": "CVE-2024-6104"
},
{
"cve": "CVE-2025-22870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22870"
}
],
"notes": [
{
"category": "general",
"text": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.aarch64",
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.s390x",
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22870",
"url": "https://www.suse.com/security/cve/CVE-2025-22870"
},
{
"category": "external",
"summary": "SUSE Bug 1238572 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238572"
},
{
"category": "external",
"summary": "SUSE Bug 1238611 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.aarch64",
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.s390x",
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.aarch64",
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.s390x",
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-07T09:36:08Z",
"details": "moderate"
}
],
"title": "CVE-2025-22870"
},
{
"cve": "CVE-2025-27144",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27144"
}
],
"notes": [
{
"category": "general",
"text": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, \".\") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.aarch64",
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.s390x",
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27144",
"url": "https://www.suse.com/security/cve/CVE-2025-27144"
},
{
"category": "external",
"summary": "SUSE Bug 1237608 for CVE-2025-27144",
"url": "https://bugzilla.suse.com/1237608"
},
{
"category": "external",
"summary": "SUSE Bug 1237609 for CVE-2025-27144",
"url": "https://bugzilla.suse.com/1237609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.aarch64",
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.s390x",
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.aarch64",
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.s390x",
"SUSE Linux Micro 6.0:skopeo-1.14.4-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-07T09:36:08Z",
"details": "important"
}
],
"title": "CVE-2025-27144"
}
]
}
SUSE-SU-2025:20279-1
Vulnerability from csaf_suse - Published: 2025-04-22 13:50 - Updated: 2025-04-22 13:50Summary
Security update for podman
Severity
Important
Notes
Title of the patch: Security update for podman
Description of the patch: This update for podman fixes the following issues:
- CVE-2023-45288: Fixed closing connection when receiving too many headers (bsc#1236507).
- CVE-2024-11218: Fixed container breakout by using --jobs=2 and a race condition when building a malicious Containerfile (bsc#1236270).
- CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239330).
- CVE-2025-27144: Fixed Go JOSE's Parsing Vulnerable to Denial of Service (bsc#1237641).
- CVE-2024-9407: Fixed Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction (bsc#1231208).
- CVE-2024-3727: Fixed digest type (bsc#1224112).
- CVE-2024-1753: Fixed full container escape at build time (bsc#1221677).
Other fixes:
- Updated to version 5.2.5:
* RPM: remove dup Provides
* Packit: constrain koji and bodhi jobs to fedora package to avoid dupes
* Validate the bind-propagation option to `--mount`
* Updated Buildah to v1.37.4
* vendor: updated c/common to v0.60.4
* pkg/specgen: allow pasta when running inside userns
* libpod: convert owner IDs only with :idmap
* allow exposed sctp ports
* libpod: setupNetNS() correctly mount netns
* vendor: updated c/common to v0.60.3
* [skip-ci] Packit: split out ELN jobs and reuse fedora downstream targets
* [skip-ci] Packit: Enable sidetags for bodhi updates
* Updated gvisor-tap-vsock to 0.7.5
* CI: podman-machine: do not use cache registry
* [CI:DOCS] Add v5.2.2 lib updates to RELEASE_NOTES.md
* Update RELEASE_NOTES for v5.2.2
* [v5.2] Bump Buildah to v1.37.2, c/common v0.60.2, c/image v5.32.2
* [v5.2] golangci-lint: make darwin linting happy
* [v5.2] golangci-lint: make windows linting happy
* [v5.2] test/e2e: remove kernel version check
* [v5.2] golangci-lint: remove most skip dirs
* [v5.2] set !remote build tags where needed
* [v5.2] update golangci-lint to 1.60.1
* Packit: update targets for propose-downstream
* Create volume path before state initialization
* Update Cirrus DEST_BRANCH
* Bump to v5.2.2-dev
* Bump to v5.2.1
* Update release notes for v5.2.1
* [v5.2] Add zstd:chunked test fix
* [v5.2] Bump Buildah to v1.37.1, c/common v0.60.1, c/image v5.32.1
* libpod: reset state error on init
* libpod: do not save expected stop errors in ctr state
* libpod: fix broken saveContainerError()
* Bump to v5.2.1-dev
* Bump to v5.2.0
* Never skip checkout step in release workflow
* Bump to v5.2.0-dev
* Bump to v5.2.0-rc3
* Update release notes for v5.2.0-rc3
* Tweak versions in register_images.go
* fix network cleanup flake in play kube
* WIP: Fixes for vendoring Buildah
* Add --compat-volumes option to build and farm build
* Bump Buildah, c/storage, c/image, c/common
* libpod: bind ports before network setup
* pkg/api: do not leak config pointers into specgen
* build: Update gvisor-tap-vsock to 0.7.4
* test/system: fix borken pasta interface name checks
* test/system: fix bridge host.containers.internal test
* CI: system tests: instrument to allow failure analysis
* Use uploaded .zip for Windows action
* RPM: podman-iptables.conf only on Fedora
* Bump to v5.2.0-dev
* Bump to v5.2.0-rc2
* Update release notes for v5.2.0-rc2
* test/e2e: fix ncat tests
* libpod: add hidden env to set sqlite timeout
* Add support for StopSignal in quadlet .container files
* podman pod stats: fix race when ctr process exits
* Update module github.com/vbauerster/mpb/v8 to v8.7.4
* libpod: correctly capture healthcheck output
* Bump bundled krunkit to 0.1.2
* podman stats: fix race when ctr process exists
* nc -p considered harmful
* podman pod stats: fix pod rm race
* podman ps: fix racy pod name query
* system connection remove: use Args function to validate
* pkg/machine/compression: skip decompress bar for empty file
* nc -p considered harmful
* podman system df: fix fix ErrNoSuchCtr/Volume race
* podman auto-update: fix ErrNoSuchCtr race
* Fix name for builder in farm connection
* 700-play.bats: use unique pod/container/image/volume names
* safename: consistent within same test, and, dashes
* 700-kube.bats: refactor $PODMAN_TMPDIR/test.yaml
* 700-play.bats: eliminate $testYaml
* 700-play.bats: refactor clumsy yamlfile creation
* 700-play.bats: move _write_test_yaml up near top
* chore(deps): update dependency setuptools to v71
* Expand drop-in search paths * top-level (pod.d) * truncated (unit-.container.d)
* Remove references and checks for --gpus
* Do not crash on invalid filters
* fix(deps): update module github.com/rootless-containers/rootlesskit/v2 to v2.2.0
* Bump to v5.2.0-dev
* Bump to v5.2.0-rc1
* Keep the volume-driver flag deprecated
* Vendor in latest containers(common, storage,image, buildah)
* System tests: safe container/image/volume/etc names
* Implement disable default mounts via command line
* test: drop unmount for overlay
* test: gracefully terminate server
* libpod: shutdown Stop waits for handlers completion
* libpod: cleanup store at shutdown
* Add NetworkAlias= support to quadlet
* cmd: call shutdown handler stop function
* fix race conditions in start/attach logic
* swagger: exlude new docker network types
* vendor: bump c/storage
* update to docker 27
* contrib: use a distinct --pull-option= for each flag
* Update warning message when using external compose provider
* Update module github.com/cyphar/filepath-securejoin to v0.3.0
* Ignore result of EvalSymlinks on ENOENT
* test/upgrade: fix tests when netavark uses nftables
* test/system: fix network reload test with nftables
* test/e2e: rework some --expose tests
* test: remove publish tests from e2e
* CI: test nftables driver on fedora
* CI: use local registry, part 3 of 3: for developers
* CI: use local registry, part 2 of 3: fix tests
* CI: use local registry, part 1 of 3: setup
* CI: test composefs on rawhide
* chore(deps): update module google.golang.org/grpc to v1.64.1 [security]
* chore(deps): update dependency setuptools to ~=70.3.0
* Improve container filenname ambiguity.
* containers/attach: Note bug around goroutine leak
* Drop minikube CI test
* add libkrun test docs
* fix(deps): update module tags.cncf.io/container-device-interface to v0.8.0
* cirrus: check for header files in source code check
* pkg/machine/e2e: run debug command only for macos
* create runtime's worker queue before queuing any job
* test/system: fix pasta host.containers.internal test
* Visual Studio BuildTools as a MinGW alternative
* SetupRootless(): only reexec when needed
* pkg/rootless: simplify reexec for container code
* cirrus: add missing test/tools to danger files
* fix(deps): update module golang.org/x/tools to v0.23.0
* Windows Installer: switch to wix5
* fix(deps): update module golang.org/x/net to v0.27.0
* pkg/machine/e2e: print tests timings at the end
* pkg/machine/e2e: run debug commands after init
* pkg/machine/e2e: improve timeout handling
* libpod: first delete container then cidfile
* fix(deps): update module golang.org/x/term to v0.22.0
* System test fixes
* cirrus.yml: automatic skips based on source
* fix(deps): update module github.com/containers/ocicrypt to v1.2.0
* podman events: fix error race
* chore(deps): update dependency setuptools to ~=70.2.0
* fix(deps): update module github.com/gorilla/schema to v1.4.1 [security]
* Update CI VM images
* pkg/machine/e2e: fix broken cleanup
* pkg/machine/e2e: use tmp file for connections
* test/system: fix podman --image-volume to allow tmpfs storage
* CI: mount tmpfs for container storage
* docs: --network remove missing leading sentence
* specgen: parse devices even with privileged set
* vendor: update c/storage
* Remove the unused machine volume-driver
* feat(quadlet): log option handling
* Error when machine memory exceeds system memory
* machine: Always use --log-file with gvproxy
* CI: Build-Each-Commit test: run only on PRs
* Small fixes for testing libkrun
* Podman machine resets all providers
* Clearly indicate names w/ URLencoded duplicates
* [skip-ci] Packit: split rhel and centos-stream jobs
* apple virtiofs: fix racy mount setup
* cirrus: fix broken macos artifacts URL
* libpod/container_top_linux.c: fix missing header
* refactor(build): improve err when file specified by -f does not exist
* Minor: Remove unhelpful comment
* Update module github.com/openshift/imagebuilder to v1.2.11
* Minor: Rename the OSX Cross task
* [skip-ci] Remove conditionals from changelog
* podman top: join the container userns
* Run linting in parallel with building
* Fix missing Makefile target dependency
* build API: accept platform comma separated
* [skip-ci] RPM: create podman-machine subpackage
* ExitWithError() - more upgrades from Exit()
* test/e2e: remove podman system service tests
* cirrus: reduce int tests timeout
* cirrus: remove redundant skip logic
* pkg/machine/apple: machine stop timeout
* CI: logformatter: link to correct PR base
* Update module github.com/crc-org/crc/v2 to v2.38.0
* ExitWithError(): continued
* test/system: Add test steps for journald log check in quadlet
* restore: fix missing network setup
* podman run use pod userns even with --pod-id-file
* macos-installer: bundle krunkit
* remote API: fix pod top error reporting
* libpod API: return proper error status code for pod start
* fix #22233
* added check for `registry.IsRemote()`. and correct error message.
* fix #20686
* pkg/machine/e2e: Remove unnecessary copy of machine image.
* libpod: intermediate mount if UID not mapped into the userns
* libpod: avoid chowning the rundir to root in the userns
* libpod: do not chmod bind mounts
* libpod: unlock the thread if possible
* CI Cleanup: Remove cgroups v1 support
* ExitWithError() - more upgrades from Exit()
* remote: fix incorrect CONTAINER_CONNECTION parsing
* container: pass KillSignal and StopTimeout to the systemd scope
* libpod: fix comment
* e2e: test container restore in pod by name
* docs: Adds all PushImage supported paramters to openapi docs.
* systests: kube: bump up a timeout
* cirrus.yml: add CI:ALL mode to force all tests
* cirrus.yml: implement skips based on source changes
* CI VMs: bump
* restore: fix container restore into pod
* sqlite_state: Fix RewriteVolumeConfig
* chore(deps): update dependency setuptools to ~=70.1.0
* Quadlet - use specifier for unescaped values for templated container name
* cirrus: check for system test leaks in nightly
* test/system: check for leaks in teardown suite
* test/system: speed up basic_{setup,teardown}()
* test/system: fix up many tests that do not cleanup
* test/system: fix podman --authfile=nonexistent-path
* Update module github.com/containernetworking/plugins to v1.5.1
* Update module github.com/checkpoint-restore/checkpointctl to v1.2.1
* Update module github.com/spf13/cobra to v1.8.1
* Update module github.com/gorilla/schema to v1.4.0
* pkg/machine/wsl: force terminate wsl instance
* pkg/machine/wsl: wrap command errors
* [CI:DOCS] Quadlet - add note about relative path resolution
* CI: do not install python packages at runtime
* Release workflow: Include candidate descriptor
* Minor: Fix indentation in GHA release workflow
* GHA: Send release notification mail
* GHA: Validate release version number
* Remove references to --pull=true and --pull=false
* ExitWithError, continued
* podman: add new hidden flag --pull-option
* [CI:DOCS] Fix typos in podman-build
* infra: mark storageSet when imagestore is changed
* [CI:DOCS] Add jnovy as reviewer and approver
* fix(deps): update module google.golang.org/protobuf to v1.34.2
* refactor(machine,wsl): improve operations of Windows API
* --squash --layers=false should be allowed
* fix(deps): update module github.com/checkpoint-restore/checkpointctl to v1.2.0
* update golangci-lint to v1.59.1
* Rename master to main in CONTRIBUTING.md
* podman 5, pasta and inter-container networking
* libpod: do not resuse networking on start
* machine/linux: Switch to virtiofs by default
* machine/linux: Support virtiofs mounts (retain 9p default)
* machine/linux: Use memory-backend-memfd by default
* ExitWithError() - continued
* Enable libkrun provider to open a debug console
* Add new targets on Windows makefile (winmake.ps1)
* fix(deps): update module github.com/docker/docker to v26.1.4+incompatible
* fix(deps): update module github.com/crc-org/crc/v2 to v2.37.1
* fix(deps): update module golang.org/x/tools to v0.22.0
* fix(deps): update module golang.org/x/net to v0.26.0
* libpod: fix 'podman kube generate' on FreeBSD
* fix(deps): update module golang.org/x/sys to v0.21.0
* libpod: do not leak systemd hc startup unit timer
* vendor latest c/common
* pkg/rootless: set _CONTAINERS_USERNS_CONFIGURED correctly
* run bats -T, to profile timing hogs
* test/system: speed up podman ps --external
* test/system: speed up podman network connect/disconnect
* test/system: speed up podman network reload
* test/system: speed up quadlet - pod simple
* test/system: speed up podman parallel build should not race
* test/system: speed up podman cp dir from host to container
* test/system: speed up podman build - workdir, cmd, env, label
* test/system: speed up podman --log-level recognizes log levels
* test/system: remove obsolete debug in net connect/disconnect test
* test/system: speed up quadlet - basic
* test/system: speed up user namespace preserved root ownership
* System tests: add `podman system check` tests
* Add `podman system check` for checking storage consistency
* fix(deps): update module github.com/crc-org/crc/v2 to v2.37.0
* fix(libpod): add newline character to the end of container's hostname file
* fix(deps): update module github.com/openshift/imagebuilder to v1.2.10
* fix(deps): update github.com/containers/image/v5 digest to aa93504
* Fix 5.1 release note re: runlabel
* test/e2e: use local skopeo not image
* fix(deps): update golang.org/x/exp digest to fd00a4e
* [CI:DOCS] Add contrib/podmanimage/stable path back in repo
* chore(deps): update dependency requests to ~=2.32.3
* fix(deps): update github.com/containers/image/v5 digest to 2343e81
* libpod: do not move podman with --cgroups=disabled
* Update release notes on Main to v5.1.0
* test: look at the file base name
* tests: simplify expected output
* Sigh, new VMs again
* Fail earlier when no containers exist in stats
* Add Hyper-V option in windows installer
* libpod: cleanup default cache on system reset
* vendor: update c/image
* test/system: speed up kube generate tmpfs on /tmp
* test/system: speed up podman kube play tests
* test/system: speed up podman shell completion test
* test/system: simplify test signal handling in containers
* test/system: speed up podman container rm ...
