Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-41110 (GCVE-0-2024-41110)
Vulnerability from cvelistv5 – Published: 2024-07-24 16:49 – Updated: 2024-10-13 21:03
VLAI
EPSS
Title
Moby authz zero length regression
Summary
Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low.
Using a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.
A security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.
Docker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable.
docker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege.
Severity
10 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
14 references
| URL | Tags |
|---|---|
| https://github.com/moby/moby/security/advisories/… | x_refsource_CONFIRM |
| https://github.com/moby/moby/commit/411e817ddf710… | x_refsource_MISC |
| https://github.com/moby/moby/commit/42f40b1d6dd75… | x_refsource_MISC |
| https://github.com/moby/moby/commit/65cc597cea28c… | x_refsource_MISC |
| https://github.com/moby/moby/commit/852759a7df454… | x_refsource_MISC |
| https://github.com/moby/moby/commit/a31260625655c… | x_refsource_MISC |
| https://github.com/moby/moby/commit/a79fabbfe8411… | x_refsource_MISC |
| https://github.com/moby/moby/commit/ae160b4edddb7… | x_refsource_MISC |
| https://github.com/moby/moby/commit/ae2b3666c517c… | x_refsource_MISC |
| https://github.com/moby/moby/commit/cc13f95251115… | x_refsource_MISC |
| https://github.com/moby/moby/commit/fc274cd2ff4cf… | x_refsource_MISC |
| https://www.docker.com/blog/docker-security-advis… | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2024080… | |
| https://lists.debian.org/debian-lts-announce/2024… |
Impacted products
12 products
| Vendor | Product | Version | |
|---|---|---|---|
| moby | moby |
Affected:
>= 19.03.0, <= 19.03.15
Affected: >= 20.0.0, <= 20.10.27 Affected: >= 23.0.0, <= 23.0.14 Affected: >= 24.0.0, <= 24.0.9 Affected: >= 25.0.0, <= 25.0.5 Affected: >= 26.0.0, <= 26.0.2 Affected: >= 26.1.0, <= 26.1.14 Affected: >= 27.0.0, <= 27.0.3 Affected: = 27.1.0 |
|
| docker | moby |
Affected:
19.0.0 , ≤ 19.03.15
(custom)
cpe:2.3:a:docker:moby:19.0.0:*:*:*:*:*:*:* |
|
| docker | moby |
Affected:
20.0.0 , ≤ 20.10.27
(custom)
cpe:2.3:a:docker:moby:20.0.0:*:*:*:*:*:*:* |
|
| docker | moby |
Affected:
23.0.0 , ≤ 23.0.14
(custom)
cpe:2.3:a:docker:moby:23.0.0:*:*:*:*:*:*:* |
|
| docker | moby |
Affected:
24.0.0 , ≤ 24.0.9
(custom)
cpe:2.3:a:docker:moby:24.0.0:*:*:*:*:*:*:* |
|
| docker | moby |
Affected:
25.0.0 , ≤ 25.0.5
(custom)
cpe:2.3:a:docker:moby:25.0.0:*:*:*:*:*:*:* |
|
| docker | moby |
Affected:
26.0.0 , ≤ 26.0.2
(custom)
cpe:2.3:a:docker:moby:26.1.0:*:*:*:*:*:*:* |
|
| docker | moby |
Affected:
26.1.0 , ≤ 26.1.14
(custom)
cpe:2.3:a:docker:moby:27.0.0:*:*:*:*:*:*:* |
|
| docker | moby |
Affected:
27.1.0
cpe:2.3:a:docker:moby:27.1.0:*:*:*:*:*:*:* |
|
| docker | moby |
Affected:
26.0.0 , ≤ 26.0.2
(custom)
cpe:2.3:a:docker:moby:26.0.0:*:*:*:*:*:*:* |
|
| docker | moby |
Affected:
26.1.0 , ≤ 26.1.14
(custom)
cpe:2.3:a:docker:moby:26.1.0:*:*:*:*:*:*:* |
|
| docker | moby |
Affected:
27.0.0 , ≤ 27.0.3
(custom)
cpe:2.3:a:docker:moby:27.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:docker:moby:19.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "moby",
"vendor": "docker",
"versions": [
{
"lessThanOrEqual": "19.03.15",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:docker:moby:20.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "moby",
"vendor": "docker",
"versions": [
{
"lessThanOrEqual": "20.10.27",
"status": "affected",
"version": "20.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:docker:moby:23.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "moby",
"vendor": "docker",
"versions": [
{
"lessThanOrEqual": "23.0.14",
"status": "affected",
"version": "23.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:docker:moby:24.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "moby",
"vendor": "docker",
"versions": [
{
"lessThanOrEqual": "24.0.9",
"status": "affected",
"version": "24.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:docker:moby:25.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "moby",
"vendor": "docker",
"versions": [
{
"lessThanOrEqual": "25.0.5",
"status": "affected",
"version": "25.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:docker:moby:26.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "moby",
"vendor": "docker",
"versions": [
{
"lessThanOrEqual": "26.0.2",
"status": "affected",
"version": "26.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:docker:moby:27.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "moby",
"vendor": "docker",
"versions": [
{
"lessThanOrEqual": "26.1.14",
"status": "affected",
"version": "26.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:docker:moby:27.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "moby",
"vendor": "docker",
"versions": [
{
"status": "affected",
"version": "27.1.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:docker:moby:26.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "moby",
"vendor": "docker",
"versions": [
{
"lessThanOrEqual": "26.0.2",
"status": "affected",
"version": "26.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:docker:moby:26.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "moby",
"vendor": "docker",
"versions": [
{
"lessThanOrEqual": "26.1.14",
"status": "affected",
"version": "26.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:docker:moby:27.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "moby",
"vendor": "docker",
"versions": [
{
"lessThanOrEqual": "27.0.3",
"status": "affected",
"version": "27.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41110",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-26T03:55:30.375492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T21:01:46.898Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-10-13T21:03:34.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq"
},
{
"name": "https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191"
},
{
"name": "https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76"
},
{
"name": "https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919"
},
{
"name": "https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b"
},
{
"name": "https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0"
},
{
"name": "https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1"
},
{
"name": "https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00"
},
{
"name": "https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f"
},
{
"name": "https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801"
},
{
"name": "https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb"
},
{
"name": "https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240802-0001/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "moby",
"vendor": "moby",
"versions": [
{
"status": "affected",
"version": "\u003e= 19.03.0, \u003c= 19.03.15"
},
{
"status": "affected",
"version": "\u003e= 20.0.0, \u003c= 20.10.27"
},
{
"status": "affected",
"version": "\u003e= 23.0.0, \u003c= 23.0.14"
},
{
"status": "affected",
"version": "\u003e= 24.0.0, \u003c= 24.0.9"
},
{
"status": "affected",
"version": "\u003e= 25.0.0, \u003c= 25.0.5"
},
{
"status": "affected",
"version": "\u003e= 26.0.0, \u003c= 26.0.2"
},
{
"status": "affected",
"version": "\u003e= 26.1.0, \u003c= 26.1.14"
},
{
"status": "affected",
"version": "\u003e= 27.0.0, \u003c= 27.0.3"
},
{
"status": "affected",
"version": "= 27.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low.\n\nUsing a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.\n\nA security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.\n\nDocker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable.\n\ndocker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-187",
"description": "CWE-187: Partial String Comparison",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T19:09:22.764Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq"
},
{
"name": "https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191"
},
{
"name": "https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76"
},
{
"name": "https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919"
},
{
"name": "https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b"
},
{
"name": "https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0"
},
{
"name": "https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1"
},
{
"name": "https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00"
},
{
"name": "https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f"
},
{
"name": "https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801"
},
{
"name": "https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb"
},
{
"name": "https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin"
}
],
"source": {
"advisory": "GHSA-v23v-6jw2-98fq",
"discovery": "UNKNOWN"
},
"title": "Moby authz zero length regression"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-41110",
"datePublished": "2024-07-24T16:49:53.068Z",
"dateReserved": "2024-07-15T15:53:28.321Z",
"dateUpdated": "2024-10-13T21:03:34.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-41110",
"date": "2026-06-23",
"epss": "0.16496",