* test/system: speed up podman ps - basic tests
* test/system: speed up read-only from containers.conf
* test/system: speed up podman logs - multi ...
* test/system: speed up podman run --name
* Debian: switch to crun
* test/system: speed up podman generate systemd - envar
* test/system: speed up podman-kube@.service template
* test/system: speed up kube play healthcheck initialDelaySeconds
* test/system: speed up exit-code propagation test
* test/system: speed up "podman run --timeout"
* test/system: fix slow kube play --wait with siginterrupt
* undo auto-formatting
* test/system: speed up podman events tests
* Quadlet: Add support for .build files
* test/system: speed up "podman auto-update using systemd"
* test/system: remove podman wait test
* tests: disable tests affected by a race condition
* update golangci-lint to v1.59.0
* kubernetes_support.md: Mark volumeMounts.subPath as supported
* working name of pod on start and stop
* fix(deps): update module github.com/onsi/ginkgo/v2 to v2.19.0
* Bump Buildah to v1.36.0
* fix(deps): update module github.com/burntsushi/toml to v1.4.0
* fix typo in Tutorials.rst
* Mac PM test: Require pre-installed rosetta
* test/e2e: fix new error message
* Add configuration for podmansh
* Update containers/common to latest main
* Only stop chowning volumes once they're not empty
* podman: fix --sdnotify=healthy with --rm
* libpod: wait another interval for healthcheck
* quadlet: Add a network requirement on .image units
* test, pasta: Ignore deprecated addresses in tests
* [CI:DOCS] performance: update network docs
* fix(deps): update module github.com/onsi/ginkgo/v2 to v2.18.0
* CI: disable minikube task
* [CI:DOCS] Fix windows action trigger
* chore(deps): update dependency setuptools to v70
* Check AppleHypervisor before accessing it
* fix(deps): update module github.com/containernetworking/plugins to v1.5.0
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.58.2
* add podman-clean-transient.service service to rootless
* [CI:DOCS] Update podman network docs
* fix incorrect host.containers.internal entry for rootless bridge mode
* vendor latest c/common main
* Add Rosetta support for Apple Silicon mac
* bump main to 5.2.0-dev
* Use a defined constant instead of a hard-coded magic value
* cirrus: use faster VM's for integration tests
* fix(deps): update github.com/containers/gvisor-tap-vsock digest to 01a1a0c
* [CI:DOCS] Fix Mac pkg link
* test: remove test_podman* scripts
* test/system: fix documentation
* Return StatusNotFound when multiple volumes matching occurs
* container_api: do not wait for healtchecks if stopped
* libpod: wait for healthy on main thread
* `podman events`: check for an error after we finish reading events
* remote API: restore v4 payload in container inspect
* Fix updating connection when SSH port conflict happens
* rootless: fix reexec to use /proc/self/exe
* ExitWithError() - enforce required exit status & stderr
* ExitWithError() - a few that I missed
* [skip-ci] Packit: use only one value for `packages` key for `trigger: commit` copr builds
* Revert "Temporarily disable rootless debian e2e testing"
* CI tests: enforce TMPDIR on tmpfs
* use new CI images with tmpfs /tmp
* run e2e test on tmpfs
* Update module github.com/crc-org/crc/v2 to v2.36.0
* [CI:DOCS] Use checkout@v4 in GH Actions
* ExitWithError() - rmi_test
* ExitWithError() - more r files
* ExitWithError() - s files
* ExitWithError() - more run_xxx tests
* Fix podman-remote support for `podman farm build`
* [CI:DOCS] Trigger windows installer action properly
* Revert "container stop: kill conmon"
* Ensure that containers do not get stuck in stopping
* [CI:DOCS] Improvements to make validatepr
* ExitWithError() - rest of the p files
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.58.1
* Graceful shutdown during podman kube down
* Remove duplicate call
* test/system: fix broken "podman volume globs" test
* Quadlet/Container: Add GroupAdd option
* Don't panic if a runtime was configured without paths
* update c/{buildah,common,image,storage} to latest main
* update golangci-lint to 1.58
* machine: Add LibKrun provider detection
* ExitWithError() - continue tightening
* fix(deps): update module google.golang.org/protobuf to v1.34.1
* test: improve test for powercap presence
* fix(deps): update module github.com/onsi/ginkgo/v2 to v2.17.3
* fix(deps): update module go.etcd.io/bbolt to v1.3.10
* fix(deps): update module golang.org/x/tools to v0.21.0
* [skip-ci] RPM: `bats` required only on Fedora
* fix(deps): update module golang.org/x/exp to v0.0.0-20240506185415-9bf2ced13842
* gpdate and remove parameter settings in `.golangci.yml`
* ExitWithError() - play_kube_test.go
* Temporarily disable rootless debian e2e testing
* fix(deps): update module golang.org/x/crypto to v0.23.0
* CI Docs: Clarify passthrough_envars() comments
* Skip machine tests if they don't need to be run
* Update CI VMs to F40, F39, D13
* ExitWithError() - v files
* Update module golang.org/x/term to v0.20.0
* machine: Add provider detection API
* util: specify a not empty pause dir for root too
* Add missing option 'healthy' to output of `podman run --help`
* [CI:DOCS] Add info on the quay.io images to the README.md
* Add a random suffix to healthcheck unit names
* test/e2e: remove toolbox image
* Also substitute $HOME in runlabel with user's homedir
* Update module github.com/cyphar/filepath-securejoin to v0.2.5
* Change tmpDir for macOS
* ExitWithError() - pod_xxx tests
* ExitWithError() -- run_test.go
* Update module golang.org/x/exp to v0.0.0-20240416160154-fe59bbe5cc7f
* Update module github.com/shirou/gopsutil/v3 to v3.24.4
* Update module github.com/docker/docker to v26.1.1+incompatible
* GHA: Attempt fix exceeded a secondary rate limit
* vendor ginkgo 2.17.2 into test/tools
* Fix machine volumes with long path and paths with dashes
* Update module google.golang.org/protobuf to v1.34.0
* Update module github.com/crc-org/crc/v2 to v2.35.0
* Update module github.com/onsi/gomega to v1.33.1
* test/e2e: podman unshare image mount fix tmpdir leak
* test/e2e: do not leak /tmp/private_file
* test/e2e: "persistentVolumeClaim with source" do not leak file
* e2e tests: use /var/tmp, not $TMPDIR, as workdirs
* Update dependency pytest to v8.1.2
* Remove unncessary lines at the end of specfile summary
* Clean machine pull cache
* Add krun support to podman machine
* Use custom image for make validatepr
* test/e2e: force systemd cgroup manager
* e2e and bindings tests: fix $PATH setup
* Makefile: remove useless HACK variable in e2e test
* test/e2e: fix volumes and suid/dev/exec options
* test/e2e: volumes and suid/dev/exec options works remote
* test/e2e: fix limits test
* Update module github.com/rootless-containers/rootlesskit/v2 to v2.1.0
* Correct option name `ip` -> `ip6`
* Add the ability to automount images as volumes via play
* Add support for image volume subpaths
* Bump Buildah to latest main
* Update Makefile to Go 1.22 for in-container
* ExitWithError() - yet more low-hanging fruit
* ExitWithError() - more low-hanging fruit
* ExitWithError() - low-hanging fruit
* chore: fix function names in comment
* Remove redundant Prerequisite before build section
* Remove PKG_CONFIG_PATH
* Add installation instructions for openSUSE
* Replace golang.org/x/exp/slices with slices from std
* Update to go 1.21
* fix(deps): update module github.com/docker/docker to v26.1.0+incompatible
* [CI:DOCS] Fix artifact action
* [skip-ci] Packit/rpm: remove el8 jobs and spec conditionals
* e2e tests: stop littering
* [CI:DOCS] format podman-pull example as code
* [CI:DOCS] Build & upload release artifacts with GitHub Actions
* libpod: getHealthCheckLog() remove unessesary check
* add containers.conf healthcheck_events support
* vendor latest c/common
* libpod: make healthcheck events more efficient
* libpod: wrap store setup error message
* [skip-ci] Packit: enable CentOS 10 Stream build jobs
* pkg/systemd: use fileutils.(Le|E)xists
* pkg/bindings: use fileutils.(Le|E)xists
* pkg/util: use fileutils.(Le|E)xists
* pkg/trust: use fileutils.(Le|E)xists
* pkg/specgen: use fileutils.(Le|E)xists
* pkg/rootless: use fileutils.(Le|E)xists
* pkg/machine: use fileutils.(Le|E)xists
* pkg/domain: use fileutils.(Le|E)xists
* pkg/api: use fileutils.(Le|E)xists
* libpod: use fileutils.(Le|E)xists
* cmd: use fileutils.(Le|E)xists
* vendor: update containers/{buildah,common,image,storage}
* fix(deps): update module github.com/docker/docker to v26.0.2+incompatible [security]
* fix podman-pod-restart.1.md typo
* [skip-ci] Packit: switch to EPEL instead of centos-stream+epel-next
* fix(deps): update module github.com/onsi/gomega to v1.33.0
* Add more annnotation information to podman kupe play man page
* test/compose: remove compose v1 code
* CI: remove compose v1 tests
* fix: close resource file
* [CI:DOCS] Fix windows installer action
* fix(deps): update module tags.cncf.io/container-device-interface to v0.7.2
* add `list` as an alias to list networks
* Add support for updating restart policy
* Add Compat API for Update
* Make `podman update` changes persistent
* Emergency fix (well, skip) for failing bud tests
* fix swagger doc for manifest create
* [CI:DOCS] options/network: fix markdown lists
* Makefile: do not hardcode `GOOS` in `podman-remote-static` target
* chore(deps): update module golang.org/x/crypto to v0.17.0 [security]
* chore(deps): update dependency setuptools to ~=69.5.0
* Fix some comments
* swagger fix infinitive recursion on some types
* install swagger from source
* Revert "Swap out javascript engine"
* podman exec CID without command should exit 125
* (minor) prefetch systemd image before use
* Update go-swagger version
* Swap out javascript engine
* fix(deps): update module github.com/docker/docker to v26.0.1+incompatible
* Add os, arch, and ismanifest to libpod image list
* [CI:DOCS]Initial PR validation
* fix(deps): update github.com/containers/gvisor-tap-vsock digest to d744d71
* vendor ginkgo 2.17.1 into test/tools
* fix "concurrent map writes" in network ls compat endpoint
* chore(deps): update dependency pytest to v8
* e2e: redefine ExitWithError() to require exit code
* docs: fix missleading run/create --expose description
* podman ps: show exposed ports under PORTS as well
* rootless: drop function ReadMappingsProc
* fix(deps): update module github.com/vbauerster/mpb/v8 to v8.7.3
* New CI VMs, to give us pasta 2024-04-05
* Add big warning to GHA workflow
* GHA: Fix intermittent workflow error
* fix(deps): update module golang.org/x/tools to v0.20.0
* e2e tests: remove requirement for fuse-overlayfs
* docs: update Quadlet volume Options desc
* fix(deps): update module golang.org/x/sync to v0.7.0
* Fix relabeling failures with Z/z volumes on Mac
* fix(deps): update module golang.org/x/net to v0.24.0
* Makefile: fix annoying errors in docs generation
* chore: fix function names in comment
* Bump tags.cncf.io/container-device-interface to v0.7.1
* fix(deps): update module golang.org/x/crypto to v0.22.0
* Detect unhandled reboots and require user intervention
* podman --runroot: remove 50 char length restriction
* update github.com/rootless-containers/rootlesskit to v2
* Update module github.com/gorilla/schema to v1.3.0
* Update dependency requests-mock to ~=1.12.1
* Update module github.com/crc-org/crc/v2 to v2.34.1
* rm --force work for more than one arg
* [CI:DOCS] Update kube docs
* fix(deps): update module github.com/shirou/gopsutil/v3 to v3.24.3
* [CI:DOCS] Add GitHub action to update version on Podman.io
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.57.2
* Windows: clean up temporary perl install
* pkg/util: FindDeviceNodes() ignore ENOENT errors
* [CI:DOCS] build deps: make-validate needs docs
* test/system: add rootless-netns test for setup errors
* vendor latest c/common main
* container: do not chown to dest target with U
* [CI:DOCS] golangci-lint: update deprecated flags
* systests: conditionalize slirp4netns tests
* CI: systests: instrument flaky tests
* s3fs docs
* test: do not skip tests under rootless
* Add note about host networking to Kube PublishPort option
* Inject additional build tags from the environment
* libpod: use original IDs if idmap is provided
* Switch back to checking out the same branch the action script runs in
* docs/podman-login: Give an example of writing the persistent path
* CI: Bump VMs to 2024-03-28
* [skip-ci] Update dawidd6/action-send-mail action to v3.12.0
* fix(deps): update module github.com/openshift/imagebuilder to v1.2.7
* Fix reference to deprecated types.Info
* Use logformatter for podman_machine_windows_task
* applehv: Print vfkit logs in --log-level debug
* [CI:DOCS]Add Mario to reviewers list
* [CI:DOCS] Document CI-maintenance job addition
* Add golang 1.21 update warning
* Add rootless network command to `podman info`
* libpod: don't warn about cgroupsv1 on FreeBSD
* hyperv: error if not admin
* Properly parse stderr when updating container status
* [skip-ci] Packit: specify fedora-latest in propose-downstream
* Use built-in ssh impl for all non-pty operations
* Add support for annotations
* hyperv: fix machine rm -r
* [skip-ci] Packit: Enable CentOS Stream 10 update job
* 5.0 release note fix typo in cgroupv1 env var
* fix remote build isolation on client side
* chore: remove repetitive words
* Dont save remote context in temp file but stream and extract
* fix remote build isolation when server runs as root
* util: use private propagation with bind
* util: add some tests for ProcessOptions
* util: refactor ProcessOptions into an internal function
* util: rename files to snake case
* Add LoongArch support for libpod
* fix(deps): update github.com/containers/common digest to bc5f97c
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.57.1
* fix(deps): update module github.com/docker/docker to v25.0.5+incompatible [security]
* fix(deps): update module github.com/onsi/gomega to v1.32.0
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.57.0
* Update module github.com/cpuguy83/go-md2man/v2 to v2.0.4
* Fix type-o
* Use correct extension in suite
* minikube: instrument tests, to allow debugging failures
* libpod: restart always reconfigure the netns
* use new c/common pasta2 setup logic to fix dns
* utils: drop conversion float->string->float
* utils: do not generate duplicate range
* logformatter: handle Windows logs
* utils: add test for the new function
* utils: move rootless code to a new function
* xref-helpmsgs-manpages: cross-check Commands.rst
* test/system: Add support for multipath routes in pasta networking tests
* [skip-ci] rpm: use macro supported vendoring
* Adjust to the standard location of gvforwarder used in new images
* Makefile: add target `podman-remote-static`
* Switch to 5.x WSL machine os stream using new automation
* Cleanup build scratch dir if remote end disconnects while passing the context
* bump main to 5.1.0-dev
* Use faster gzip for compression for 3x speedup for sending large contexts to remote
* pkg/machine: make checkExclusiveActiveVM race free
* pkg/machine/wsl: remove unused CheckExclusiveActiveVM()
* pkg/machine: CheckExclusiveActiveVM should also check for starting
* pkg/machine: refresh config after we hold lock
* Update dependency setuptools to ~=69.2.0
* [skip-ci] rpm: update containers-common dep on f40+
* fix invalid HTTP header values when hijacking a connection
* Add doc to build podman on windows without MSYS
* Removing CRI-O related annotations
* fix(deps): update module github.com/containers/ocicrypt to v1.1.10
* Pass the restart policy to the individual containers
* kube play: always pull when both imagePullPolicy and tag are missing
Patchnames: SUSE-SLE-Micro-6.1-76
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-docker-5.2.5-slfo.1.1_1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.7 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-docker-5.2.5-slfo.1.1_1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.6 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-docker-5.2.5-slfo.1.1_1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.3 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-docker-5.2.5-slfo.1.1_1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-docker-5.2.5-slfo.1.1_1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-docker-5.2.5-slfo.1.1_1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-docker-5.2.5-slfo.1.1_1.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