"percentile": "0.96579"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low.\\n\\nUsing a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.\\n\\nA security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.\\n\\nDocker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable.\\n\\ndocker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege.\"}, {\"lang\": \"es\", \"value\": \"Moby es un proyecto de c\\u00f3digo abierto creado por Docker para la contenedorizaci\\u00f3n de software. Se ha detectado una vulnerabilidad de seguridad en determinadas versiones de Docker Engine, que podr\\u00eda permitir a un atacante omitir los complementos de autorizaci\\u00f3n (AuthZ) en circunstancias espec\\u00edficas. La probabilidad b\\u00e1sica de que esto sea explotado es baja. Utilizando una solicitud de API especialmente manipulada, un cliente de Engine API podr\\u00eda hacer que el daemon reenv\\u00ede la solicitud o respuesta a un complemento de autorizaci\\u00f3n sin el cuerpo. En determinadas circunstancias, el complemento de autorizaci\\u00f3n puede permitir una solicitud que, de otro modo, habr\\u00eda rechazado si se le hubiera enviado el organismo. En 2018 se descubri\\u00f3 un problema de seguridad en el que un atacante pod\\u00eda omitir los complementos de AuthZ mediante una solicitud API especialmente manipulada. Esto podr\\u00eda dar lugar a acciones no autorizadas, incluida la escalada de privilegios. Aunque este problema se solucion\\u00f3 en Docker Engine v18.09.1 en enero de 2019, la soluci\\u00f3n no se traslad\\u00f3 a versiones principales posteriores, lo que result\\u00f3 en una regresi\\u00f3n. Cualquiera que dependa de complementos de autorizaci\\u00f3n que introspeccionen el cuerpo de solicitud y/o respuesta para tomar decisiones de control de acceso se ver\\u00e1 potencialmente afectado. Docker EE v19.03.x y todas las versiones de Mirantis Container Runtime no son vulnerables. docker-ce v27.1.1 contiene parches para corregir la vulnerabilidad. Los parches tambi\\u00e9n se han fusionado en las ramas de versi\\u00f3n maestra, 19.0, 20.0, 23.0, 24.0, 25.0, 26.0 y 26.1. Si uno no puede actualizar inmediatamente, evite usar complementos de AuthZ y/o restrinja el acceso a la API de Docker a partes confiables, siguiendo el principio de privilegio m\\u00ednimo.\"}]",
"id": "CVE-2024-41110",
"lastModified": "2024-11-21T09:32:15.160",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 9.9, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.1, \"impactScore\": 6.0}]}",
"published": "2024-07-24T17:15:11.053",
"references": "[{\"url\": \"https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240802-0001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-187\"}, {\"lang\": \"en\", \"value\": \"CWE-444\"}, {\"lang\": \"en\", \"value\": \"CWE-863\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-41110\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-07-24T17:15:11.053\",\"lastModified\":\"2024-11-21T09:32:15.160\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low.\\n\\nUsing a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.\\n\\nA security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.\\n\\nDocker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable.\\n\\ndocker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege.\"},{\"lang\":\"es\",\"value\":\"Moby es un proyecto de c\u00f3digo abierto creado por Docker para la contenedorizaci\u00f3n de software. Se ha detectado una vulnerabilidad de seguridad en determinadas versiones de Docker Engine, que podr\u00eda permitir a un atacante omitir los complementos de autorizaci\u00f3n (AuthZ) en circunstancias espec\u00edficas. La probabilidad b\u00e1sica de que esto sea explotado es baja. Utilizando una solicitud de API especialmente manipulada, un cliente de Engine API podr\u00eda hacer que el daemon reenv\u00ede la solicitud o respuesta a un complemento de autorizaci\u00f3n sin el cuerpo. En determinadas circunstancias, el complemento de autorizaci\u00f3n puede permitir una solicitud que, de otro modo, habr\u00eda rechazado si se le hubiera enviado el organismo. En 2018 se descubri\u00f3 un problema de seguridad en el que un atacante pod\u00eda omitir los complementos de AuthZ mediante una solicitud API especialmente manipulada. Esto podr\u00eda dar lugar a acciones no autorizadas, incluida la escalada de privilegios. Aunque este problema se solucion\u00f3 en Docker Engine v18.09.1 en enero de 2019, la soluci\u00f3n no se traslad\u00f3 a versiones principales posteriores, lo que result\u00f3 en una regresi\u00f3n. Cualquiera que dependa de complementos de autorizaci\u00f3n que introspeccionen el cuerpo de solicitud y/o respuesta para tomar decisiones de control de acceso se ver\u00e1 potencialmente afectado. Docker EE v19.03.x y todas las versiones de Mirantis Container Runtime no son vulnerables. docker-ce v27.1.1 contiene parches para corregir la vulnerabilidad. Los parches tambi\u00e9n se han fusionado en las ramas de versi\u00f3n maestra, 19.0, 20.0, 23.0, 24.0, 25.0, 26.0 y 26.1. Si uno no puede actualizar inmediatamente, evite usar complementos de AuthZ y/o restrinja el acceso a la API de Docker a partes confiables, siguiendo el principio de privilegio m\u00ednimo.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.9,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.1,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-187\"},{\"lang\":\"en\",\"value\":\"CWE-444\"},{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"references\":[{\"url\":\"https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240802-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq\", \"name\": \"https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191\", \"name\": \"https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76\", \"name\": \"https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919\", \"name\": \"https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b\", \"name\": \"https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0\", \"name\": \"https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1\", \"name\": \"https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00\", \"name\": \"https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f\", \"name\": \"https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801\", \"name\": \"https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb\", \"name\": \"https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin\", \"name\": \"https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240802-0001/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-10-13T21:03:34.392Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-41110\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-26T03:55:30.375492Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:docker:moby:19.0.0:*:*:*:*:*:*:*\"], \"vendor\": \"docker\", \"product\": \"moby\", \"versions\": [{\"status\": \"affected\", \"version\": \"19.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"19.03.15\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:docker:moby:20.0.0:*:*:*:*:*:*:*\"], \"vendor\": \"docker\", \"product\": \"moby\", \"versions\": [{\"status\": \"affected\", \"version\": \"20.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"20.10.27\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:docker:moby:23.0.0:*:*:*:*:*:*:*\"], \"vendor\": \"docker\", \"product\": \"moby\", \"versions\": [{\"status\": \"affected\", \"version\": \"23.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"23.0.14\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:docker:moby:24.0.0:*:*:*:*:*:*:*\"], \"vendor\": \"docker\", \"product\": \"moby\", \"versions\": [{\"status\": \"affected\", \"version\": \"24.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"24.0.9\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:docker:moby:25.0.0:*:*:*:*:*:*:*\"], \"vendor\": \"docker\", \"product\": \"moby\", \"versions\": [{\"status\": \"affected\", \"version\": \"25.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"25.0.5\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:docker:moby:26.1.0:*:*:*:*:*:*:*\"], \"vendor\": \"docker\", \"product\": \"moby\", \"versions\": [{\"status\": \"affected\", \"version\": \"26.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"26.0.2\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:docker:moby:27.0.0:*:*:*:*:*:*:*\"], \"vendor\": \"docker\", \"product\": \"moby\", \"versions\": [{\"status\": \"affected\", \"version\": \"26.1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"26.1.14\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:docker:moby:27.1.0:*:*:*:*:*:*:*\"], \"vendor\": \"docker\", \"product\": \"moby\", \"versions\": [{\"status\": \"affected\", \"version\": \"27.1.0\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:docker:moby:26.0.0:*:*:*:*:*:*:*\"], \"vendor\": \"docker\", \"product\": \"moby\", \"versions\": [{\"status\": \"affected\", \"version\": \"26.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"26.0.2\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:docker:moby:26.1.0:*:*:*:*:*:*:*\"], \"vendor\": \"docker\", \"product\": \"moby\", \"versions\": [{\"status\": \"affected\", \"version\": \"26.1.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"26.1.14\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:docker:moby:27.0.0:*:*:*:*:*:*:*\"], \"vendor\": \"docker\", \"product\": \"moby\", \"versions\": [{\"status\": \"affected\", \"version\": \"27.0.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"27.0.3\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-24T20:02:34.755Z\"}}], \"cna\": {\"title\": \"Moby authz zero length regression\", \"source\": {\"advisory\": \"GHSA-v23v-6jw2-98fq\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 10, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"moby\", \"product\": \"moby\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 19.03.0, \u003c= 19.03.15\"}, {\"status\": \"affected\", \"version\": \"\u003e= 20.0.0, \u003c= 20.10.27\"}, {\"status\": \"affected\", \"version\": \"\u003e= 23.0.0, \u003c= 23.0.14\"}, {\"status\": \"affected\", \"version\": \"\u003e= 24.0.0, \u003c= 24.0.9\"}, {\"status\": \"affected\", \"version\": \"\u003e= 25.0.0, \u003c= 25.0.5\"}, {\"status\": \"affected\", \"version\": \"\u003e= 26.0.0, \u003c= 26.0.2\"}, {\"status\": \"affected\", \"version\": \"\u003e= 26.1.0, \u003c= 26.1.14\"}, {\"status\": \"affected\", \"version\": \"\u003e= 27.0.0, \u003c= 27.0.3\"}, {\"status\": \"affected\", \"version\": \"= 27.1.0\"}]}], \"references\": [{\"url\": \"https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq\", \"name\": \"https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191\", \"name\": \"https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76\", \"name\": \"https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919\", \"name\": \"https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b\", \"name\": \"https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0\", \"name\": \"https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1\", \"name\": \"https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00\", \"name\": \"https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f\", \"name\": \"https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801\", \"name\": \"https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb\", \"name\": \"https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin\", \"name\": \"https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low.\\n\\nUsing a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.\\n\\nA security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.\\n\\nDocker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable.\\n\\ndocker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-187\", \"description\": \"CWE-187: Partial String Comparison\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-444\", \"description\": \"CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-863\", \"description\": \"CWE-863: Incorrect Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-07-30T19:09:22.764Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-41110\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-13T21:03:34.392Z\", \"dateReserved\": \"2024-07-15T15:53:28.321Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-07-24T16:49:53.068Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
OPENSUSE-SU-2024:14235-1
Vulnerability from csaf_opensuse - Published: 2024-08-01 00:00 - Updated: 2024-08-01 00:00Summary
nova-3.10.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: nova-3.10.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the nova-3.10.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-14235
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.9 (Critical)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:nova-3.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nova-3.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nova-3.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nova-3.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nova-bash-completion-3.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nova-bash-completion-3.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nova-bash-completion-3.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nova-bash-completion-3.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nova-fish-completion-3.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nova-fish-completion-3.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nova-fish-completion-3.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nova-fish-completion-3.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nova-zsh-completion-3.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nova-zsh-completion-3.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nova-zsh-completion-3.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:nova-zsh-completion-3.10.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "nova-3.10.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the nova-3.10.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14235",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14235-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41110 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41110/"
}
],
"title": "nova-3.10.0-1.1 on GA media",
"tracking": {
"current_release_date": "2024-08-01T00:00:00Z",
"generator": {
"date": "2024-08-01T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14235-1",
"initial_release_date": "2024-08-01T00:00:00Z",
"revision_history": [
{
"date": "2024-08-01T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "nova-3.10.0-1.1.aarch64",
"product": {
"name": "nova-3.10.0-1.1.aarch64",
"product_id": "nova-3.10.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "nova-bash-completion-3.10.0-1.1.aarch64",
"product": {
"name": "nova-bash-completion-3.10.0-1.1.aarch64",
"product_id": "nova-bash-completion-3.10.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "nova-fish-completion-3.10.0-1.1.aarch64",
"product": {
"name": "nova-fish-completion-3.10.0-1.1.aarch64",
"product_id": "nova-fish-completion-3.10.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "nova-zsh-completion-3.10.0-1.1.aarch64",
"product": {
"name": "nova-zsh-completion-3.10.0-1.1.aarch64",
"product_id": "nova-zsh-completion-3.10.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nova-3.10.0-1.1.ppc64le",
"product": {
"name": "nova-3.10.0-1.1.ppc64le",
"product_id": "nova-3.10.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nova-bash-completion-3.10.0-1.1.ppc64le",
"product": {
"name": "nova-bash-completion-3.10.0-1.1.ppc64le",
"product_id": "nova-bash-completion-3.10.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nova-fish-completion-3.10.0-1.1.ppc64le",
"product": {
"name": "nova-fish-completion-3.10.0-1.1.ppc64le",
"product_id": "nova-fish-completion-3.10.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nova-zsh-completion-3.10.0-1.1.ppc64le",
"product": {
"name": "nova-zsh-completion-3.10.0-1.1.ppc64le",
"product_id": "nova-zsh-completion-3.10.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nova-3.10.0-1.1.s390x",
"product": {
"name": "nova-3.10.0-1.1.s390x",
"product_id": "nova-3.10.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "nova-bash-completion-3.10.0-1.1.s390x",
"product": {
"name": "nova-bash-completion-3.10.0-1.1.s390x",
"product_id": "nova-bash-completion-3.10.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "nova-fish-completion-3.10.0-1.1.s390x",
"product": {
"name": "nova-fish-completion-3.10.0-1.1.s390x",
"product_id": "nova-fish-completion-3.10.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "nova-zsh-completion-3.10.0-1.1.s390x",
"product": {
"name": "nova-zsh-completion-3.10.0-1.1.s390x",
"product_id": "nova-zsh-completion-3.10.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nova-3.10.0-1.1.x86_64",
"product": {
"name": "nova-3.10.0-1.1.x86_64",
"product_id": "nova-3.10.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "nova-bash-completion-3.10.0-1.1.x86_64",
"product": {
"name": "nova-bash-completion-3.10.0-1.1.x86_64",
"product_id": "nova-bash-completion-3.10.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "nova-fish-completion-3.10.0-1.1.x86_64",
"product": {
"name": "nova-fish-completion-3.10.0-1.1.x86_64",
"product_id": "nova-fish-completion-3.10.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "nova-zsh-completion-3.10.0-1.1.x86_64",
"product": {
"name": "nova-zsh-completion-3.10.0-1.1.x86_64",
"product_id": "nova-zsh-completion-3.10.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nova-3.10.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nova-3.10.0-1.1.aarch64"
},
"product_reference": "nova-3.10.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nova-3.10.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nova-3.10.0-1.1.ppc64le"
},
"product_reference": "nova-3.10.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nova-3.10.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nova-3.10.0-1.1.s390x"
},
"product_reference": "nova-3.10.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nova-3.10.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nova-3.10.0-1.1.x86_64"
},
"product_reference": "nova-3.10.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nova-bash-completion-3.10.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nova-bash-completion-3.10.0-1.1.aarch64"
},
"product_reference": "nova-bash-completion-3.10.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nova-bash-completion-3.10.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nova-bash-completion-3.10.0-1.1.ppc64le"
},
"product_reference": "nova-bash-completion-3.10.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nova-bash-completion-3.10.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nova-bash-completion-3.10.0-1.1.s390x"
},
"product_reference": "nova-bash-completion-3.10.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nova-bash-completion-3.10.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nova-bash-completion-3.10.0-1.1.x86_64"
},
"product_reference": "nova-bash-completion-3.10.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nova-fish-completion-3.10.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nova-fish-completion-3.10.0-1.1.aarch64"
},
"product_reference": "nova-fish-completion-3.10.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nova-fish-completion-3.10.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nova-fish-completion-3.10.0-1.1.ppc64le"
},