33 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for podman",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for podman fixes the following issues:\n\n- CVE-2023-45288: Fixed closing connection when receiving too many headers (bsc#1236507).\n- CVE-2024-11218: Fixed container breakout by using --jobs=2 and a race condition when building a malicious Containerfile (bsc#1236270).\n- CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239330).\n- CVE-2025-27144: Fixed Go JOSE\u0027s Parsing Vulnerable to Denial of Service (bsc#1237641).\n- CVE-2024-9407: Fixed Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction (bsc#1231208).\n- CVE-2024-3727: Fixed digest type (bsc#1224112).\n- CVE-2024-1753: Fixed full container escape at build time (bsc#1221677). \n\nOther fixes:\n- Updated to version 5.2.5:\n * RPM: remove dup Provides\n * Packit: constrain koji and bodhi jobs to fedora package to avoid dupes\n * Validate the bind-propagation option to `--mount`\n * Updated Buildah to v1.37.4\n * vendor: updated c/common to v0.60.4\n * pkg/specgen: allow pasta when running inside userns\n * libpod: convert owner IDs only with :idmap\n * allow exposed sctp ports\n * libpod: setupNetNS() correctly mount netns\n * vendor: updated c/common to v0.60.3\n * [skip-ci] Packit: split out ELN jobs and reuse fedora downstream targets\n * [skip-ci] Packit: Enable sidetags for bodhi updates\n * Updated gvisor-tap-vsock to 0.7.5\n * CI: podman-machine: do not use cache registry\n * [CI:DOCS] Add v5.2.2 lib updates to RELEASE_NOTES.md\n * Update RELEASE_NOTES for v5.2.2\n * [v5.2] Bump Buildah to v1.37.2, c/common v0.60.2, c/image v5.32.2\n * [v5.2] golangci-lint: make darwin linting happy\n * [v5.2] golangci-lint: make windows linting happy\n * [v5.2] test/e2e: remove kernel version check\n * [v5.2] golangci-lint: remove most skip dirs\n * [v5.2] set !remote build tags where needed\n * [v5.2] update golangci-lint to 1.60.1\n * Packit: update targets for propose-downstream\n * Create volume path before state initialization\n * Update Cirrus DEST_BRANCH\n * Bump to v5.2.2-dev\n * Bump to v5.2.1\n * Update release notes for v5.2.1\n * [v5.2] Add zstd:chunked test fix\n * [v5.2] Bump Buildah to v1.37.1, c/common v0.60.1, c/image v5.32.1\n * libpod: reset state error on init\n * libpod: do not save expected stop errors in ctr state\n * libpod: fix broken saveContainerError()\n * Bump to v5.2.1-dev\n * Bump to v5.2.0\n * Never skip checkout step in release workflow\n * Bump to v5.2.0-dev\n * Bump to v5.2.0-rc3\n * Update release notes for v5.2.0-rc3\n * Tweak versions in register_images.go\n * fix network cleanup flake in play kube\n * WIP: Fixes for vendoring Buildah\n * Add --compat-volumes option to build and farm build\n * Bump Buildah, c/storage, c/image, c/common\n * libpod: bind ports before network setup\n * pkg/api: do not leak config pointers into specgen\n * build: Update gvisor-tap-vsock to 0.7.4\n * test/system: fix borken pasta interface name checks\n * test/system: fix bridge host.containers.internal test\n * CI: system tests: instrument to allow failure analysis\n * Use uploaded .zip for Windows action\n * RPM: podman-iptables.conf only on Fedora\n * Bump to v5.2.0-dev\n * Bump to v5.2.0-rc2\n * Update release notes for v5.2.0-rc2\n * test/e2e: fix ncat tests\n * libpod: add hidden env to set sqlite timeout\n * Add support for StopSignal in quadlet .container files\n * podman pod stats: fix race when ctr process exits\n * Update module github.com/vbauerster/mpb/v8 to v8.7.4\n * libpod: correctly capture healthcheck output\n * Bump bundled krunkit to 0.1.2\n * podman stats: fix race when ctr process exists\n * nc -p considered harmful\n * podman pod stats: fix pod rm race\n * podman ps: fix racy pod name query\n * system connection remove: use Args function to validate\n * pkg/machine/compression: skip decompress bar for empty file\n * nc -p considered harmful\n * podman system df: fix fix ErrNoSuchCtr/Volume race\n * podman auto-update: fix ErrNoSuchCtr race\n * Fix name for builder in farm connection\n * 700-play.bats: use unique pod/container/image/volume names\n * safename: consistent within same test, and, dashes\n * 700-kube.bats: refactor $PODMAN_TMPDIR/test.yaml\n * 700-play.bats: eliminate $testYaml\n * 700-play.bats: refactor clumsy yamlfile creation\n * 700-play.bats: move _write_test_yaml up near top\n * chore(deps): update dependency setuptools to v71\n * Expand drop-in search paths * top-level (pod.d) * truncated (unit-.container.d)\n * Remove references and checks for --gpus\n * Do not crash on invalid filters\n * fix(deps): update module github.com/rootless-containers/rootlesskit/v2 to v2.2.0\n * Bump to v5.2.0-dev\n * Bump to v5.2.0-rc1\n * Keep the volume-driver flag deprecated\n * Vendor in latest containers(common, storage,image, buildah)\n * System tests: safe container/image/volume/etc names\n * Implement disable default mounts via command line\n * test: drop unmount for overlay\n * test: gracefully terminate server\n * libpod: shutdown Stop waits for handlers completion\n * libpod: cleanup store at shutdown\n * Add NetworkAlias= support to quadlet\n * cmd: call shutdown handler stop function\n * fix race conditions in start/attach logic\n * swagger: exlude new docker network types\n * vendor: bump c/storage\n * update to docker 27\n * contrib: use a distinct --pull-option= for each flag\n * Update warning message when using external compose provider\n * Update module github.com/cyphar/filepath-securejoin to v0.3.0\n * Ignore result of EvalSymlinks on ENOENT\n * test/upgrade: fix tests when netavark uses nftables\n * test/system: fix network reload test with nftables\n * test/e2e: rework some --expose tests\n * test: remove publish tests from e2e\n * CI: test nftables driver on fedora\n * CI: use local registry, part 3 of 3: for developers\n * CI: use local registry, part 2 of 3: fix tests\n * CI: use local registry, part 1 of 3: setup\n * CI: test composefs on rawhide\n * chore(deps): update module google.golang.org/grpc to v1.64.1 [security]\n * chore(deps): update dependency setuptools to ~=70.3.0\n * Improve container filenname ambiguity.\n * containers/attach: Note bug around goroutine leak\n * Drop minikube CI test\n * add libkrun test docs\n * fix(deps): update module tags.cncf.io/container-device-interface to v0.8.0\n * cirrus: check for header files in source code check\n * pkg/machine/e2e: run debug command only for macos\n * create runtime\u0027s worker queue before queuing any job\n * test/system: fix pasta host.containers.internal test\n * Visual Studio BuildTools as a MinGW alternative\n * SetupRootless(): only reexec when needed\n * pkg/rootless: simplify reexec for container code\n * cirrus: add missing test/tools to danger files\n * fix(deps): update module golang.org/x/tools to v0.23.0\n * Windows Installer: switch to wix5\n * fix(deps): update module golang.org/x/net to v0.27.0\n * pkg/machine/e2e: print tests timings at the end\n * pkg/machine/e2e: run debug commands after init\n * pkg/machine/e2e: improve timeout handling\n * libpod: first delete container then cidfile\n * fix(deps): update module golang.org/x/term to v0.22.0\n * System test fixes\n * cirrus.yml: automatic skips based on source\n * fix(deps): update module github.com/containers/ocicrypt to v1.2.0\n * podman events: fix error race\n * chore(deps): update dependency setuptools to ~=70.2.0\n * fix(deps): update module github.com/gorilla/schema to v1.4.1 [security]\n * Update CI VM images\n * pkg/machine/e2e: fix broken cleanup\n * pkg/machine/e2e: use tmp file for connections\n * test/system: fix podman --image-volume to allow tmpfs storage\n * CI: mount tmpfs for container storage\n * docs: --network remove missing leading sentence\n * specgen: parse devices even with privileged set\n * vendor: update c/storage\n * Remove the unused machine volume-driver\n * feat(quadlet): log option handling\n * Error when machine memory exceeds system memory\n * machine: Always use --log-file with gvproxy\n * CI: Build-Each-Commit test: run only on PRs\n * Small fixes for testing libkrun\n * Podman machine resets all providers\n * Clearly indicate names w/ URLencoded duplicates\n * [skip-ci] Packit: split rhel and centos-stream jobs\n * apple virtiofs: fix racy mount setup\n * cirrus: fix broken macos artifacts URL\n * libpod/container_top_linux.c: fix missing header\n * refactor(build): improve err when file specified by -f does not exist\n * Minor: Remove unhelpful comment\n * Update module github.com/openshift/imagebuilder to v1.2.11\n * Minor: Rename the OSX Cross task\n * [skip-ci] Remove conditionals from changelog\n * podman top: join the container userns\n * Run linting in parallel with building\n * Fix missing Makefile target dependency\n * build API: accept platform comma separated\n * [skip-ci] RPM: create podman-machine subpackage\n * ExitWithError() - more upgrades from Exit()\n * test/e2e: remove podman system service tests\n * cirrus: reduce int tests timeout\n * cirrus: remove redundant skip logic\n * pkg/machine/apple: machine stop timeout\n * CI: logformatter: link to correct PR base\n * Update module github.com/crc-org/crc/v2 to v2.38.0\n * ExitWithError(): continued\n * test/system: Add test steps for journald log check in quadlet\n * restore: fix missing network setup\n * podman run use pod userns even with --pod-id-file\n * macos-installer: bundle krunkit\n * remote API: fix pod top error reporting\n * libpod API: return proper error status code for pod start\n * fix #22233\n * added check for `registry.IsRemote()`. and correct error message.\n * fix #20686\n * pkg/machine/e2e: Remove unnecessary copy of machine image.\n * libpod: intermediate mount if UID not mapped into the userns\n * libpod: avoid chowning the rundir to root in the userns\n * libpod: do not chmod bind mounts\n * libpod: unlock the thread if possible\n * CI Cleanup: Remove cgroups v1 support\n * ExitWithError() - more upgrades from Exit()\n * remote: fix incorrect CONTAINER_CONNECTION parsing\n * container: pass KillSignal and StopTimeout to the systemd scope\n * libpod: fix comment\n * e2e: test container restore in pod by name\n * docs: Adds all PushImage supported paramters to openapi docs.\n * systests: kube: bump up a timeout\n * cirrus.yml: add CI:ALL mode to force all tests\n * cirrus.yml: implement skips based on source changes\n * CI VMs: bump\n * restore: fix container restore into pod\n * sqlite_state: Fix RewriteVolumeConfig\n * chore(deps): update dependency setuptools to ~=70.1.0\n * Quadlet - use specifier for unescaped values for templated container name\n * cirrus: check for system test leaks in nightly\n * test/system: check for leaks in teardown suite\n * test/system: speed up basic_{setup,teardown}()\n * test/system: fix up many tests that do not cleanup\n * test/system: fix podman --authfile=nonexistent-path\n * Update module github.com/containernetworking/plugins to v1.5.1\n * Update module github.com/checkpoint-restore/checkpointctl to v1.2.1\n * Update module github.com/spf13/cobra to v1.8.1\n * Update module github.com/gorilla/schema to v1.4.0\n * pkg/machine/wsl: force terminate wsl instance\n * pkg/machine/wsl: wrap command errors\n * [CI:DOCS] Quadlet - add note about relative path resolution\n * CI: do not install python packages at runtime\n * Release workflow: Include candidate descriptor\n * Minor: Fix indentation in GHA release workflow\n * GHA: Send release notification mail\n * GHA: Validate release version number\n * Remove references to --pull=true and --pull=false\n * ExitWithError, continued\n * podman: add new hidden flag --pull-option\n * [CI:DOCS] Fix typos in podman-build\n * infra: mark storageSet when imagestore is changed\n * [CI:DOCS] Add jnovy as reviewer and approver\n * fix(deps): update module google.golang.org/protobuf to v1.34.2\n * refactor(machine,wsl): improve operations of Windows API\n * --squash --layers=false should be allowed\n * fix(deps): update module github.com/checkpoint-restore/checkpointctl to v1.2.0\n * update golangci-lint to v1.59.1\n * Rename master to main in CONTRIBUTING.md\n * podman 5, pasta and inter-container networking\n * libpod: do not resuse networking on start\n * machine/linux: Switch to virtiofs by default\n * machine/linux: Support virtiofs mounts (retain 9p default)\n * machine/linux: Use memory-backend-memfd by default\n * ExitWithError() - continued\n * Enable libkrun provider to open a debug console\n * Add new targets on Windows makefile (winmake.ps1)\n * fix(deps): update module github.com/docker/docker to v26.1.4+incompatible\n * fix(deps): update module github.com/crc-org/crc/v2 to v2.37.1\n * fix(deps): update module golang.org/x/tools to v0.22.0\n * fix(deps): update module golang.org/x/net to v0.26.0\n * libpod: fix \u0027podman kube generate\u0027 on FreeBSD\n * fix(deps): update module golang.org/x/sys to v0.21.0\n * libpod: do not leak systemd hc startup unit timer\n * vendor latest c/common\n * pkg/rootless: set _CONTAINERS_USERNS_CONFIGURED correctly\n * run bats -T, to profile timing hogs\n * test/system: speed up podman ps --external\n * test/system: speed up podman network connect/disconnect\n * test/system: speed up podman network reload\n * test/system: speed up quadlet - pod simple\n * test/system: speed up podman parallel build should not race\n * test/system: speed up podman cp dir from host to container\n * test/system: speed up podman build - workdir, cmd, env, label\n * test/system: speed up podman --log-level recognizes log levels\n * test/system: remove obsolete debug in net connect/disconnect test\n * test/system: speed up quadlet - basic\n * test/system: speed up user namespace preserved root ownership\n * System tests: add `podman system check` tests\n * Add `podman system check` for checking storage consistency\n * fix(deps): update module github.com/crc-org/crc/v2 to v2.37.0\n * fix(libpod): add newline character to the end of container\u0027s hostname file\n * fix(deps): update module github.com/openshift/imagebuilder to v1.2.10\n * fix(deps): update github.com/containers/image/v5 digest to aa93504\n * Fix 5.1 release note re: runlabel\n * test/e2e: use local skopeo not image\n * fix(deps): update golang.org/x/exp digest to fd00a4e\n * [CI:DOCS] Add contrib/podmanimage/stable path back in repo\n * chore(deps): update dependency requests to ~=2.32.3\n * fix(deps): update github.com/containers/image/v5 digest to 2343e81\n * libpod: do not move podman with --cgroups=disabled\n * Update release notes on Main to v5.1.0\n * test: look at the file base name\n * tests: simplify expected output\n * Sigh, new VMs again\n * Fail earlier when no containers exist in stats\n * Add Hyper-V option in windows installer\n * libpod: cleanup default cache on system reset\n * vendor: update c/image\n * test/system: speed up kube generate tmpfs on /tmp\n * test/system: speed up podman kube play tests\n * test/system: speed up podman shell completion test\n * test/system: simplify test signal handling in containers\n * test/system: speed up podman container rm ...\n * test/system: speed up podman ps - basic tests\n * test/system: speed up read-only from containers.conf\n * test/system: speed up podman logs - multi ...