"product_reference": "nova-fish-completion-3.10.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nova-fish-completion-3.10.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nova-fish-completion-3.10.0-1.1.s390x"
},
"product_reference": "nova-fish-completion-3.10.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nova-fish-completion-3.10.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nova-fish-completion-3.10.0-1.1.x86_64"
},
"product_reference": "nova-fish-completion-3.10.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nova-zsh-completion-3.10.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nova-zsh-completion-3.10.0-1.1.aarch64"
},
"product_reference": "nova-zsh-completion-3.10.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nova-zsh-completion-3.10.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nova-zsh-completion-3.10.0-1.1.ppc64le"
},
"product_reference": "nova-zsh-completion-3.10.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nova-zsh-completion-3.10.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nova-zsh-completion-3.10.0-1.1.s390x"
},
"product_reference": "nova-zsh-completion-3.10.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nova-zsh-completion-3.10.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nova-zsh-completion-3.10.0-1.1.x86_64"
},
"product_reference": "nova-zsh-completion-3.10.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-41110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41110"
}
],
"notes": [
{
"category": "general",
"text": "Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low.\n\nUsing a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.\n\nA security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.\n\nDocker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable.\n\ndocker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:nova-3.10.0-1.1.aarch64",
"openSUSE Tumbleweed:nova-3.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:nova-3.10.0-1.1.s390x",
"openSUSE Tumbleweed:nova-3.10.0-1.1.x86_64",
"openSUSE Tumbleweed:nova-bash-completion-3.10.0-1.1.aarch64",
"openSUSE Tumbleweed:nova-bash-completion-3.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:nova-bash-completion-3.10.0-1.1.s390x",
"openSUSE Tumbleweed:nova-bash-completion-3.10.0-1.1.x86_64",
"openSUSE Tumbleweed:nova-fish-completion-3.10.0-1.1.aarch64",
"openSUSE Tumbleweed:nova-fish-completion-3.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:nova-fish-completion-3.10.0-1.1.s390x",
"openSUSE Tumbleweed:nova-fish-completion-3.10.0-1.1.x86_64",
"openSUSE Tumbleweed:nova-zsh-completion-3.10.0-1.1.aarch64",
"openSUSE Tumbleweed:nova-zsh-completion-3.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:nova-zsh-completion-3.10.0-1.1.s390x",
"openSUSE Tumbleweed:nova-zsh-completion-3.10.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41110",
"url": "https://www.suse.com/security/cve/CVE-2024-41110"
},
{
"category": "external",
"summary": "SUSE Bug 1228324 for CVE-2024-41110",
"url": "https://bugzilla.suse.com/1228324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:nova-3.10.0-1.1.aarch64",
"openSUSE Tumbleweed:nova-3.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:nova-3.10.0-1.1.s390x",
"openSUSE Tumbleweed:nova-3.10.0-1.1.x86_64",
"openSUSE Tumbleweed:nova-bash-completion-3.10.0-1.1.aarch64",
"openSUSE Tumbleweed:nova-bash-completion-3.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:nova-bash-completion-3.10.0-1.1.s390x",
"openSUSE Tumbleweed:nova-bash-completion-3.10.0-1.1.x86_64",
"openSUSE Tumbleweed:nova-fish-completion-3.10.0-1.1.aarch64",
"openSUSE Tumbleweed:nova-fish-completion-3.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:nova-fish-completion-3.10.0-1.1.s390x",
"openSUSE Tumbleweed:nova-fish-completion-3.10.0-1.1.x86_64",
"openSUSE Tumbleweed:nova-zsh-completion-3.10.0-1.1.aarch64",
"openSUSE Tumbleweed:nova-zsh-completion-3.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:nova-zsh-completion-3.10.0-1.1.s390x",
"openSUSE Tumbleweed:nova-zsh-completion-3.10.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:nova-3.10.0-1.1.aarch64",
"openSUSE Tumbleweed:nova-3.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:nova-3.10.0-1.1.s390x",
"openSUSE Tumbleweed:nova-3.10.0-1.1.x86_64",
"openSUSE Tumbleweed:nova-bash-completion-3.10.0-1.1.aarch64",
"openSUSE Tumbleweed:nova-bash-completion-3.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:nova-bash-completion-3.10.0-1.1.s390x",
"openSUSE Tumbleweed:nova-bash-completion-3.10.0-1.1.x86_64",
"openSUSE Tumbleweed:nova-fish-completion-3.10.0-1.1.aarch64",
"openSUSE Tumbleweed:nova-fish-completion-3.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:nova-fish-completion-3.10.0-1.1.s390x",
"openSUSE Tumbleweed:nova-fish-completion-3.10.0-1.1.x86_64",
"openSUSE Tumbleweed:nova-zsh-completion-3.10.0-1.1.aarch64",
"openSUSE Tumbleweed:nova-zsh-completion-3.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:nova-zsh-completion-3.10.0-1.1.s390x",
"openSUSE Tumbleweed:nova-zsh-completion-3.10.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-01T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-41110"
}
]
}
OPENSUSE-SU-2024:14446-1
Vulnerability from csaf_opensuse - Published: 2024-11-01 00:00 - Updated: 2024-11-01 00:00Summary
docker-stable-24.0.9_ce-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: docker-stable-24.0.9_ce-1.1 on GA media
Description of the patch: These are all security issues fixed in the docker-stable-24.0.9_ce-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-14446
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.9 (Critical)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.17.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.17.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.17.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.17.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
7 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "docker-stable-24.0.9_ce-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the docker-stable-24.0.9_ce-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14446",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14446-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2024:14446-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4IY5X4DAH24CGCGTMMLFUPNY6HNUSGO4/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2024:14446-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4IY5X4DAH24CGCGTMMLFUPNY6HNUSGO4/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41110 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41110/"
}
],
"title": "docker-stable-24.0.9_ce-1.1 on GA media",
"tracking": {
"current_release_date": "2024-11-01T00:00:00Z",
"generator": {
"date": "2024-11-01T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14446-1",
"initial_release_date": "2024-11-01T00:00:00Z",
"revision_history": [
{
"date": "2024-11-01T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-1.1.aarch64",
"product": {
"name": "docker-stable-24.0.9_ce-1.1.aarch64",
"product_id": "docker-stable-24.0.9_ce-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-stable-bash-completion-24.0.9_ce-1.1.aarch64",
"product": {
"name": "docker-stable-bash-completion-24.0.9_ce-1.1.aarch64",
"product_id": "docker-stable-bash-completion-24.0.9_ce-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.17.1-1.1.aarch64",
"product": {
"name": "docker-stable-buildx-0.17.1-1.1.aarch64",
"product_id": "docker-stable-buildx-0.17.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-stable-fish-completion-24.0.9_ce-1.1.aarch64",
"product": {
"name": "docker-stable-fish-completion-24.0.9_ce-1.1.aarch64",
"product_id": "docker-stable-fish-completion-24.0.9_ce-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-stable-rootless-extras-24.0.9_ce-1.1.aarch64",
"product": {
"name": "docker-stable-rootless-extras-24.0.9_ce-1.1.aarch64",
"product_id": "docker-stable-rootless-extras-24.0.9_ce-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-stable-zsh-completion-24.0.9_ce-1.1.aarch64",
"product": {
"name": "docker-stable-zsh-completion-24.0.9_ce-1.1.aarch64",
"product_id": "docker-stable-zsh-completion-24.0.9_ce-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-1.1.ppc64le",
"product": {
"name": "docker-stable-24.0.9_ce-1.1.ppc64le",
"product_id": "docker-stable-24.0.9_ce-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-stable-bash-completion-24.0.9_ce-1.1.ppc64le",
"product": {
"name": "docker-stable-bash-completion-24.0.9_ce-1.1.ppc64le",
"product_id": "docker-stable-bash-completion-24.0.9_ce-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.17.1-1.1.ppc64le",
"product": {
"name": "docker-stable-buildx-0.17.1-1.1.ppc64le",
"product_id": "docker-stable-buildx-0.17.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-stable-fish-completion-24.0.9_ce-1.1.ppc64le",
"product": {
"name": "docker-stable-fish-completion-24.0.9_ce-1.1.ppc64le",
"product_id": "docker-stable-fish-completion-24.0.9_ce-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-stable-rootless-extras-24.0.9_ce-1.1.ppc64le",
"product": {
"name": "docker-stable-rootless-extras-24.0.9_ce-1.1.ppc64le",
"product_id": "docker-stable-rootless-extras-24.0.9_ce-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-stable-zsh-completion-24.0.9_ce-1.1.ppc64le",
"product": {
"name": "docker-stable-zsh-completion-24.0.9_ce-1.1.ppc64le",
"product_id": "docker-stable-zsh-completion-24.0.9_ce-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-1.1.s390x",
"product": {
"name": "docker-stable-24.0.9_ce-1.1.s390x",