\n * test/system: speed up podman run --name\n * Debian: switch to crun\n * test/system: speed up podman generate systemd - envar\n * test/system: speed up podman-kube@.service template\n * test/system: speed up kube play healthcheck initialDelaySeconds\n * test/system: speed up exit-code propagation test\n * test/system: speed up \"podman run --timeout\"\n * test/system: fix slow kube play --wait with siginterrupt\n * undo auto-formatting\n * test/system: speed up podman events tests\n * Quadlet: Add support for .build files\n * test/system: speed up \"podman auto-update using systemd\"\n * test/system: remove podman wait test\n * tests: disable tests affected by a race condition\n * update golangci-lint to v1.59.0\n * kubernetes_support.md: Mark volumeMounts.subPath as supported\n * working name of pod on start and stop\n * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.19.0\n * Bump Buildah to v1.36.0\n * fix(deps): update module github.com/burntsushi/toml to v1.4.0\n * fix typo in Tutorials.rst\n * Mac PM test: Require pre-installed rosetta\n * test/e2e: fix new error message\n * Add configuration for podmansh\n * Update containers/common to latest main\n * Only stop chowning volumes once they\u0027re not empty\n * podman: fix --sdnotify=healthy with --rm\n * libpod: wait another interval for healthcheck\n * quadlet: Add a network requirement on .image units\n * test, pasta: Ignore deprecated addresses in tests\n * [CI:DOCS] performance: update network docs\n * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.18.0\n * CI: disable minikube task\n * [CI:DOCS] Fix windows action trigger\n * chore(deps): update dependency setuptools to v70\n * Check AppleHypervisor before accessing it\n * fix(deps): update module github.com/containernetworking/plugins to v1.5.0\n * [CI:DOCS] Update dependency golangci/golangci-lint to v1.58.2\n * add podman-clean-transient.service service to rootless\n * [CI:DOCS] Update podman network docs\n * fix incorrect host.containers.internal entry for rootless bridge mode\n * vendor latest c/common main\n * Add Rosetta support for Apple Silicon mac\n * bump main to 5.2.0-dev\n * Use a defined constant instead of a hard-coded magic value\n * cirrus: use faster VM\u0027s for integration tests\n * fix(deps): update github.com/containers/gvisor-tap-vsock digest to 01a1a0c\n * [CI:DOCS] Fix Mac pkg link\n * test: remove test_podman* scripts\n * test/system: fix documentation\n * Return StatusNotFound when multiple volumes matching occurs\n * container_api: do not wait for healtchecks if stopped\n * libpod: wait for healthy on main thread\n * `podman events`: check for an error after we finish reading events\n * remote API: restore v4 payload in container inspect\n * Fix updating connection when SSH port conflict happens\n * rootless: fix reexec to use /proc/self/exe\n * ExitWithError() - enforce required exit status \u0026 stderr\n * ExitWithError() - a few that I missed\n * [skip-ci] Packit: use only one value for `packages` key for `trigger: commit` copr builds\n * Revert \"Temporarily disable rootless debian e2e testing\"\n * CI tests: enforce TMPDIR on tmpfs\n * use new CI images with tmpfs /tmp\n * run e2e test on tmpfs\n * Update module github.com/crc-org/crc/v2 to v2.36.0\n * [CI:DOCS] Use checkout@v4 in GH Actions\n * ExitWithError() - rmi_test\n * ExitWithError() - more r files\n * ExitWithError() - s files\n * ExitWithError() - more run_xxx tests\n * Fix podman-remote support for `podman farm build`\n * [CI:DOCS] Trigger windows installer action properly\n * Revert \"container stop: kill conmon\"\n * Ensure that containers do not get stuck in stopping\n * [CI:DOCS] Improvements to make validatepr\n * ExitWithError() - rest of the p files\n * [CI:DOCS] Update dependency golangci/golangci-lint to v1.58.1\n * Graceful shutdown during podman kube down\n * Remove duplicate call\n * test/system: fix broken \"podman volume globs\" test\n * Quadlet/Container: Add GroupAdd option\n * Don\u0027t panic if a runtime was configured without paths\n * update c/{buildah,common,image,storage} to latest main\n * update golangci-lint to 1.58\n * machine: Add LibKrun provider detection\n * ExitWithError() - continue tightening\n * fix(deps): update module google.golang.org/protobuf to v1.34.1\n * test: improve test for powercap presence\n * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.17.3\n * fix(deps): update module go.etcd.io/bbolt to v1.3.10\n * fix(deps): update module golang.org/x/tools to v0.21.0\n * [skip-ci] RPM: `bats` required only on Fedora\n * fix(deps): update module golang.org/x/exp to v0.0.0-20240506185415-9bf2ced13842\n * gpdate and remove parameter settings in `.golangci.yml`\n * ExitWithError() - play_kube_test.go\n * Temporarily disable rootless debian e2e testing\n * fix(deps): update module golang.org/x/crypto to v0.23.0\n * CI Docs: Clarify passthrough_envars() comments\n * Skip machine tests if they don\u0027t need to be run\n * Update CI VMs to F40, F39, D13\n * ExitWithError() - v files\n * Update module golang.org/x/term to v0.20.0\n * machine: Add provider detection API\n * util: specify a not empty pause dir for root too\n * Add missing option \u0027healthy\u0027 to output of `podman run --help`\n * [CI:DOCS] Add info on the quay.io images to the README.md\n * Add a random suffix to healthcheck unit names\n * test/e2e: remove toolbox image\n * Also substitute $HOME in runlabel with user\u0027s homedir\n * Update module github.com/cyphar/filepath-securejoin to v0.2.5\n * Change tmpDir for macOS\n * ExitWithError() - pod_xxx tests\n * ExitWithError() -- run_test.go\n * Update module golang.org/x/exp to v0.0.0-20240416160154-fe59bbe5cc7f\n * Update module github.com/shirou/gopsutil/v3 to v3.24.4\n * Update module github.com/docker/docker to v26.1.1+incompatible\n * GHA: Attempt fix exceeded a secondary rate limit\n * vendor ginkgo 2.17.2 into test/tools\n * Fix machine volumes with long path and paths with dashes\n * Update module google.golang.org/protobuf to v1.34.0\n * Update module github.com/crc-org/crc/v2 to v2.35.0\n * Update module github.com/onsi/gomega to v1.33.1\n * test/e2e: podman unshare image mount fix tmpdir leak\n * test/e2e: do not leak /tmp/private_file\n * test/e2e: \"persistentVolumeClaim with source\" do not leak file\n * e2e tests: use /var/tmp, not $TMPDIR, as workdirs\n * Update dependency pytest to v8.1.2\n * Remove unncessary lines at the end of specfile summary\n * Clean machine pull cache\n * Add krun support to podman machine\n * Use custom image for make validatepr\n * test/e2e: force systemd cgroup manager\n * e2e and bindings tests: fix $PATH setup\n * Makefile: remove useless HACK variable in e2e test\n * test/e2e: fix volumes and suid/dev/exec options\n * test/e2e: volumes and suid/dev/exec options works remote\n * test/e2e: fix limits test\n * Update module github.com/rootless-containers/rootlesskit/v2 to v2.1.0\n * Correct option name `ip` -\u003e `ip6`\n * Add the ability to automount images as volumes via play\n * Add support for image volume subpaths\n * Bump Buildah to latest main\n * Update Makefile to Go 1.22 for in-container\n * ExitWithError() - yet more low-hanging fruit\n * ExitWithError() - more low-hanging fruit\n * ExitWithError() - low-hanging fruit\n * chore: fix function names in comment\n * Remove redundant Prerequisite before build section\n * Remove PKG_CONFIG_PATH\n * Add installation instructions for openSUSE\n * Replace golang.org/x/exp/slices with slices from std\n * Update to go 1.21\n * fix(deps): update module github.com/docker/docker to v26.1.0+incompatible\n * [CI:DOCS] Fix artifact action\n * [skip-ci] Packit/rpm: remove el8 jobs and spec conditionals\n * e2e tests: stop littering\n * [CI:DOCS] format podman-pull example as code\n * [CI:DOCS] Build \u0026 upload release artifacts with GitHub Actions\n * libpod: getHealthCheckLog() remove unessesary check\n * add containers.conf healthcheck_events support\n * vendor latest c/common\n * libpod: make healthcheck events more efficient\n * libpod: wrap store setup error message\n * [skip-ci] Packit: enable CentOS 10 Stream build jobs\n * pkg/systemd: use fileutils.(Le|E)xists\n * pkg/bindings: use fileutils.(Le|E)xists\n * pkg/util: use fileutils.(Le|E)xists\n * pkg/trust: use fileutils.(Le|E)xists\n * pkg/specgen: use fileutils.(Le|E)xists\n * pkg/rootless: use fileutils.(Le|E)xists\n * pkg/machine: use fileutils.(Le|E)xists\n * pkg/domain: use fileutils.(Le|E)xists\n * pkg/api: use fileutils.(Le|E)xists\n * libpod: use fileutils.(Le|E)xists\n * cmd: use fileutils.(Le|E)xists\n * vendor: update containers/{buildah,common,image,storage}\n * fix(deps): update module github.com/docker/docker to v26.0.2+incompatible [security]\n * fix podman-pod-restart.1.md typo\n * [skip-ci] Packit: switch to EPEL instead of centos-stream+epel-next\n * fix(deps): update module github.com/onsi/gomega to v1.33.0\n * Add more annnotation information to podman kupe play man page\n * test/compose: remove compose v1 code\n * CI: remove compose v1 tests\n * fix: close resource file\n * [CI:DOCS] Fix windows installer action\n * fix(deps): update module tags.cncf.io/container-device-interface to v0.7.2\n * add `list` as an alias to list networks\n * Add support for updating restart policy\n * Add Compat API for Update\n * Make `podman update` changes persistent\n * Emergency fix (well, skip) for failing bud tests\n * fix swagger doc for manifest create\n * [CI:DOCS] options/network: fix markdown lists\n * Makefile: do not hardcode `GOOS` in `podman-remote-static` target\n * chore(deps): update module golang.org/x/crypto to v0.17.0 [security]\n * chore(deps): update dependency setuptools to ~=69.5.0\n * Fix some comments\n * swagger fix infinitive recursion on some types\n * install swagger from source\n * Revert \"Swap out javascript engine\"\n * podman exec CID without command should exit 125\n * (minor) prefetch systemd image before use\n * Update go-swagger version\n * Swap out javascript engine\n * fix(deps): update module github.com/docker/docker to v26.0.1+incompatible\n * Add os, arch, and ismanifest to libpod image list\n * [CI:DOCS]Initial PR validation\n * fix(deps): update github.com/containers/gvisor-tap-vsock digest to d744d71\n * vendor ginkgo 2.17.1 into test/tools\n * fix \"concurrent map writes\" in network ls compat endpoint\n * chore(deps): update dependency pytest to v8\n * e2e: redefine ExitWithError() to require exit code\n * docs: fix missleading run/create --expose description\n * podman ps: show exposed ports under PORTS as well\n * rootless: drop function ReadMappingsProc\n * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.7.3\n * New CI VMs, to give us pasta 2024-04-05\n * Add big warning to GHA workflow\n * GHA: Fix intermittent workflow error\n * fix(deps): update module golang.org/x/tools to v0.20.0\n * e2e tests: remove requirement for fuse-overlayfs\n * docs: update Quadlet volume Options desc\n * fix(deps): update module golang.org/x/sync to v0.7.0\n * Fix relabeling failures with Z/z volumes on Mac\n * fix(deps): update module golang.org/x/net to v0.24.0\n * Makefile: fix annoying errors in docs generation\n * chore: fix function names in comment\n * Bump tags.cncf.io/container-device-interface to v0.7.1\n * fix(deps): update module golang.org/x/crypto to v0.22.0\n * Detect unhandled reboots and require user intervention\n * podman --runroot: remove 50 char length restriction\n * update github.com/rootless-containers/rootlesskit to v2\n * Update module github.com/gorilla/schema to v1.3.0\n * Update dependency requests-mock to ~=1.12.1\n * Update module github.com/crc-org/crc/v2 to v2.34.1\n * rm --force work for more than one arg\n * [CI:DOCS] Update kube docs\n * fix(deps): update module github.com/shirou/gopsutil/v3 to v3.24.3\n * [CI:DOCS] Add GitHub action to update version on Podman.io\n * [CI:DOCS] Update dependency golangci/golangci-lint to v1.57.2\n * Windows: clean up temporary perl install\n * pkg/util: FindDeviceNodes() ignore ENOENT errors\n * [CI:DOCS] build deps: make-validate needs docs\n * test/system: add rootless-netns test for setup errors\n * vendor latest c/common main\n * container: do not chown to dest target with U\n * [CI:DOCS] golangci-lint: update deprecated flags\n * systests: conditionalize slirp4netns tests\n * CI: systests: instrument flaky tests\n * s3fs docs\n * test: do not skip tests under rootless\n * Add note about host networking to Kube PublishPort option\n * Inject additional build tags from the environment\n * libpod: use original IDs if idmap is provided\n * Switch back to checking out the same branch the action script runs in\n * docs/podman-login: Give an example of writing the persistent path\n * CI: Bump VMs to 2024-03-28\n * [skip-ci] Update dawidd6/action-send-mail action to v3.12.0\n * fix(deps): update module github.com/openshift/imagebuilder to v1.2.7\n * Fix reference to deprecated types.Info\n * Use logformatter for podman_machine_windows_task\n * applehv: Print vfkit logs in --log-level debug\n * [CI:DOCS]Add Mario to reviewers list\n * [CI:DOCS] Document CI-maintenance job addition\n * Add golang 1.21 update warning\n * Add rootless network command to `podman info`\n * libpod: don\u0027t warn about cgroupsv1 on FreeBSD\n * hyperv: error if not admin\n * Properly parse stderr when updating container status\n * [skip-ci] Packit: specify fedora-latest in propose-downstream\n * Use built-in ssh impl for all non-pty operations\n * Add support for annotations\n * hyperv: fix machine rm -r\n * [skip-ci] Packit: Enable CentOS Stream 10 update job\n * 5.0 release note fix typo in cgroupv1 env var\n * fix remote build isolation on client side\n * chore: remove repetitive words\n * Dont save remote context in temp file but stream and extract\n * fix remote build isolation when server runs as root\n * util: use private propagation with bind\n * util: add some tests for ProcessOptions\n * util: refactor ProcessOptions into an internal function\n * util: rename files to snake case\n * Add LoongArch support for libpod\n * fix(deps): update github.com/containers/common digest to bc5f97c\n * [CI:DOCS] Update dependency golangci/golangci-lint to v1.57.1\n * fix(deps): update module github.com/docker/docker to v25.0.5+incompatible [security]\n * fix(deps): update module github.com/onsi/gomega to v1.32.0\n * [CI:DOCS] Update dependency golangci/golangci-lint to v1.57.0\n * Update module github.com/cpuguy83/go-md2man/v2 to v2.0.4\n * Fix type-o\n * Use correct extension in suite\n * minikube: instrument tests, to allow debugging failures\n * libpod: restart always reconfigure the netns\n * use new c/common pasta2 setup logic to fix dns\n * utils: drop conversion float-\u003estring-\u003efloat\n * utils: do not generate duplicate range\n * logformatter: handle Windows logs\n * utils: add test for the new function\n * utils: move rootless code to a new function\n * xref-helpmsgs-manpages: cross-check Commands.rst\n * test/system: Add support for multipath routes in pasta networking tests\n * [skip-ci] rpm: use macro supported vendoring\n * Adjust to the standard location of gvforwarder used in new images\n * Makefile: add target `podman-remote-static`\n * Switch to 5.x WSL machine os stream using new automation\n * Cleanup build scratch dir if remote end disconnects while passing the context\n * bump main to 5.1.0-dev\n * Use faster gzip for compression for 3x speedup for sending large contexts to remote\n * pkg/machine: make checkExclusiveActiveVM race free\n * pkg/machine/wsl: remove unused CheckExclusiveActiveVM()\n * pkg/machine: CheckExclusiveActiveVM should also check for starting\n * pkg/machine: refresh config after we hold lock\n * Update dependency setuptools to ~=69.2.0\n * [skip-ci] rpm: update containers-common dep on f40+\n * fix invalid HTTP header values when hijacking a connection\n * Add doc to build podman on windows without MSYS\n * Removing CRI-O related annotations\n * fix(deps): update module github.com/containers/ocicrypt to v1.1.10\n * Pass the restart policy to the individual containers\n * kube play: always pull when both imagePullPolicy and tag are missing\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-76",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20279-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20279-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520279-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20279-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021043.html"
},
{
"category": "self",
"summary": "SUSE Bug 1221677",
"url": "https://bugzilla.suse.com/1221677"
},
{
"category": "self",
"summary": "SUSE Bug 1224112",
"url": "https://bugzilla.suse.com/1224112"
},
{
"category": "self",
"summary": "SUSE Bug 1231208",
"url": "https://bugzilla.suse.com/1231208"
},
{
"category": "self",
"summary": "SUSE Bug 1236270",
"url": "https://bugzilla.suse.com/1236270"
},
{
"category": "self",
"summary": "SUSE Bug 1236507",
"url": "https://bugzilla.suse.com/1236507"
},
{
"category": "self",
"summary": "SUSE Bug 1237641",
"url": "https://bugzilla.suse.com/1237641"
},
{
"category": "self",
"summary": "SUSE Bug 1239330",
"url": "https://bugzilla.suse.com/1239330"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45288 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-11218 page",
"url": "https://www.suse.com/security/cve/CVE-2024-11218/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-1753 page",
"url": "https://www.suse.com/security/cve/CVE-2024-1753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3727 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-9407 page",
"url": "https://www.suse.com/security/cve/CVE-2024-9407/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27144 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27144/"
}
],
"title": "Security update for podman",
"tracking": {
"current_release_date": "2025-04-22T13:50:31Z",
"generator": {
"date": "2025-04-22T13:50:31Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20279-1",
"initial_release_date": "2025-04-22T13:50:31Z",
"revision_history": [
{
"date": "2025-04-22T13:50:31Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "podman-5.2.5-slfo.1.1_1.1.aarch64",
"product": {
"name": "podman-5.2.5-slfo.1.1_1.1.aarch64",
"product_id": "podman-5.2.5-slfo.1.1_1.1.aarch64"
}
},
{
"category": "product_version",
"name": "podman-remote-5.2.5-slfo.1.1_1.1.aarch64",
"product": {
"name": "podman-remote-5.2.5-slfo.1.1_1.1.aarch64",
"product_id": "podman-remote-5.2.5-slfo.1.1_1.1.aarch64"
}
},
{
"category": "product_version",
"name": "podmansh-5.2.5-slfo.1.1_1.1.aarch64",
"product": {
"name": "podmansh-5.2.5-slfo.1.1_1.1.aarch64",
"product_id": "podmansh-5.2.5-slfo.1.1_1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-docker-5.2.5-slfo.1.1_1.1.noarch",
"product": {
"name": "podman-docker-5.2.5-slfo.1.1_1.1.noarch",
"product_id": "podman-docker-5.2.5-slfo.1.1_1.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.2.5-slfo.1.1_1.1.ppc64le",
"product": {
"name": "podman-5.2.5-slfo.1.1_1.1.ppc64le",
"product_id": "podman-5.2.5-slfo.1.1_1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "podman-remote-5.2.5-slfo.1.1_1.1.ppc64le",
"product": {
"name": "podman-remote-5.2.5-slfo.1.1_1.1.ppc64le",
"product_id": "podman-remote-5.2.5-slfo.1.1_1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "podmansh-5.2.5-slfo.1.1_1.1.ppc64le",
"product": {
"name": "podmansh-5.2.5-slfo.1.1_1.1.ppc64le",
"product_id": "podmansh-5.2.5-slfo.1.1_1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.2.5-slfo.1.1_1.1.s390x",
"product": {
"name": "podman-5.2.5-slfo.1.1_1.1.s390x",
"product_id": "podman-5.2.5-slfo.1.1_1.1.s390x"
}
},
{
"category": "product_version",
"name": "podman-remote-5.2.5-slfo.1.1_1.1.s390x",
"product": {
"name": "podman-remote-5.2.5-slfo.1.1_1.1.s390x",
"product_id": "podman-remote-5.2.5-slfo.1.1_1.1.s390x"
}
},
{
"category": "product_version",
"name": "podmansh-5.2.5-slfo.1.1_1.1.s390x",
"product": {
"name": "podmansh-5.2.5-slfo.1.1_1.1.s390x",
"product_id": "podmansh-5.2.5-slfo.1.1_1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.2.5-slfo.1.1_1.1.x86_64",
"product": {
"name": "podman-5.2.5-slfo.1.1_1.1.x86_64",
"product_id": "podman-5.2.5-slfo.1.1_1.1.x86_64"
}
},
{
"category": "product_version",
"name": "podman-remote-5.2.5-slfo.1.1_1.1.x86_64",
"product": {
"name": "podman-remote-5.2.5-slfo.1.1_1.1.x86_64",
"product_id": "podman-remote-5.2.5-slfo.1.1_1.1.x86_64"
}
},
{
"category": "product_version",
"name": "podmansh-5.2.5-slfo.1.1_1.1.x86_64",
"product": {
"name": "podmansh-5.2.5-slfo.1.1_1.1.x86_64",
"product_id": "podmansh-5.2.5-slfo.1.1_1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.2.5-slfo.1.1_1.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.aarch64"
},
"product_reference": "podman-5.2.5-slfo.1.1_1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.2.5-slfo.1.1_1.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.ppc64le"
},
"product_reference": "podman-5.2.5-slfo.1.1_1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.2.5-slfo.1.1_1.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.s390x"
},
"product_reference": "podman-5.2.5-slfo.1.1_1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.2.5-slfo.1.1_1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.x86_64"
},
"product_reference": "podman-5.2.5-slfo.1.1_1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-5.2.5-slfo.1.1_1.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:podman-docker-5.2.5-slfo.1.1_1.1.noarch"
},
"product_reference": "podman-docker-5.2.5-slfo.1.1_1.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.2.5-slfo.1.1_1.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.aarch64"
},
"product_reference": "podman-remote-5.2.5-slfo.1.1_1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.2.5-slfo.1.1_1.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.ppc64le"
},
"product_reference": "podman-remote-5.2.5-slfo.1.1_1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.2.5-slfo.1.1_1.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.s390x"
},
"product_reference": "podman-remote-5.2.5-slfo.1.1_1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.2.5-slfo.1.1_1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.x86_64"
},
"product_reference": "podman-remote-5.2.5-slfo.1.1_1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.2.5-slfo.1.1_1.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.aarch64"
},
"product_reference": "podmansh-5.2.5-slfo.1.1_1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.2.5-slfo.1.1_1.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.ppc64le"
},
"product_reference": "podmansh-5.2.5-slfo.1.1_1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.2.5-slfo.1.1_1.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.s390x"
},
"product_reference": "podmansh-5.2.5-slfo.1.1_1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.2.5-slfo.1.1_1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.x86_64"
},
"product_reference": "podmansh-5.2.5-slfo.1.1_1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45288"
}
],
"notes": [
{
"category": "general",
"text": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request\u0027s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.2.5-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45288",
"url": "https://www.suse.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "SUSE Bug 1221400 for CVE-2023-45288",
"url": "https://bugzilla.suse.com/1221400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.2.5-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.2.5-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-22T13:50:31Z",
"details": "moderate"
}
],
"title": "CVE-2023-45288"
},
{
"cve": "CVE-2024-11218",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-11218"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.2.5-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-11218",
"url": "https://www.suse.com/security/cve/CVE-2024-11218"
},
{
"category": "external",
"summary": "SUSE Bug 1236269 for CVE-2024-11218",
"url": "https://bugzilla.suse.com/1236269"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.2.5-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.2.5-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-22T13:50:31Z",
"details": "important"
}
],
"title": "CVE-2024-11218"
},
{
"cve": "CVE-2024-1753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-1753"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.2.5-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-1753",
"url": "https://www.suse.com/security/cve/CVE-2024-1753"
},
{
"category": "external",
"summary": "SUSE Bug 1221677 for CVE-2024-1753",
"url": "https://bugzilla.suse.com/1221677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.2.5-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.2.5-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-22T13:50:31Z",
"details": "important"
}
],
"title": "CVE-2024-1753"
},
{
"cve": "CVE-2024-3727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3727"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.2.5-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3727",
"url": "https://www.suse.com/security/cve/CVE-2024-3727"
},
{
"category": "external",
"summary": "SUSE Bug 1224112 for CVE-2024-3727",
"url": "https://bugzilla.suse.com/1224112"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.2.5-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.2.5-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-22T13:50:31Z",
"details": "important"
}
],
"title": "CVE-2024-3727"
},
{
"cve": "CVE-2024-9407",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-9407"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.2.5-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-9407",
"url": "https://www.suse.com/security/cve/CVE-2024-9407"
},
{
"category": "external",
"summary": "SUSE Bug 1231208 for CVE-2024-9407",
"url": "https://bugzilla.suse.com/1231208"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.2.5-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.2.5-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-22T13:50:31Z",
"details": "moderate"
}
],
"title": "CVE-2024-9407"
},
{
"cve": "CVE-2025-22869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22869"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.2.5-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22869",
"url": "https://www.suse.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "SUSE Bug 1239322 for CVE-2025-22869",
"url": "https://bugzilla.suse.com/1239322"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.2.5-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.2.5-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-22T13:50:31Z",
"details": "important"
}
],
"title": "CVE-2025-22869"
},
{
"cve": "CVE-2025-27144",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27144"
}
],
"notes": [
{
"category": "general",
"text": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, \".\") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.2.5-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27144",
"url": "https://www.suse.com/security/cve/CVE-2025-27144"
},
{
"category": "external",
"summary": "SUSE Bug 1237608 for CVE-2025-27144",
"url": "https://bugzilla.suse.com/1237608"
},
{
"category": "external",
"summary": "SUSE Bug 1237609 for CVE-2025-27144",
"url": "https://bugzilla.suse.com/1237609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.2.5-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.2.5-slfo.1.1_1.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.2.5-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.2.5-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-22T13:50:31Z",
"details": "important"
}
],
"title": "CVE-2025-27144"
}
]
}
SUSE-SU-2025:20363-1
Vulnerability from csaf_suse - Published: 2025-05-28 08:56 - Updated: 2025-05-28 08:56Summary
Security update for skopeo
Severity
Important
Notes
Title of the patch: Security update for skopeo
Description of the patch: This update for skopeo fixes the following issues:
- CVE-2024-6104: url might write sensitive information to log file (bsc#1227056).
- CVE-2023-45288: close connections when receiving too many headers (bsc#1236483).
- CVE-2025-27144: Go JOSE's Parsing Vulnerable to Denial of Service (bsc#1237613).
Patchnames: SUSE-SLE-Micro-6.1-125
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for skopeo",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for skopeo fixes the following issues:\n\n- CVE-2024-6104: url might write sensitive information to log file (bsc#1227056).\n- CVE-2023-45288: close connections when receiving too many headers (bsc#1236483).\n- CVE-2025-27144: Go JOSE\u0027s Parsing Vulnerable to Denial of Service (bsc#1237613).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-125",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20363-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20363-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520363-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20363-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/039496.html"
},
{
"category": "self",
"summary": "SUSE Bug 1227056",
"url": "https://bugzilla.suse.com/1227056"
},
{
"category": "self",
"summary": "SUSE Bug 1236483",
"url": "https://bugzilla.suse.com/1236483"
},
{
"category": "self",
"summary": "SUSE Bug 1237613",
"url": "https://bugzilla.suse.com/1237613"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45288 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6104 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6104/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27144 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27144/"
}
],
"title": "Security update for skopeo",
"tracking": {
"current_release_date": "2025-05-28T08:56:42Z",
"generator": {
"date": "2025-05-28T08:56:42Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20363-1",
"initial_release_date": "2025-05-28T08:56:42Z",
"revision_history": [
{
"date": "2025-05-28T08:56:42Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "skopeo-1.15.1-slfo.1.1_2.1.aarch64",
"product": {
"name": "skopeo-1.15.1-slfo.1.1_2.1.aarch64",
"product_id": "skopeo-1.15.1-slfo.1.1_2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-1.15.1-slfo.1.1_2.1.ppc64le",
"product": {
"name": "skopeo-1.15.1-slfo.1.1_2.1.ppc64le",
"product_id": "skopeo-1.15.1-slfo.1.1_2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-1.15.1-slfo.1.1_2.1.s390x",
"product": {
"name": "skopeo-1.15.1-slfo.1.1_2.1.s390x",
"product_id": "skopeo-1.15.1-slfo.1.1_2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "skopeo-1.15.1-slfo.1.1_2.1.x86_64",
"product": {
"name": "skopeo-1.15.1-slfo.1.1_2.1.x86_64",
"product_id": "skopeo-1.15.1-slfo.1.1_2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-1.15.1-slfo.1.1_2.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.aarch64"
},
"product_reference": "skopeo-1.15.1-slfo.1.1_2.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-1.15.1-slfo.1.1_2.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.ppc64le"
},
"product_reference": "skopeo-1.15.1-slfo.1.1_2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-1.15.1-slfo.1.1_2.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.s390x"
},
"product_reference": "skopeo-1.15.1-slfo.1.1_2.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "skopeo-1.15.1-slfo.1.1_2.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.x86_64"
},
"product_reference": "skopeo-1.15.1-slfo.1.1_2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45288"
}
],
"notes": [
{
"category": "general",
"text": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request\u0027s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45288",
"url": "https://www.suse.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "SUSE Bug 1221400 for CVE-2023-45288",
"url": "https://bugzilla.suse.com/1221400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-28T08:56:42Z",
"details": "moderate"
}
],
"title": "CVE-2023-45288"
},
{
"cve": "CVE-2024-6104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6104"
}
],
"notes": [
{
"category": "general",
"text": "go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6104",
"url": "https://www.suse.com/security/cve/CVE-2024-6104"
},
{
"category": "external",
"summary": "SUSE Bug 1227024 for CVE-2024-6104",
"url": "https://bugzilla.suse.com/1227024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-28T08:56:42Z",
"details": "moderate"
}
],
"title": "CVE-2024-6104"
},
{
"cve": "CVE-2025-27144",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27144"
}
],
"notes": [
{
"category": "general",
"text": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, \".\") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27144",
"url": "https://www.suse.com/security/cve/CVE-2025-27144"
},
{
"category": "external",
"summary": "SUSE Bug 1237608 for CVE-2025-27144",
"url": "https://bugzilla.suse.com/1237608"
},
{
"category": "external",
"summary": "SUSE Bug 1237609 for CVE-2025-27144",
"url": "https://bugzilla.suse.com/1237609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:skopeo-1.15.1-slfo.1.1_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-28T08:56:42Z",
"details": "important"
}
],
"title": "CVE-2025-27144"
}
]
}
SUSE-SU-2026:20483-1
Vulnerability from csaf_suse - Published: 2026-02-17 09:37 - Updated: 2026-02-17 09:37Summary
Security update for google-guest-agent
Severity
Moderate
Notes
Title of the patch: Security update for google-guest-agent
Description of the patch: This update for google-guest-agent fixes the following issues:
- CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers (bsc#1236533).