"product_id": "docker-stable-24.0.9_ce-1.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-stable-bash-completion-24.0.9_ce-1.1.s390x",
"product": {
"name": "docker-stable-bash-completion-24.0.9_ce-1.1.s390x",
"product_id": "docker-stable-bash-completion-24.0.9_ce-1.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.17.1-1.1.s390x",
"product": {
"name": "docker-stable-buildx-0.17.1-1.1.s390x",
"product_id": "docker-stable-buildx-0.17.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-stable-fish-completion-24.0.9_ce-1.1.s390x",
"product": {
"name": "docker-stable-fish-completion-24.0.9_ce-1.1.s390x",
"product_id": "docker-stable-fish-completion-24.0.9_ce-1.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-stable-rootless-extras-24.0.9_ce-1.1.s390x",
"product": {
"name": "docker-stable-rootless-extras-24.0.9_ce-1.1.s390x",
"product_id": "docker-stable-rootless-extras-24.0.9_ce-1.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-stable-zsh-completion-24.0.9_ce-1.1.s390x",
"product": {
"name": "docker-stable-zsh-completion-24.0.9_ce-1.1.s390x",
"product_id": "docker-stable-zsh-completion-24.0.9_ce-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-1.1.x86_64",
"product": {
"name": "docker-stable-24.0.9_ce-1.1.x86_64",
"product_id": "docker-stable-24.0.9_ce-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-stable-bash-completion-24.0.9_ce-1.1.x86_64",
"product": {
"name": "docker-stable-bash-completion-24.0.9_ce-1.1.x86_64",
"product_id": "docker-stable-bash-completion-24.0.9_ce-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.17.1-1.1.x86_64",
"product": {
"name": "docker-stable-buildx-0.17.1-1.1.x86_64",
"product_id": "docker-stable-buildx-0.17.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-stable-fish-completion-24.0.9_ce-1.1.x86_64",
"product": {
"name": "docker-stable-fish-completion-24.0.9_ce-1.1.x86_64",
"product_id": "docker-stable-fish-completion-24.0.9_ce-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-stable-rootless-extras-24.0.9_ce-1.1.x86_64",
"product": {
"name": "docker-stable-rootless-extras-24.0.9_ce-1.1.x86_64",
"product_id": "docker-stable-rootless-extras-24.0.9_ce-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-stable-zsh-completion-24.0.9_ce-1.1.x86_64",
"product": {
"name": "docker-stable-zsh-completion-24.0.9_ce-1.1.x86_64",
"product_id": "docker-stable-zsh-completion-24.0.9_ce-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-24.0.9_ce-1.1.aarch64"
},
"product_reference": "docker-stable-24.0.9_ce-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-24.0.9_ce-1.1.ppc64le"
},
"product_reference": "docker-stable-24.0.9_ce-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-24.0.9_ce-1.1.s390x"
},
"product_reference": "docker-stable-24.0.9_ce-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-24.0.9_ce-1.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-1.1.aarch64"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-1.1.ppc64le"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-1.1.s390x"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-1.1.x86_64"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.17.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-buildx-0.17.1-1.1.aarch64"
},
"product_reference": "docker-stable-buildx-0.17.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.17.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-buildx-0.17.1-1.1.ppc64le"
},
"product_reference": "docker-stable-buildx-0.17.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.17.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-buildx-0.17.1-1.1.s390x"
},
"product_reference": "docker-stable-buildx-0.17.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.17.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-buildx-0.17.1-1.1.x86_64"
},
"product_reference": "docker-stable-buildx-0.17.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-fish-completion-24.0.9_ce-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-1.1.aarch64"
},
"product_reference": "docker-stable-fish-completion-24.0.9_ce-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-fish-completion-24.0.9_ce-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-1.1.ppc64le"
},
"product_reference": "docker-stable-fish-completion-24.0.9_ce-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-fish-completion-24.0.9_ce-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-1.1.s390x"
},
"product_reference": "docker-stable-fish-completion-24.0.9_ce-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-fish-completion-24.0.9_ce-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-1.1.x86_64"
},
"product_reference": "docker-stable-fish-completion-24.0.9_ce-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-rootless-extras-24.0.9_ce-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-1.1.aarch64"
},
"product_reference": "docker-stable-rootless-extras-24.0.9_ce-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-rootless-extras-24.0.9_ce-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-1.1.ppc64le"
},
"product_reference": "docker-stable-rootless-extras-24.0.9_ce-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-rootless-extras-24.0.9_ce-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-1.1.s390x"
},
"product_reference": "docker-stable-rootless-extras-24.0.9_ce-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-rootless-extras-24.0.9_ce-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-1.1.x86_64"
},
"product_reference": "docker-stable-rootless-extras-24.0.9_ce-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-zsh-completion-24.0.9_ce-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-1.1.aarch64"
},
"product_reference": "docker-stable-zsh-completion-24.0.9_ce-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-zsh-completion-24.0.9_ce-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-1.1.ppc64le"
},
"product_reference": "docker-stable-zsh-completion-24.0.9_ce-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-zsh-completion-24.0.9_ce-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-1.1.s390x"
},
"product_reference": "docker-stable-zsh-completion-24.0.9_ce-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-zsh-completion-24.0.9_ce-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-1.1.x86_64"
},
"product_reference": "docker-stable-zsh-completion-24.0.9_ce-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-41110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41110"
}
],
"notes": [
{
"category": "general",
"text": "Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low.\n\nUsing a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.\n\nA security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.\n\nDocker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable.\n\ndocker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-1.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-1.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-1.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-1.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-1.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-1.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-1.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-1.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.17.1-1.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.17.1-1.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.17.1-1.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.17.1-1.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-1.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-1.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-1.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-1.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-1.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-1.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-1.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-1.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-1.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-1.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-1.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41110",
"url": "https://www.suse.com/security/cve/CVE-2024-41110"
},
{
"category": "external",
"summary": "SUSE Bug 1228324 for CVE-2024-41110",
"url": "https://bugzilla.suse.com/1228324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-1.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-1.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-1.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-1.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-1.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-1.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-1.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-1.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.17.1-1.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.17.1-1.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.17.1-1.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.17.1-1.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-1.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-1.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-1.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-1.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-1.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-1.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-1.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-1.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-1.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-1.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-1.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-1.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-1.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-1.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-1.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-1.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-1.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-1.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-1.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.17.1-1.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.17.1-1.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.17.1-1.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.17.1-1.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-1.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-1.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-1.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-1.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-1.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-1.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-1.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-1.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-1.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-1.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-1.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-01T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-41110"
}
]
}
OPENSUSE-SU-2025:14909-1
Vulnerability from csaf_opensuse - Published: 2025-03-19 00:00 - Updated: 2025-03-19 00:00Summary
apptainer-1.3.6-5.1 on GA media
Severity
Moderate
Notes
Title of the patch: apptainer-1.3.6-5.1 on GA media
Description of the patch: These are all security issues fixed in the apptainer-1.3.6-5.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-14909
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.9 (Critical)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:apptainer-1.3.6-5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-1.3.6-5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-1.3.6-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-1.3.6-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.1 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:apptainer-1.3.6-5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-1.3.6-5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-1.3.6-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-1.3.6-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:apptainer-1.3.6-5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-1.3.6-5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-1.3.6-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-1.3.6-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:apptainer-1.3.6-5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-1.3.6-5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-1.3.6-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-1.3.6-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:apptainer-1.3.6-5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-1.3.6-5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-1.3.6-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-1.3.6-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:apptainer-1.3.6-5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-1.3.6-5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-1.3.6-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-1.3.6-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "apptainer-1.3.6-5.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the apptainer-1.3.6-5.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-14909",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14909-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:14909-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BIPGSRATX6BG2ZXWE7566EGQCKXLC4RV/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:14909-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BIPGSRATX6BG2ZXWE7566EGQCKXLC4RV/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41110 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41110/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45337 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45337/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45338 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27144 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27144/"
}
],
"title": "apptainer-1.3.6-5.1 on GA media",
"tracking": {
"current_release_date": "2025-03-19T00:00:00Z",
"generator": {
"date": "2025-03-19T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:14909-1",
"initial_release_date": "2025-03-19T00:00:00Z",
"revision_history": [
{
"date": "2025-03-19T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apptainer-1.3.6-5.1.aarch64",
"product": {
"name": "apptainer-1.3.6-5.1.aarch64",
"product_id": "apptainer-1.3.6-5.1.aarch64"
}
},
{
"category": "product_version",
"name": "apptainer-leap-1.3.6-5.1.aarch64",
"product": {
"name": "apptainer-leap-1.3.6-5.1.aarch64",
"product_id": "apptainer-leap-1.3.6-5.1.aarch64"
}
},
{
"category": "product_version",
"name": "apptainer-sle15_5-1.3.6-5.1.aarch64",
"product": {
"name": "apptainer-sle15_5-1.3.6-5.1.aarch64",
"product_id": "apptainer-sle15_5-1.3.6-5.1.aarch64"
}
},
{
"category": "product_version",
"name": "apptainer-sle15_6-1.3.6-5.1.aarch64",
"product": {
"name": "apptainer-sle15_6-1.3.6-5.1.aarch64",
"product_id": "apptainer-sle15_6-1.3.6-5.1.aarch64"
}
},
{
"category": "product_version",
"name": "apptainer-sle15_7-1.3.6-5.1.aarch64",
"product": {
"name": "apptainer-sle15_7-1.3.6-5.1.aarch64",
"product_id": "apptainer-sle15_7-1.3.6-5.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "apptainer-1.3.6-5.1.ppc64le",
"product": {
"name": "apptainer-1.3.6-5.1.ppc64le",
"product_id": "apptainer-1.3.6-5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apptainer-leap-1.3.6-5.1.ppc64le",
"product": {
"name": "apptainer-leap-1.3.6-5.1.ppc64le",
"product_id": "apptainer-leap-1.3.6-5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apptainer-sle15_5-1.3.6-5.1.ppc64le",
"product": {
"name": "apptainer-sle15_5-1.3.6-5.1.ppc64le",
"product_id": "apptainer-sle15_5-1.3.6-5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apptainer-sle15_6-1.3.6-5.1.ppc64le",
"product": {
"name": "apptainer-sle15_6-1.3.6-5.1.ppc64le",
"product_id": "apptainer-sle15_6-1.3.6-5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apptainer-sle15_7-1.3.6-5.1.ppc64le",
"product": {
"name": "apptainer-sle15_7-1.3.6-5.1.ppc64le",
"product_id": "apptainer-sle15_7-1.3.6-5.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "apptainer-1.3.6-5.1.s390x",
"product": {
"name": "apptainer-1.3.6-5.1.s390x",
"product_id": "apptainer-1.3.6-5.1.s390x"
}
},
{
"category": "product_version",
"name": "apptainer-leap-1.3.6-5.1.s390x",
"product": {
"name": "apptainer-leap-1.3.6-5.1.s390x",
"product_id": "apptainer-leap-1.3.6-5.1.s390x"
}
},
{
"category": "product_version",
"name": "apptainer-sle15_5-1.3.6-5.1.s390x",
"product": {
"name": "apptainer-sle15_5-1.3.6-5.1.s390x",
"product_id": "apptainer-sle15_5-1.3.6-5.1.s390x"
}
},
{
"category": "product_version",
"name": "apptainer-sle15_6-1.3.6-5.1.s390x",
"product": {
"name": "apptainer-sle15_6-1.3.6-5.1.s390x",
"product_id": "apptainer-sle15_6-1.3.6-5.1.s390x"
}
},
{
"category": "product_version",
"name": "apptainer-sle15_7-1.3.6-5.1.s390x",
"product": {
"name": "apptainer-sle15_7-1.3.6-5.1.s390x",
"product_id": "apptainer-sle15_7-1.3.6-5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apptainer-1.3.6-5.1.x86_64",
"product": {
"name": "apptainer-1.3.6-5.1.x86_64",
"product_id": "apptainer-1.3.6-5.1.x86_64"
}
},
{
"category": "product_version",
"name": "apptainer-leap-1.3.6-5.1.x86_64",
"product": {
"name": "apptainer-leap-1.3.6-5.1.x86_64",
"product_id": "apptainer-leap-1.3.6-5.1.x86_64"
}
},
{
"category": "product_version",
"name": "apptainer-sle15_5-1.3.6-5.1.x86_64",
"product": {
"name": "apptainer-sle15_5-1.3.6-5.1.x86_64",
"product_id": "apptainer-sle15_5-1.3.6-5.1.x86_64"
}
},
{
"category": "product_version",
"name": "apptainer-sle15_6-1.3.6-5.1.x86_64",
"product": {
"name": "apptainer-sle15_6-1.3.6-5.1.x86_64",
"product_id": "apptainer-sle15_6-1.3.6-5.1.x86_64"
}
},
{
"category": "product_version",
"name": "apptainer-sle15_7-1.3.6-5.1.x86_64",
"product": {
"name": "apptainer-sle15_7-1.3.6-5.1.x86_64",
"product_id": "apptainer-sle15_7-1.3.6-5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-1.3.6-5.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apptainer-1.3.6-5.1.aarch64"
},
"product_reference": "apptainer-1.3.6-5.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-1.3.6-5.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apptainer-1.3.6-5.1.ppc64le"
},
"product_reference": "apptainer-1.3.6-5.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-1.3.6-5.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apptainer-1.3.6-5.1.s390x"
},
"product_reference": "apptainer-1.3.6-5.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-1.3.6-5.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apptainer-1.3.6-5.1.x86_64"
},
"product_reference": "apptainer-1.3.6-5.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-leap-1.3.6-5.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.aarch64"
},
"product_reference": "apptainer-leap-1.3.6-5.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-leap-1.3.6-5.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.ppc64le"
},
"product_reference": "apptainer-leap-1.3.6-5.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-leap-1.3.6-5.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.s390x"