Patchnames: SUSE-SLE-Micro-6.1-400
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-guest-agent-20250116.00-slfo.1.1_2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-guest-agent-20250116.00-slfo.1.1_2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-guest-agent-20250116.00-slfo.1.1_2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-guest-agent-20250116.00-slfo.1.1_2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for google-guest-agent",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for google-guest-agent fixes the following issues:\n\n- CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers (bsc#1236533).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-400",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20483-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20483-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620483-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20483-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024487.html"
},
{
"category": "self",
"summary": "SUSE Bug 1236533",
"url": "https://bugzilla.suse.com/1236533"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45288 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45288/"
}
],
"title": "Security update for google-guest-agent",
"tracking": {
"current_release_date": "2026-02-17T09:37:33Z",
"generator": {
"date": "2026-02-17T09:37:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20483-1",
"initial_release_date": "2026-02-17T09:37:33Z",
"revision_history": [
{
"date": "2026-02-17T09:37:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "google-guest-agent-20250116.00-slfo.1.1_2.1.aarch64",
"product": {
"name": "google-guest-agent-20250116.00-slfo.1.1_2.1.aarch64",
"product_id": "google-guest-agent-20250116.00-slfo.1.1_2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "google-guest-agent-20250116.00-slfo.1.1_2.1.ppc64le",
"product": {
"name": "google-guest-agent-20250116.00-slfo.1.1_2.1.ppc64le",
"product_id": "google-guest-agent-20250116.00-slfo.1.1_2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "google-guest-agent-20250116.00-slfo.1.1_2.1.s390x",
"product": {
"name": "google-guest-agent-20250116.00-slfo.1.1_2.1.s390x",
"product_id": "google-guest-agent-20250116.00-slfo.1.1_2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "google-guest-agent-20250116.00-slfo.1.1_2.1.x86_64",
"product": {
"name": "google-guest-agent-20250116.00-slfo.1.1_2.1.x86_64",
"product_id": "google-guest-agent-20250116.00-slfo.1.1_2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "google-guest-agent-20250116.00-slfo.1.1_2.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:google-guest-agent-20250116.00-slfo.1.1_2.1.aarch64"
},
"product_reference": "google-guest-agent-20250116.00-slfo.1.1_2.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-guest-agent-20250116.00-slfo.1.1_2.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:google-guest-agent-20250116.00-slfo.1.1_2.1.ppc64le"
},
"product_reference": "google-guest-agent-20250116.00-slfo.1.1_2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-guest-agent-20250116.00-slfo.1.1_2.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:google-guest-agent-20250116.00-slfo.1.1_2.1.s390x"
},
"product_reference": "google-guest-agent-20250116.00-slfo.1.1_2.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-guest-agent-20250116.00-slfo.1.1_2.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:google-guest-agent-20250116.00-slfo.1.1_2.1.x86_64"
},
"product_reference": "google-guest-agent-20250116.00-slfo.1.1_2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45288"
}
],
"notes": [
{
"category": "general",
"text": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request\u0027s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-guest-agent-20250116.00-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:google-guest-agent-20250116.00-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:google-guest-agent-20250116.00-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:google-guest-agent-20250116.00-slfo.1.1_2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45288",
"url": "https://www.suse.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "SUSE Bug 1221400 for CVE-2023-45288",
"url": "https://bugzilla.suse.com/1221400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-guest-agent-20250116.00-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:google-guest-agent-20250116.00-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:google-guest-agent-20250116.00-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:google-guest-agent-20250116.00-slfo.1.1_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-guest-agent-20250116.00-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:google-guest-agent-20250116.00-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:google-guest-agent-20250116.00-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:google-guest-agent-20250116.00-slfo.1.1_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-17T09:37:33Z",
"details": "moderate"
}
],
"title": "CVE-2023-45288"
}
]
}
SUSE-SU-2026:20486-1
Vulnerability from csaf_suse - Published: 2026-02-17 09:38 - Updated: 2026-02-17 09:38Summary
Security update for google-osconfig-agent
Severity
Moderate
Notes
Title of the patch: Security update for google-osconfig-agent
Description of the patch: This update for google-osconfig-agent fixes the following issues:
- CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers (bsc#1236533).
Patchnames: SUSE-SLE-Micro-6.1-401
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20250416.02-slfo.1.1_2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20250416.02-slfo.1.1_2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20250416.02-slfo.1.1_2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:google-osconfig-agent-20250416.02-slfo.1.1_2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for google-osconfig-agent",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for google-osconfig-agent fixes the following issues:\n\n- CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers (bsc#1236533).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-401",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20486-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20486-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620486-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20486-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024484.html"
},
{
"category": "self",
"summary": "SUSE Bug 1236533",
"url": "https://bugzilla.suse.com/1236533"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45288 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45288/"
}
],
"title": "Security update for google-osconfig-agent",
"tracking": {
"current_release_date": "2026-02-17T09:38:09Z",
"generator": {
"date": "2026-02-17T09:38:09Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20486-1",
"initial_release_date": "2026-02-17T09:38:09Z",
"revision_history": [
{
"date": "2026-02-17T09:38:09Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "google-osconfig-agent-20250416.02-slfo.1.1_2.1.aarch64",
"product": {
"name": "google-osconfig-agent-20250416.02-slfo.1.1_2.1.aarch64",
"product_id": "google-osconfig-agent-20250416.02-slfo.1.1_2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "google-osconfig-agent-20250416.02-slfo.1.1_2.1.ppc64le",
"product": {
"name": "google-osconfig-agent-20250416.02-slfo.1.1_2.1.ppc64le",
"product_id": "google-osconfig-agent-20250416.02-slfo.1.1_2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "google-osconfig-agent-20250416.02-slfo.1.1_2.1.s390x",
"product": {
"name": "google-osconfig-agent-20250416.02-slfo.1.1_2.1.s390x",
"product_id": "google-osconfig-agent-20250416.02-slfo.1.1_2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "google-osconfig-agent-20250416.02-slfo.1.1_2.1.x86_64",
"product": {
"name": "google-osconfig-agent-20250416.02-slfo.1.1_2.1.x86_64",
"product_id": "google-osconfig-agent-20250416.02-slfo.1.1_2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "google-osconfig-agent-20250416.02-slfo.1.1_2.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:google-osconfig-agent-20250416.02-slfo.1.1_2.1.aarch64"
},
"product_reference": "google-osconfig-agent-20250416.02-slfo.1.1_2.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-osconfig-agent-20250416.02-slfo.1.1_2.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:google-osconfig-agent-20250416.02-slfo.1.1_2.1.ppc64le"
},
"product_reference": "google-osconfig-agent-20250416.02-slfo.1.1_2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-osconfig-agent-20250416.02-slfo.1.1_2.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:google-osconfig-agent-20250416.02-slfo.1.1_2.1.s390x"
},
"product_reference": "google-osconfig-agent-20250416.02-slfo.1.1_2.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-osconfig-agent-20250416.02-slfo.1.1_2.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:google-osconfig-agent-20250416.02-slfo.1.1_2.1.x86_64"
},
"product_reference": "google-osconfig-agent-20250416.02-slfo.1.1_2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45288"
}
],
"notes": [
{
"category": "general",
"text": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request\u0027s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20250416.02-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20250416.02-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20250416.02-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20250416.02-slfo.1.1_2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45288",
"url": "https://www.suse.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "SUSE Bug 1221400 for CVE-2023-45288",
"url": "https://bugzilla.suse.com/1221400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20250416.02-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20250416.02-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20250416.02-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20250416.02-slfo.1.1_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:google-osconfig-agent-20250416.02-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:google-osconfig-agent-20250416.02-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:google-osconfig-agent-20250416.02-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:google-osconfig-agent-20250416.02-slfo.1.1_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-17T09:38:09Z",
"details": "moderate"
}
],
"title": "CVE-2023-45288"
}
]
}
SUSE-SU-2026:21319-1
Vulnerability from csaf_suse - Published: 2026-04-22 10:58 - Updated: 2026-04-22 10:58Summary
Security update for google-guest-agent
Severity
Important
Notes
Title of the patch: Security update for google-guest-agent
Description of the patch: This update for google-guest-agent fixes the following issues:
Update to version 20250506.01 (bsc#1243254, bsc#1243505).
Security issues fixed:
- CVE-2024-45337: golang.org/x/crypto/ssh: misuse of the ServerConfig.PublicKeyCallback callback can lead to
authorization bypass in applications (bsc#1234563).
- CVE-2023-45288: golang.org/x/net/http2: no limit set for number of HTTP/2 CONTINUATION frames that can be read for an
HTTP/2 request can lead to excessive CPU consumption and a DoS (bsc#1236533).
Other updates and bugfixes:
- Version 20250506.01:
* Make sure agent added connections are activated by NM (#534)
- Version 20250506.00:
* Wrap NSS cache refresh in a goroutine (#533)
- Version 20250502.01:
* Wicked: Only reload interfaces for which configurations are written or changed. (#524)
- Version 20250502.00:
* Add AuthorizedKeysCompat to windows packaging (#530)
* Remove error messages from gce_workload_cert_refresh and metadata script runner (#527)
* Update guest-logging-go dependency (#526)
* Add 'created-by' metadata, and pass it as option to logging library (#508)
* Revert "oslogin: Correctly handle newlines at the end of modified files (#520)" (#523)
* Re-enable disabled services if the core plugin was enabled (#522)
* Enable guest services on package upgrade (#519)
* oslogin: Correctly handle newlines at the end of modified files (#520)
* Fix core plugin path (#518)
* Fix package build issues (#517)
* Fix dependencies ran go mod tidy -v (#515)
* Fix debian build path (#514)
* Bundle compat metadata script runner binary in package (#513)
* Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)
* Update startup/shutdown services to launch compat manager (#503)
* Bundle new gce metadata script runner binary in agent package (#502)
* Revert "Revert bundling new binaries in the package (#509)" (#511)
- Version 20250418.00:
* Re-enable disabled services if the core plugin was enabled (#521)
- Version 20250414.00:
* Add AuthorizedKeysCompat to windows packaging (#530)
* Remove error messages from gce_workload_cert_refresh and metadata script runner (#527)
* Update guest-logging-go dependency (#526)
* Add 'created-by' metadata, and pass it as option to logging library (#508)
* Revert "oslogin: Correctly handle newlines at the end of modified files (#520)" (#523)
* Re-enable disabled services if the core plugin was enabled (#522)
* Enable guest services on package upgrade (#519)
* oslogin: Correctly handle newlines at the end of modified files (#520)
* Fix core plugin path (#518)
* Fix package build issues (#517)
* Fix dependencies ran go mod tidy -v (#515)
* Fix debian build path (#514)
* Bundle compat metadata script runner binary in package (#513)
* Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)
* Update startup/shutdown services to launch compat manager (#503)
* Bundle new gce metadata script runner binary in agent package (#502)
* Revert "Revert bundling new binaries in the package (#509)" (#511)
- Version 20250327.01 (bsc#1239763, bsc#1239866):
* Remove error messages from gce_workload_cert_refresh and
metadata script runner (#527)
- Version 20250327.00:
* Update guest-logging-go dependency (#526)
* Add 'created-by' metadata, and pass it as option to logging library (#508)
* Revert "oslogin: Correctly handle newlines at the end of
modified files (#520)" (#523)
* Re-enable disabled services if the core plugin was enabled (#522)
* Enable guest services on package upgrade (#519)
* oslogin: Correctly handle newlines at the end of modified files (#520)
* Fix core plugin path (#518)
* Fix package build issues (#517)
* Fix dependencies ran go mod tidy -v (#515)
* Fix debian build path (#514)
* Bundle compat metadata script runner binary in package (#513)
* Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)
* Update startup/shutdown services to launch compat manager (#503)
* Bundle new gce metadata script runner binary in agent package (#502)
* Revert "Revert bundling new binaries in the package (#509)" (#511)
- Version 20250326.00:
* Re-enable disabled services if the core plugin was enabled (#521)
- Version 20250324.00:
* Enable guest services on package upgrade (#519)
* oslogin: Correctly handle newlines at the end of modified files (#520)
* Fix core plugin path (#518)
* Fix package build issues (#517)
* Fix dependencies ran go mod tidy -v (#515)
* Fix debian build path (#514)
* Bundle compat metadata script runner binary in package (#513)
* Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)
* Update startup/shutdown services to launch compat manager (#503)
* Bundle new gce metadata script runner binary in agent package (#502)
* Revert "Revert bundling new binaries in the package (#509)" (#511)
* Revert bundling new binaries in the package (#509)
* Fix typo in windows build script (#501)
* Include core plugin binary for all packages (#500)
* Start packaging compat manager (#498)
* Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)
* scripts: introduce a wrapper to locally build deb package (#490)
* Introduce compat-manager systemd unit (#497)
- Version 20250317.00:
* Revert "Revert bundling new binaries in the package (#509)" (#511)
* Revert bundling new binaries in the package (#509)
* Fix typo in windows build script (#501)
* Include core plugin binary for all packages (#500)
* Start packaging compat manager (#498)
* Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)
* scripts: introduce a wrapper to locally build deb package (#490)
* Introduce compat-manager systemd unit (#497)
- Version 20250312.00:
* Revert bundling new binaries in the package (#509)
* Fix typo in windows build script (#501)
* Include core plugin binary for all packages (#500)
* Start packaging compat manager (#498)
* Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)
* scripts: introduce a wrapper to locally build deb package (#490)
* Introduce compat-manager systemd unit (#497)
- Version 20250305.00:
* Revert bundling new binaries in the package (#509)
* Fix typo in windows build script (#501)
* Include core plugin binary for all packages (#500)
* Start packaging compat manager (#498)
* Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)
* scripts: introduce a wrapper to locally build deb package (#490)
* Introduce compat-manager systemd unit (#497)
- Version 20250304.01:
* Fix typo in windows build script (#501)
- Version 20250214.01:
* Include core plugin binary for all packages (#500)
- Version 20250212.00:
* Start packaging compat manager (#498)
* Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)
- Version 20250211.00:
* scripts: introduce a wrapper to locally build deb package (#490)
* Introduce compat-manager systemd unit (#497)
- Version 20250207.00:
* vlan: toggle vlan configuration in debian packaging (#495)
* vlan: move config out of unstable section (#494)
* Add clarification to comments regarding invalid NICs and the
`invalid` tag. (#493)
* Include interfaces in lists even if it has an invalid MAC. (#489)
* Fix windows package build failures (#491)
* vlan: don't index based on the vlan ID (#486)
* Revert PR #482 (#488)
* Remove Amy and Zach from OWNERS (#487)
* Skip interfaces in interfaceNames() instead of erroring if there is an (#482)
* Fix Debian packaging if guest agent manager is not checked out (#485)
- Version 20250204.02:
* force concourse to move version forward.