},
"product_reference": "apptainer-leap-1.3.6-5.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-leap-1.3.6-5.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.x86_64"
},
"product_reference": "apptainer-leap-1.3.6-5.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-sle15_5-1.3.6-5.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.aarch64"
},
"product_reference": "apptainer-sle15_5-1.3.6-5.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-sle15_5-1.3.6-5.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.ppc64le"
},
"product_reference": "apptainer-sle15_5-1.3.6-5.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-sle15_5-1.3.6-5.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.s390x"
},
"product_reference": "apptainer-sle15_5-1.3.6-5.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-sle15_5-1.3.6-5.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.x86_64"
},
"product_reference": "apptainer-sle15_5-1.3.6-5.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-sle15_6-1.3.6-5.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.aarch64"
},
"product_reference": "apptainer-sle15_6-1.3.6-5.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-sle15_6-1.3.6-5.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.ppc64le"
},
"product_reference": "apptainer-sle15_6-1.3.6-5.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-sle15_6-1.3.6-5.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.s390x"
},
"product_reference": "apptainer-sle15_6-1.3.6-5.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-sle15_6-1.3.6-5.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.x86_64"
},
"product_reference": "apptainer-sle15_6-1.3.6-5.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-sle15_7-1.3.6-5.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.aarch64"
},
"product_reference": "apptainer-sle15_7-1.3.6-5.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-sle15_7-1.3.6-5.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.ppc64le"
},
"product_reference": "apptainer-sle15_7-1.3.6-5.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-sle15_7-1.3.6-5.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.s390x"
},
"product_reference": "apptainer-sle15_7-1.3.6-5.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-sle15_7-1.3.6-5.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.x86_64"
},
"product_reference": "apptainer-sle15_7-1.3.6-5.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-41110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41110"
}
],
"notes": [
{
"category": "general",
"text": "Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low.\n\nUsing a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.\n\nA security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.\n\nDocker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable.\n\ndocker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41110",
"url": "https://www.suse.com/security/cve/CVE-2024-41110"
},
{
"category": "external",
"summary": "SUSE Bug 1228324 for CVE-2024-41110",
"url": "https://bugzilla.suse.com/1228324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2024-41110"
},
{
"cve": "CVE-2024-45337",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45337"
}
],
"notes": [
{
"category": "general",
"text": "Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that \"A call to this function does not guarantee that the key offered is in fact used to authenticate.\" Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45337",
"url": "https://www.suse.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "SUSE Bug 1234482 for CVE-2024-45337",
"url": "https://bugzilla.suse.com/1234482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-45337"
},
{
"cve": "CVE-2024-45338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45338"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45338",
"url": "https://www.suse.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "SUSE Bug 1234794 for CVE-2024-45338",
"url": "https://bugzilla.suse.com/1234794"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-45338"
},
{
"cve": "CVE-2025-22869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22869"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22869",
"url": "https://www.suse.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "SUSE Bug 1239322 for CVE-2025-22869",
"url": "https://bugzilla.suse.com/1239322"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-22869"
},
{
"cve": "CVE-2025-22870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22870"
}
],
"notes": [
{
"category": "general",
"text": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22870",
"url": "https://www.suse.com/security/cve/CVE-2025-22870"
},
{
"category": "external",
"summary": "SUSE Bug 1238572 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238572"
},
{
"category": "external",
"summary": "SUSE Bug 1238611 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-22870"
},
{
"cve": "CVE-2025-27144",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27144"
}
],
"notes": [
{
"category": "general",
"text": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, \".\") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27144",
"url": "https://www.suse.com/security/cve/CVE-2025-27144"
},
{
"category": "external",
"summary": "SUSE Bug 1237608 for CVE-2025-27144",
"url": "https://bugzilla.suse.com/1237608"
},
{
"category": "external",
"summary": "SUSE Bug 1237609 for CVE-2025-27144",
"url": "https://bugzilla.suse.com/1237609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-leap-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-5.1.x86_64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.aarch64",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.ppc64le",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.s390x",
"openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-19T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-27144"
}
]
}
RHSA-2024:10852
Vulnerability from csaf_redhat - Published: 2024-12-05 14:54 - Updated: 2026-06-23 13:32Summary
Red Hat Security Advisory: RHOAI 2.16.0 - Red Hat OpenShift AI
Severity
Important
Notes
Topic: Updated images are now available for Red Hat OpenShift AI.
Details: Release of RHOAI 2.16.0 provides these changes:
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process.
9.0 (Critical)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:3e670a110eb3a6e59c6051b485bc88d39cb921b31854f36073f2088d52b53ce1_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:3fc2da180ef549a8041ebe6a5f5f24869a012a2416c2d3e154b2a5ba9645bf60_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:c2a79db6d2ba9c313640149a55f306e8aa4dc36f3cc24bf554c025503b013644_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:0d5e5f17b2eac616c8f5701f89e7309b35000bb7771c311f8763b7b9d1f174a0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:c5d22d63f967e5cf4bd35488dcf64ce0765a6a2a1070a911f66d7bf6f94f1136_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f7b6a45b4db2861c7e1ea225405ffcac3cf112b8eb9cf5a1c9fa7ffb68f6820_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:efe0ec7e60c371b02f2d8431aab69eb1e2ff6c9c93c83d48f8b5e8a5e8d6e46f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:1fe9fb65f747f217c0f247519b23f702d0dfdb9fb471f99382afa9c25fec3c6f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:4bc8931d063ab56fc99a62bf5b606e9f99addb61b6c097ee0401f7e31787a123_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:348e66c3e1e3c17106c4f4957c5e7b9bcefec80deb00e4900066262c356bc308_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f1861c81fbb70c28f408072b1bf1b4b79ae1a19637700c455f8133d191e78e6b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:ab129822211bc9af41a3a52ff10a88d7349a122d0c4e215c824f4e77437cad5e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:59aa33eb2adff1533465d89a6b86cb52c1823a4b724cc5fa535445277826ecf6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:d0e26b14b5c09c23193fbca6409e6a7124baa97138dfc75de17b48241636a4da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:c693bd7449c90b7406ce66652524d575c2b875d5c9f14f7ced79adf9c98d5fcb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:56df2f7095c98e6aa73caf59bbb088ef0824ce0db6acdd5c3a15df53bfd3dbdd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:1d348086632e5f94c923f91e40c823ab1c27c3b0abc008e8266abe2fd86062a5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:60c9d0b547ad4d46cdabeb0dfb0c835c68c43bd34cd83b196155899b93017e38_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:6f1ad9675887881dfaa7a8dd81a36ad86c9148f4882141f74b66b28144a73f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:5f61cf084b1d79ee1b651f2b1777ff238c3e31eb76eba71ccb33b01c46f8c1af_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:873167913efce726fe05667f2a5d3bbdd4aeedc6db905833c9ec620f39a33bd0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:f96f5d774a07b8f345ddab253cc2671c92a8ba85dda89bd89e5e3c4f126eca50_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:3e647011ba1561919aaac2c65fe605eff4c64fff4cc229e12490f90dcebf3669_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:8eebdb1fa9004bc34fc637ac6e8f195d0f7b71356714ef495c4c1f89d783eb84_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:68ca253d57a89eedda4bd65486ca480a25dd15ea1f7ff0376a50c7f4a40e1395_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:ba0929d09d596250ce4c35fc8e8ea1a325c35e87cac2fd4106d96573a870db12_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:feebb0e5015cba9d86d8ebf711c993f958f4cd01a935a136232b64fdd25bec0c_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.