- Version 20250204.01:
* vlan: toggle vlan configuration in debian packaging (#495)
- Version 20250204.00:
* vlan: move config out of unstable section (#494)
* Add clarification to comments regarding invalid NICs and the
`invalid` tag. (#493)
- Version 20250203.01:
* Include interfaces in lists even if it has an invalid MAC. (#489)
- Version 20250203.00:
* Fix windows package build failures (#491)
* vlan: don't index based on the vlan ID (#486)
* Revert PR #482 (#488)
* Remove Amy and Zach from OWNERS (#487)
* Skip interfaces in interfaceNames() instead of erroring if there is an (#482)
* Fix Debian packaging if guest agent manager is not checked out (#485)
- Version 20250122.00:
* networkd(vlan): remove the interface in addition to config (#468)
* Implement support for vlan dynamic removal, update dhclient to
remove only if configured (#465)
* Update logging library (#479)
* Remove Pat from owners file. (#478)
Patchnames: SUSE-SLE-Micro-6.0-682
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-guest-agent-20250506.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-guest-agent-20250506.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-guest-agent-20250506.01-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:google-guest-agent-20250506.01-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-guest-agent-20250506.01-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:google-guest-agent-20250506.01-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for google-guest-agent",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for google-guest-agent fixes the following issues:\n\nUpdate to version 20250506.01 (bsc#1243254, bsc#1243505).\n\nSecurity issues fixed:\n\n- CVE-2024-45337: golang.org/x/crypto/ssh: misuse of the ServerConfig.PublicKeyCallback callback can lead to\n authorization bypass in applications (bsc#1234563).\n- CVE-2023-45288: golang.org/x/net/http2: no limit set for number of HTTP/2 CONTINUATION frames that can be read for an\n HTTP/2 request can lead to excessive CPU consumption and a DoS (bsc#1236533).\n\nOther updates and bugfixes:\n\n- Version 20250506.01:\n * Make sure agent added connections are activated by NM (#534)\n- Version 20250506.00:\n * Wrap NSS cache refresh in a goroutine (#533)\n- Version 20250502.01:\n * Wicked: Only reload interfaces for which configurations are written or changed. (#524)\n- Version 20250502.00:\n * Add AuthorizedKeysCompat to windows packaging (#530)\n * Remove error messages from gce_workload_cert_refresh and metadata script runner (#527)\n * Update guest-logging-go dependency (#526)\n * Add \u0027created-by\u0027 metadata, and pass it as option to logging library (#508)\n * Revert \"oslogin: Correctly handle newlines at the end of modified files (#520)\" (#523)\n * Re-enable disabled services if the core plugin was enabled (#522)\n * Enable guest services on package upgrade (#519)\n * oslogin: Correctly handle newlines at the end of modified files (#520)\n * Fix core plugin path (#518)\n * Fix package build issues (#517)\n * Fix dependencies ran go mod tidy -v (#515)\n * Fix debian build path (#514)\n * Bundle compat metadata script runner binary in package (#513)\n * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)\n * Update startup/shutdown services to launch compat manager (#503)\n * Bundle new gce metadata script runner binary in agent package (#502)\n * Revert \"Revert bundling new binaries in the package (#509)\" (#511)\n- Version 20250418.00:\n * Re-enable disabled services if the core plugin was enabled (#521)\n- Version 20250414.00:\n * Add AuthorizedKeysCompat to windows packaging (#530)\n * Remove error messages from gce_workload_cert_refresh and metadata script runner (#527)\n * Update guest-logging-go dependency (#526)\n * Add \u0027created-by\u0027 metadata, and pass it as option to logging library (#508)\n * Revert \"oslogin: Correctly handle newlines at the end of modified files (#520)\" (#523)\n * Re-enable disabled services if the core plugin was enabled (#522)\n * Enable guest services on package upgrade (#519)\n * oslogin: Correctly handle newlines at the end of modified files (#520)\n * Fix core plugin path (#518)\n * Fix package build issues (#517)\n * Fix dependencies ran go mod tidy -v (#515)\n * Fix debian build path (#514)\n * Bundle compat metadata script runner binary in package (#513)\n * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)\n * Update startup/shutdown services to launch compat manager (#503)\n * Bundle new gce metadata script runner binary in agent package (#502)\n * Revert \"Revert bundling new binaries in the package (#509)\" (#511)\n- Version 20250327.01 (bsc#1239763, bsc#1239866):\n * Remove error messages from gce_workload_cert_refresh and\n metadata script runner (#527)\n- Version 20250327.00:\n * Update guest-logging-go dependency (#526)\n * Add \u0027created-by\u0027 metadata, and pass it as option to logging library (#508)\n * Revert \"oslogin: Correctly handle newlines at the end of\n modified files (#520)\" (#523)\n * Re-enable disabled services if the core plugin was enabled (#522)\n * Enable guest services on package upgrade (#519)\n * oslogin: Correctly handle newlines at the end of modified files (#520)\n * Fix core plugin path (#518)\n * Fix package build issues (#517)\n * Fix dependencies ran go mod tidy -v (#515)\n * Fix debian build path (#514)\n * Bundle compat metadata script runner binary in package (#513)\n * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)\n * Update startup/shutdown services to launch compat manager (#503)\n * Bundle new gce metadata script runner binary in agent package (#502)\n * Revert \"Revert bundling new binaries in the package (#509)\" (#511)\n- Version 20250326.00:\n * Re-enable disabled services if the core plugin was enabled (#521)\n- Version 20250324.00:\n * Enable guest services on package upgrade (#519)\n * oslogin: Correctly handle newlines at the end of modified files (#520)\n * Fix core plugin path (#518)\n * Fix package build issues (#517)\n * Fix dependencies ran go mod tidy -v (#515)\n * Fix debian build path (#514)\n * Bundle compat metadata script runner binary in package (#513)\n * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)\n * Update startup/shutdown services to launch compat manager (#503)\n * Bundle new gce metadata script runner binary in agent package (#502)\n * Revert \"Revert bundling new binaries in the package (#509)\" (#511)\n * Revert bundling new binaries in the package (#509)\n * Fix typo in windows build script (#501)\n * Include core plugin binary for all packages (#500)\n * Start packaging compat manager (#498)\n * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)\n * scripts: introduce a wrapper to locally build deb package (#490)\n * Introduce compat-manager systemd unit (#497)\n- Version 20250317.00:\n * Revert \"Revert bundling new binaries in the package (#509)\" (#511)\n * Revert bundling new binaries in the package (#509)\n * Fix typo in windows build script (#501)\n * Include core plugin binary for all packages (#500)\n * Start packaging compat manager (#498)\n * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)\n * scripts: introduce a wrapper to locally build deb package (#490)\n * Introduce compat-manager systemd unit (#497)\n- Version 20250312.00:\n * Revert bundling new binaries in the package (#509)\n * Fix typo in windows build script (#501)\n * Include core plugin binary for all packages (#500)\n * Start packaging compat manager (#498)\n * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)\n * scripts: introduce a wrapper to locally build deb package (#490)\n * Introduce compat-manager systemd unit (#497)\n- Version 20250305.00:\n * Revert bundling new binaries in the package (#509)\n * Fix typo in windows build script (#501)\n * Include core plugin binary for all packages (#500)\n * Start packaging compat manager (#498)\n * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)\n * scripts: introduce a wrapper to locally build deb package (#490)\n * Introduce compat-manager systemd unit (#497)\n- Version 20250304.01:\n * Fix typo in windows build script (#501)\n- Version 20250214.01:\n * Include core plugin binary for all packages (#500)\n- Version 20250212.00:\n * Start packaging compat manager (#498)\n * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)\n- Version 20250211.00:\n * scripts: introduce a wrapper to locally build deb package (#490)\n * Introduce compat-manager systemd unit (#497)\n- Version 20250207.00:\n * vlan: toggle vlan configuration in debian packaging (#495)\n * vlan: move config out of unstable section (#494)\n * Add clarification to comments regarding invalid NICs and the\n `invalid` tag. (#493)\n * Include interfaces in lists even if it has an invalid MAC. (#489)\n * Fix windows package build failures (#491)\n * vlan: don\u0027t index based on the vlan ID (#486)\n * Revert PR #482 (#488)\n * Remove Amy and Zach from OWNERS (#487)\n * Skip interfaces in interfaceNames() instead of erroring if there is an (#482)\n * Fix Debian packaging if guest agent manager is not checked out (#485)\n- Version 20250204.02:\n * force concourse to move version forward.\n- Version 20250204.01:\n * vlan: toggle vlan configuration in debian packaging (#495)\n- Version 20250204.00:\n * vlan: move config out of unstable section (#494)\n * Add clarification to comments regarding invalid NICs and the\n `invalid` tag. (#493)\n- Version 20250203.01:\n * Include interfaces in lists even if it has an invalid MAC. (#489)\n- Version 20250203.00:\n * Fix windows package build failures (#491)\n * vlan: don\u0027t index based on the vlan ID (#486)\n * Revert PR #482 (#488)\n * Remove Amy and Zach from OWNERS (#487)\n * Skip interfaces in interfaceNames() instead of erroring if there is an (#482)\n * Fix Debian packaging if guest agent manager is not checked out (#485)\n- Version 20250122.00:\n * networkd(vlan): remove the interface in addition to config (#468)\n * Implement support for vlan dynamic removal, update dhclient to\n remove only if configured (#465)\n * Update logging library (#479)\n * Remove Pat from owners file. (#478)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-682",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21319-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21319-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621319-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21319-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045998.html"
},
{
"category": "self",
"summary": "SUSE Bug 1234563",
"url": "https://bugzilla.suse.com/1234563"
},
{
"category": "self",
"summary": "SUSE Bug 1236533",
"url": "https://bugzilla.suse.com/1236533"
},
{
"category": "self",
"summary": "SUSE Bug 1239763",
"url": "https://bugzilla.suse.com/1239763"
},
{
"category": "self",
"summary": "SUSE Bug 1239866",
"url": "https://bugzilla.suse.com/1239866"
},
{
"category": "self",
"summary": "SUSE Bug 1243254",
"url": "https://bugzilla.suse.com/1243254"
},
{
"category": "self",
"summary": "SUSE Bug 1243505",
"url": "https://bugzilla.suse.com/1243505"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45288 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45337 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45337/"
}
],
"title": "Security update for google-guest-agent",
"tracking": {
"current_release_date": "2026-04-22T10:58:34Z",
"generator": {
"date": "2026-04-22T10:58:34Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21319-1",
"initial_release_date": "2026-04-22T10:58:34Z",
"revision_history": [
{
"date": "2026-04-22T10:58:34Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "google-guest-agent-20250506.01-1.1.aarch64",
"product": {
"name": "google-guest-agent-20250506.01-1.1.aarch64",
"product_id": "google-guest-agent-20250506.01-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "google-guest-agent-20250506.01-1.1.s390x",
"product": {
"name": "google-guest-agent-20250506.01-1.1.s390x",
"product_id": "google-guest-agent-20250506.01-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "google-guest-agent-20250506.01-1.1.x86_64",
"product": {
"name": "google-guest-agent-20250506.01-1.1.x86_64",
"product_id": "google-guest-agent-20250506.01-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "google-guest-agent-20250506.01-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:google-guest-agent-20250506.01-1.1.aarch64"
},
"product_reference": "google-guest-agent-20250506.01-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-guest-agent-20250506.01-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:google-guest-agent-20250506.01-1.1.s390x"
},
"product_reference": "google-guest-agent-20250506.01-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-guest-agent-20250506.01-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:google-guest-agent-20250506.01-1.1.x86_64"
},
"product_reference": "google-guest-agent-20250506.01-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45288"
}
],
"notes": [
{
"category": "general",
"text": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request\u0027s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-guest-agent-20250506.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-guest-agent-20250506.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-guest-agent-20250506.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45288",
"url": "https://www.suse.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "SUSE Bug 1221400 for CVE-2023-45288",
"url": "https://bugzilla.suse.com/1221400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-guest-agent-20250506.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-guest-agent-20250506.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-guest-agent-20250506.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-guest-agent-20250506.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-guest-agent-20250506.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-guest-agent-20250506.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-22T10:58:34Z",
"details": "moderate"
}
],
"title": "CVE-2023-45288"
},
{
"cve": "CVE-2024-45337",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45337"
}
],
"notes": [
{
"category": "general",
"text": "Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that \"A call to this function does not guarantee that the key offered is in fact used to authenticate.\" Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:google-guest-agent-20250506.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-guest-agent-20250506.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-guest-agent-20250506.01-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45337",
"url": "https://www.suse.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "SUSE Bug 1234482 for CVE-2024-45337",
"url": "https://bugzilla.suse.com/1234482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:google-guest-agent-20250506.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-guest-agent-20250506.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-guest-agent-20250506.01-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:google-guest-agent-20250506.01-1.1.aarch64",
"SUSE Linux Micro 6.0:google-guest-agent-20250506.01-1.1.s390x",
"SUSE Linux Micro 6.0:google-guest-agent-20250506.01-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-22T10:58:34Z",
"details": "important"
}
],
"title": "CVE-2024-45337"
}
]
}
SUSE-SU-2026:21376-1
Vulnerability from csaf_suse - Published: 2026-04-22 10:23 - Updated: 2026-04-22 10:23Summary
Security update for google-guest-agent
Severity
Important
Notes
Title of the patch: Security update for google-guest-agent
Description of the patch: This update for google-guest-agent fixes the following issues:
Update to version 20250506.01 (bsc#1243254, bsc#1243505).
Security issues fixed:
- CVE-2024-45337: golang.org/x/crypto/ssh: misuse of the ServerConfig.PublicKeyCallback callback can lead to
authorization bypass in applications (bsc#1234563).
- CVE-2023-45288: golang.org/x/net/http2: no limit set for number of HTTP/2 CONTINUATION frames that can be read for an
HTTP/2 request can lead to excessive CPU consumption and a DoS (bsc#1236533).
Other updates and bugfixes:
- Version 20250506.01:
* Make sure agent added connections are activated by NM (#534)
- Version 20250506.00:
* Wrap NSS cache refresh in a goroutine (#533)
- Version 20250502.01:
* Wicked: Only reload interfaces for which configurations are written or changed. (#524)
- Version 20250502.00:
* Add AuthorizedKeysCompat to windows packaging (#530)
* Remove error messages from gce_workload_cert_refresh and metadata script runner (#527)
* Update guest-logging-go dependency (#526)
* Add 'created-by' metadata, and pass it as option to logging library (#508)
* Revert "oslogin: Correctly handle newlines at the end of modified files (#520)" (#523)
* Re-enable disabled services if the core plugin was enabled (#522)
* Enable guest services on package upgrade (#519)
* oslogin: Correctly handle newlines at the end of modified files (#520)
* Fix core plugin path (#518)
* Fix package build issues (#517)
* Fix dependencies ran go mod tidy -v (#515)
* Fix debian build path (#514)
* Bundle compat metadata script runner binary in package (#513)
* Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)
* Update startup/shutdown services to launch compat manager (#503)
* Bundle new gce metadata script runner binary in agent package (#502)
* Revert "Revert bundling new binaries in the package (#509)" (#511)
- Version 20250418.00:
* Re-enable disabled services if the core plugin was enabled (#521)
- Version 20250414.00:
* Add AuthorizedKeysCompat to windows packaging (#530)
* Remove error messages from gce_workload_cert_refresh and metadata script runner (#527)
* Update guest-logging-go dependency (#526)
* Add 'created-by' metadata, and pass it as option to logging library (#508)
* Revert "oslogin: Correctly handle newlines at the end of modified files (#520)" (#523)
* Re-enable disabled services if the core plugin was enabled (#522)
* Enable guest services on package upgrade (#519)
* oslogin: Correctly handle newlines at the end of modified files (#520)
* Fix core plugin path (#518)
* Fix package build issues (#517)
* Fix dependencies ran go mod tidy -v (#515)
* Fix debian build path (#514)
* Bundle compat metadata script runner binary in package (#513)
* Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)
* Update startup/shutdown services to launch compat manager (#503)
* Bundle new gce metadata script runner binary in agent package (#502)
* Revert "Revert bundling new binaries in the package (#509)" (#511)
- Version 20250327.01 (bsc#1239763, bsc#1239866):
* Remove error messages from gce_workload_cert_refresh and
metadata script runner (#527)
- Version 20250327.00:
* Update guest-logging-go dependency (#526)
* Add 'created-by' metadata, and pass it as option to logging library (#508)
* Revert "oslogin: Correctly handle newlines at the end of
modified files (#520)" (#523)
* Re-enable disabled services if the core plugin was enabled (#522)
* Enable guest services on package upgrade (#519)
* oslogin: Correctly handle newlines at the end of modified files (#520)
* Fix core plugin path (#518)
* Fix package build issues (#517)
* Fix dependencies ran go mod tidy -v (#515)
* Fix debian build path (#514)
* Bundle compat metadata script runner binary in package (#513)
* Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)
* Update startup/shutdown services to launch compat manager (#503)
* Bundle new gce metadata script runner binary in agent package (#502)
* Revert "Revert bundling new binaries in the package (#509)" (#511)
- Version 20250326.00:
* Re-enable disabled services if the core plugin was enabled (#521)
- Version 20250324.00:
* Enable guest services on package upgrade (#519)
* oslogin: Correctly handle newlines at the end of modified files (#520)
* Fix core plugin path (#518)
* Fix package build issues (#517)
* Fix dependencies ran go mod tidy -v (#515)
* Fix debian build path (#514)
* Bundle compat metadata script runner binary in package (#513)
* Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)
* Update startup/shutdown services to launch compat manager (#503)
* Bundle new gce metadata script runner binary in agent package (#502)
* Revert "Revert bundling new binaries in the package (#509)" (#511)
* Revert bundling new binaries in the package (#509)
* Fix typo in windows build script (#501)
* Include core plugin binary for all packages (#500)
* Start packaging compat manager (#498)
* Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)
* scripts: introduce a wrapper to locally build deb package (#490)
* Introduce compat-manager systemd unit (#497)
- Version 20250317.00:
* Revert "Revert bundling new binaries in the package (#509)" (#511)
* Revert bundling new binaries in the package (#509)
* Fix typo in windows build script (#501)
* Include core plugin binary for all packages (#500)
* Start packaging compat manager (#498)
* Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)
* scripts: introduce a wrapper to locally build deb package (#490)
* Introduce compat-manager systemd unit (#497)
- Version 20250312.00:
* Revert bundling new binaries in the package (#509)
* Fix typo in windows build script (#501)
* Include core plugin binary for all packages (#500)
* Start packaging compat manager (#498)
* Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)
* scripts: introduce a wrapper to locally build deb package (#490)
* Introduce compat-manager systemd unit (#497)
- Version 20250305.00:
* Revert bundling new binaries in the package (#509)
* Fix typo in windows build script (#501)
* Include core plugin binary for all packages (#500)
* Start packaging compat manager (#498)
* Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)
* scripts: introduce a wrapper to locally build deb package (#490)
* Introduce compat-manager systemd unit (#497)
- Version 20250304.01:
* Fix typo in windows build script (#501)
- Version 20250214.01:
* Include core plugin binary for all packages (#500)
- Version 20250212.00:
* Start packaging compat manager (#498)
* Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)
- Version 20250211.00:
* scripts: introduce a wrapper to locally build deb package (#490)
* Introduce compat-manager systemd unit (#497)
- Version 20250207.00:
* vlan: toggle vlan configuration in debian packaging (#495)
* vlan: move config out of unstable section (#494)
* Add clarification to comments regarding invalid NICs and the
`invalid` tag. (#493)
* Include interfaces in lists even if it has an invalid MAC. (#489)
* Fix windows package build failures (#491)
* vlan: don't index based on the vlan ID (#486)
* Revert PR #482 (#488)
* Remove Amy and Zach from OWNERS (#487)
* Skip interfaces in interfaceNames() instead of erroring if there is an (#482)
* Fix Debian packaging if guest agent manager is not checked out (#485)
- Version 20250204.02:
* force concourse to move version forward.
- Version 20250204.01:
* vlan: toggle vlan configuration in debian packaging (#495)
- Version 20250204.00:
* vlan: move config out of unstable section (#494)
* Add clarification to comments regarding invalid NICs and the
`invalid` tag. (#493)
- Version 20250203.01:
* Include interfaces in lists even if it has an invalid MAC. (#489)
- Version 20250203.00:
* Fix windows package build failures (#491)
* vlan: don't index based on the vlan ID (#486)
* Revert PR #482 (#488)
* Remove Amy and Zach from OWNERS (#487)
* Skip interfaces in interfaceNames() instead of erroring if there is an (#482)
* Fix Debian packaging if guest agent manager is not checked out (#485)
- Version 20250122.00:
* networkd(vlan): remove the interface in addition to config (#468)
* Implement support for vlan dynamic removal, update dhclient to
remove only if configured (#465)
* Update logging library (#479)
* Remove Pat from owners file. (#478)
Patchnames: SUSE-SLES-16.0-621
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:google-guest-agent-20250506.01-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:google-guest-agent-20250506.01-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:google-guest-agent-20250506.01-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:google-guest-agent-20250506.01-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:google-guest-agent-20250506.01-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:google-guest-agent-20250506.01-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:google-guest-agent-20250506.01-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:google-guest-agent-20250506.01-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for google-guest-agent",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for google-guest-agent fixes the following issues:\n\nUpdate to version 20250506.01 (bsc#1243254, bsc#1243505).\n\nSecurity issues fixed:\n\n- CVE-2024-45337: golang.org/x/crypto/ssh: misuse of the ServerConfig.PublicKeyCallback callback can lead to\n authorization bypass in applications (bsc#1234563).\n- CVE-2023-45288: golang.org/x/net/http2: no limit set for number of HTTP/2 CONTINUATION frames that can be read for an\n HTTP/2 request can lead to excessive CPU consumption and a DoS (bsc#1236533).\n\nOther updates and bugfixes:\n\n- Version 20250506.01:\n * Make sure agent added connections are activated by NM (#534)\n- Version 20250506.00:\n * Wrap NSS cache refresh in a goroutine (#533)\n- Version 20250502.01:\n * Wicked: Only reload interfaces for which configurations are written or changed. (#524)\n- Version 20250502.00:\n * Add AuthorizedKeysCompat to windows packaging (#530)\n * Remove error messages from gce_workload_cert_refresh and metadata script runner (#527)\n * Update guest-logging-go dependency (#526)\n * Add \u0027created-by\u0027 metadata, and pass it as option to logging library (#508)\n * Revert \"oslogin: Correctly handle newlines at the end of modified files (#520)\" (#523)\n * Re-enable disabled services if the core plugin was enabled (#522)\n * Enable guest services on package upgrade (#519)\n * oslogin: Correctly handle newlines at the end of modified files (#520)\n * Fix core plugin path (#518)\n * Fix package build issues (#517)\n * Fix dependencies ran go mod tidy -v (#515)\n * Fix debian build path (#514)\n * Bundle compat metadata script runner binary in package (#513)\n * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)\n * Update startup/shutdown services to launch compat manager (#503)\n * Bundle new gce metadata script runner binary in agent package (#502)\n * Revert \"Revert bundling new binaries in the package (#509)\" (#511)\n- Version 20250418.00:\n * Re-enable disabled services if the core plugin was enabled (#521)\n- Version 20250414.00:\n * Add AuthorizedKeysCompat to windows packaging (#530)\n * Remove error messages from gce_workload_cert_refresh and metadata script runner (#527)\n * Update guest-logging-go dependency (#526)\n * Add \u0027created-by\u0027 metadata, and pass it as option to logging library (#508)\n * Revert \"oslogin: Correctly handle newlines at the end of modified files (#520)\" (#523)\n * Re-enable disabled services if the core plugin was enabled (#522)\n * Enable guest services on package upgrade (#519)\n * oslogin: Correctly handle newlines at the end of modified files (#520)\n * Fix core plugin path (#518)\n * Fix package build issues (#517)\n * Fix dependencies ran go mod tidy -v (#515)\n * Fix debian build path (#514)\n * Bundle compat metadata script runner binary in package (#513)\n * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)\n * Update startup/shutdown services to launch compat manager (#503)\n * Bundle new gce metadata script runner binary in agent package (#502)\n * Revert \"Revert bundling new binaries in the package (#509)\" (#511)\n- Version 20250327.01 (bsc#1239763, bsc#1239866):\n * Remove error messages from gce_workload_cert_refresh and\n metadata script runner (#527)\n- Version 20250327.00:\n * Update guest-logging-go dependency (#526)\n * Add \u0027created-by\u0027 metadata, and pass it as option to logging library (#508)\n * Revert \"oslogin: Correctly handle newlines at the end of\n modified files (#520)\" (#523)\n * Re-enable disabled services if the core plugin was enabled (#522)\n * Enable guest services on package upgrade (#519)\n * oslogin: Correctly handle newlines at the end of modified files (#520)\n * Fix core plugin path (#518)\n * Fix package build issues (#517)\n * Fix dependencies ran go mod tidy -v (#515)\n * Fix debian build path (#514)\n * Bundle compat metadata script runner binary in package (#513)\n * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)\n * Update startup/shutdown services to launch compat manager (#503)\n * Bundle new gce metadata script runner binary in agent package (#502)\n * Revert \"Revert bundling new binaries in the package (#509)\" (#511)\n- Version 20250326.00:\n * Re-enable disabled services if the core plugin was enabled (#521)\n- Version 20250324.00:\n * Enable guest services on package upgrade (#519)\n * oslogin: Correctly handle newlines at the end of modified files (#520)\n * Fix core plugin path (#518)\n * Fix package build issues (#517)\n * Fix dependencies ran go mod tidy -v (#515)\n * Fix debian build path (#514)\n * Bundle compat metadata script runner binary in package (#513)\n * Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)\n * Update startup/shutdown services to launch compat manager (#503)\n * Bundle new gce metadata script runner binary in agent package (#502)\n * Revert \"Revert bundling new binaries in the package (#509)\" (#511)\n * Revert bundling new binaries in the package (#509)\n * Fix typo in windows build script (#501)\n * Include core plugin binary for all packages (#500)\n * Start packaging compat manager (#498)\n * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)\n * scripts: introduce a wrapper to locally build deb package (#490)\n * Introduce compat-manager systemd unit (#497)\n- Version 20250317.00:\n * Revert \"Revert bundling new binaries in the package (#509)\" (#511)\n * Revert bundling new binaries in the package (#509)\n * Fix typo in windows build script (#501)\n * Include core plugin binary for all packages (#500)\n * Start packaging compat manager (#498)\n * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)\n * scripts: introduce a wrapper to locally build deb package (#490)\n * Introduce compat-manager systemd unit (#497)\n- Version 20250312.00:\n * Revert bundling new binaries in the package (#509)\n * Fix typo in windows build script (#501)\n * Include core plugin binary for all packages (#500)\n * Start packaging compat manager (#498)\n * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)\n * scripts: introduce a wrapper to locally build deb package (#490)\n * Introduce compat-manager systemd unit (#497)\n- Version 20250305.00:\n * Revert bundling new binaries in the package (#509)\n * Fix typo in windows build script (#501)\n * Include core plugin binary for all packages (#500)\n * Start packaging compat manager (#498)\n * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)\n * scripts: introduce a wrapper to locally build deb package (#490)\n * Introduce compat-manager systemd unit (#497)\n- Version 20250304.01:\n * Fix typo in windows build script (#501)\n- Version 20250214.01:\n * Include core plugin binary for all packages (#500)\n- Version 20250212.00:\n * Start packaging compat manager (#498)\n * Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)\n- Version 20250211.00:\n * scripts: introduce a wrapper to locally build deb package (#490)\n * Introduce compat-manager systemd unit (#497)\n- Version 20250207.00:\n * vlan: toggle vlan configuration in debian packaging (#495)\n * vlan: move config out of unstable section (#494)\n * Add clarification to comments regarding invalid NICs and the\n `invalid` tag. (#493)\n * Include interfaces in lists even if it has an invalid MAC. (#489)\n * Fix windows package build failures (#491)\n * vlan: don\u0027t index based on the vlan ID (#486)\n * Revert PR #482 (#488)\n * Remove Amy and Zach from OWNERS (#487)\n * Skip interfaces in interfaceNames() instead of erroring if there is an (#482)\n * Fix Debian packaging if guest agent manager is not checked out (#485)\n- Version 20250204.02:\n * force concourse to move version forward.\n- Version 20250204.01:\n * vlan: toggle vlan configuration in debian packaging (#495)\n- Version 20250204.00:\n * vlan: move config out of unstable section (#494)\n * Add clarification to comments regarding invalid NICs and the\n `invalid` tag. (#493)\n- Version 20250203.01:\n * Include interfaces in lists even if it has an invalid MAC. (#489)\n- Version 20250203.00:\n * Fix windows package build failures (#491)\n * vlan: don\u0027t index based on the vlan ID (#486)\n * Revert PR #482 (#488)\n * Remove Amy and Zach from OWNERS (#487)\n * Skip interfaces in interfaceNames() instead of erroring if there is an (#482)\n * Fix Debian packaging if guest agent manager is not checked out (#485)\n- Version 20250122.00:\n * networkd(vlan): remove the interface in addition to config (#468)\n * Implement support for vlan dynamic removal, update dhclient to\n remove only if configured (#465)\n * Update logging library (#479)\n * Remove Pat from owners file. (#478)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-621",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21376-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21376-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621376-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21376-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/046065.html"
},
{
"category": "self",
"summary": "SUSE Bug 1234563",
"url": "https://bugzilla.suse.com/1234563"
},
{
"category": "self",
"summary": "SUSE Bug 1236533",
"url": "https://bugzilla.suse.com/1236533"
},
{
"category": "self",
"summary": "SUSE Bug 1239763",
"url": "https://bugzilla.suse.com/1239763"
},
{
"category": "self",
"summary": "SUSE Bug 1239866",
"url": "https://bugzilla.suse.com/1239866"
},
{
"category": "self",
"summary": "SUSE Bug 1243254",
"url": "https://bugzilla.suse.com/1243254"
},
{
"category": "self",
"summary": "SUSE Bug 1243505",
"url": "https://bugzilla.suse.com/1243505"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45288 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45337 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45337/"
}
],
"title": "Security update for google-guest-agent",
"tracking": {
"current_release_date": "2026-04-22T10:23:05Z",
"generator": {
"date": "2026-04-22T10:23:05Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21376-1",
"initial_release_date": "2026-04-22T10:23:05Z",
"revision_history": [
{
"date": "2026-04-22T10:23:05Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "google-guest-agent-20250506.01-160000.1.1.aarch64",
"product": {
"name": "google-guest-agent-20250506.01-160000.1.1.aarch64",
"product_id": "google-guest-agent-20250506.01-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "google-guest-agent-20250506.01-160000.1.1.x86_64",
"product": {
"name": "google-guest-agent-20250506.01-160000.1.1.x86_64",
"product_id": "google-guest-agent-20250506.01-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "google-guest-agent-20250506.01-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:google-guest-agent-20250506.01-160000.1.1.aarch64"
},
"product_reference": "google-guest-agent-20250506.01-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-guest-agent-20250506.01-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:google-guest-agent-20250506.01-160000.1.1.x86_64"
},
"product_reference": "google-guest-agent-20250506.01-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-guest-agent-20250506.01-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:google-guest-agent-20250506.01-160000.1.1.aarch64"
},
"product_reference": "google-guest-agent-20250506.01-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "google-guest-agent-20250506.01-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:google-guest-agent-20250506.01-160000.1.1.x86_64"
},
"product_reference": "google-guest-agent-20250506.01-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45288"
}
],
"notes": [
{
"category": "general",
"text": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request\u0027s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:google-guest-agent-20250506.01-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:google-guest-agent-20250506.01-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-guest-agent-20250506.01-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-guest-agent-20250506.01-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45288",
"url": "https://www.suse.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "SUSE Bug 1221400 for CVE-2023-45288",
"url": "https://bugzilla.suse.com/1221400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:google-guest-agent-20250506.01-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:google-guest-agent-20250506.01-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-guest-agent-20250506.01-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-guest-agent-20250506.01-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:google-guest-agent-20250506.01-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:google-guest-agent-20250506.01-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-guest-agent-20250506.01-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-guest-agent-20250506.01-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-22T10:23:05Z",
"details": "moderate"
}
],
"title": "CVE-2023-45288"
},
{
"cve": "CVE-2024-45337",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45337"
}
],
"notes": [
{
"category": "general",
"text": "Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that \"A call to this function does not guarantee that the key offered is in fact used to authenticate.\" Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:google-guest-agent-20250506.01-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:google-guest-agent-20250506.01-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-guest-agent-20250506.01-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-guest-agent-20250506.01-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45337",
"url": "https://www.suse.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "SUSE Bug 1234482 for CVE-2024-45337",
"url": "https://bugzilla.suse.com/1234482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:google-guest-agent-20250506.01-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:google-guest-agent-20250506.01-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-guest-agent-20250506.01-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-guest-agent-20250506.01-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:google-guest-agent-20250506.01-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:google-guest-agent-20250506.01-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-guest-agent-20250506.01-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:google-guest-agent-20250506.01-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-22T10:23:05Z",
"details": "important"
}
],
"title": "CVE-2024-45337"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…