7.4 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:c2a79db6d2ba9c313640149a55f306e8aa4dc36f3cc24bf554c025503b013644_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:3fc2da180ef549a8041ebe6a5f5f24869a012a2416c2d3e154b2a5ba9645bf60_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:0d5e5f17b2eac616c8f5701f89e7309b35000bb7771c311f8763b7b9d1f174a0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:c5d22d63f967e5cf4bd35488dcf64ce0765a6a2a1070a911f66d7bf6f94f1136_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f7b6a45b4db2861c7e1ea225405ffcac3cf112b8eb9cf5a1c9fa7ffb68f6820_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:3e670a110eb3a6e59c6051b485bc88d39cb921b31854f36073f2088d52b53ce1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:efe0ec7e60c371b02f2d8431aab69eb1e2ff6c9c93c83d48f8b5e8a5e8d6e46f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:1fe9fb65f747f217c0f247519b23f702d0dfdb9fb471f99382afa9c25fec3c6f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:4bc8931d063ab56fc99a62bf5b606e9f99addb61b6c097ee0401f7e31787a123_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:348e66c3e1e3c17106c4f4957c5e7b9bcefec80deb00e4900066262c356bc308_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f1861c81fbb70c28f408072b1bf1b4b79ae1a19637700c455f8133d191e78e6b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:ab129822211bc9af41a3a52ff10a88d7349a122d0c4e215c824f4e77437cad5e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:59aa33eb2adff1533465d89a6b86cb52c1823a4b724cc5fa535445277826ecf6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:d0e26b14b5c09c23193fbca6409e6a7124baa97138dfc75de17b48241636a4da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:c693bd7449c90b7406ce66652524d575c2b875d5c9f14f7ced79adf9c98d5fcb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:56df2f7095c98e6aa73caf59bbb088ef0824ce0db6acdd5c3a15df53bfd3dbdd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:1d348086632e5f94c923f91e40c823ab1c27c3b0abc008e8266abe2fd86062a5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:60c9d0b547ad4d46cdabeb0dfb0c835c68c43bd34cd83b196155899b93017e38_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:6f1ad9675887881dfaa7a8dd81a36ad86c9148f4882141f74b66b28144a73f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:5f61cf084b1d79ee1b651f2b1777ff238c3e31eb76eba71ccb33b01c46f8c1af_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:873167913efce726fe05667f2a5d3bbdd4aeedc6db905833c9ec620f39a33bd0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:f96f5d774a07b8f345ddab253cc2671c92a8ba85dda89bd89e5e3c4f126eca50_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:3e647011ba1561919aaac2c65fe605eff4c64fff4cc229e12490f90dcebf3669_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:8eebdb1fa9004bc34fc637ac6e8f195d0f7b71356714ef495c4c1f89d783eb84_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:68ca253d57a89eedda4bd65486ca480a25dd15ea1f7ff0376a50c7f4a40e1395_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:ba0929d09d596250ce4c35fc8e8ea1a325c35e87cac2fd4106d96573a870db12_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:feebb0e5015cba9d86d8ebf711c993f958f4cd01a935a136232b64fdd25bec0c_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.
5.9 (Medium)
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:0d5e5f17b2eac616c8f5701f89e7309b35000bb7771c311f8763b7b9d1f174a0_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:c5d22d63f967e5cf4bd35488dcf64ce0765a6a2a1070a911f66d7bf6f94f1136_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f7b6a45b4db2861c7e1ea225405ffcac3cf112b8eb9cf5a1c9fa7ffb68f6820_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:3e670a110eb3a6e59c6051b485bc88d39cb921b31854f36073f2088d52b53ce1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:efe0ec7e60c371b02f2d8431aab69eb1e2ff6c9c93c83d48f8b5e8a5e8d6e46f_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:3fc2da180ef549a8041ebe6a5f5f24869a012a2416c2d3e154b2a5ba9645bf60_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:c2a79db6d2ba9c313640149a55f306e8aa4dc36f3cc24bf554c025503b013644_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:1fe9fb65f747f217c0f247519b23f702d0dfdb9fb471f99382afa9c25fec3c6f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:4bc8931d063ab56fc99a62bf5b606e9f99addb61b6c097ee0401f7e31787a123_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:348e66c3e1e3c17106c4f4957c5e7b9bcefec80deb00e4900066262c356bc308_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f1861c81fbb70c28f408072b1bf1b4b79ae1a19637700c455f8133d191e78e6b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:ab129822211bc9af41a3a52ff10a88d7349a122d0c4e215c824f4e77437cad5e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:59aa33eb2adff1533465d89a6b86cb52c1823a4b724cc5fa535445277826ecf6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:d0e26b14b5c09c23193fbca6409e6a7124baa97138dfc75de17b48241636a4da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:c693bd7449c90b7406ce66652524d575c2b875d5c9f14f7ced79adf9c98d5fcb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:56df2f7095c98e6aa73caf59bbb088ef0824ce0db6acdd5c3a15df53bfd3dbdd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:1d348086632e5f94c923f91e40c823ab1c27c3b0abc008e8266abe2fd86062a5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:60c9d0b547ad4d46cdabeb0dfb0c835c68c43bd34cd83b196155899b93017e38_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:6f1ad9675887881dfaa7a8dd81a36ad86c9148f4882141f74b66b28144a73f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:5f61cf084b1d79ee1b651f2b1777ff238c3e31eb76eba71ccb33b01c46f8c1af_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:873167913efce726fe05667f2a5d3bbdd4aeedc6db905833c9ec620f39a33bd0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:f96f5d774a07b8f345ddab253cc2671c92a8ba85dda89bd89e5e3c4f126eca50_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:3e647011ba1561919aaac2c65fe605eff4c64fff4cc229e12490f90dcebf3669_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:8eebdb1fa9004bc34fc637ac6e8f195d0f7b71356714ef495c4c1f89d783eb84_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:68ca253d57a89eedda4bd65486ca480a25dd15ea1f7ff0376a50c7f4a40e1395_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:ba0929d09d596250ce4c35fc8e8ea1a325c35e87cac2fd4106d96573a870db12_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:feebb0e5015cba9d86d8ebf711c993f958f4cd01a935a136232b64fdd25bec0c_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the Werkzueg web application library. Applications using Werkzeug to parse multipart/form-data requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the Request.max_form_memory_size setting and trigger a denial of service.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:5f61cf084b1d79ee1b651f2b1777ff238c3e31eb76eba71ccb33b01c46f8c1af_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:3fc2da180ef549a8041ebe6a5f5f24869a012a2416c2d3e154b2a5ba9645bf60_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:c2a79db6d2ba9c313640149a55f306e8aa4dc36f3cc24bf554c025503b013644_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:0d5e5f17b2eac616c8f5701f89e7309b35000bb7771c311f8763b7b9d1f174a0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:c5d22d63f967e5cf4bd35488dcf64ce0765a6a2a1070a911f66d7bf6f94f1136_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f7b6a45b4db2861c7e1ea225405ffcac3cf112b8eb9cf5a1c9fa7ffb68f6820_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:3e670a110eb3a6e59c6051b485bc88d39cb921b31854f36073f2088d52b53ce1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:efe0ec7e60c371b02f2d8431aab69eb1e2ff6c9c93c83d48f8b5e8a5e8d6e46f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:1fe9fb65f747f217c0f247519b23f702d0dfdb9fb471f99382afa9c25fec3c6f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:4bc8931d063ab56fc99a62bf5b606e9f99addb61b6c097ee0401f7e31787a123_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:348e66c3e1e3c17106c4f4957c5e7b9bcefec80deb00e4900066262c356bc308_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f1861c81fbb70c28f408072b1bf1b4b79ae1a19637700c455f8133d191e78e6b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:ab129822211bc9af41a3a52ff10a88d7349a122d0c4e215c824f4e77437cad5e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:59aa33eb2adff1533465d89a6b86cb52c1823a4b724cc5fa535445277826ecf6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:d0e26b14b5c09c23193fbca6409e6a7124baa97138dfc75de17b48241636a4da_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:c693bd7449c90b7406ce66652524d575c2b875d5c9f14f7ced79adf9c98d5fcb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:56df2f7095c98e6aa73caf59bbb088ef0824ce0db6acdd5c3a15df53bfd3dbdd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:1d348086632e5f94c923f91e40c823ab1c27c3b0abc008e8266abe2fd86062a5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:60c9d0b547ad4d46cdabeb0dfb0c835c68c43bd34cd83b196155899b93017e38_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:6f1ad9675887881dfaa7a8dd81a36ad86c9148f4882141f74b66b28144a73f29_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:873167913efce726fe05667f2a5d3bbdd4aeedc6db905833c9ec620f39a33bd0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:f96f5d774a07b8f345ddab253cc2671c92a8ba85dda89bd89e5e3c4f126eca50_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:3e647011ba1561919aaac2c65fe605eff4c64fff4cc229e12490f90dcebf3669_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:8eebdb1fa9004bc34fc637ac6e8f195d0f7b71356714ef495c4c1f89d783eb84_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:68ca253d57a89eedda4bd65486ca480a25dd15ea1f7ff0376a50c7f4a40e1395_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:ba0929d09d596250ce4c35fc8e8ea1a325c35e87cac2fd4106d96573a870db12_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:feebb0e5015cba9d86d8ebf711c993f958f4cd01a935a136232b64fdd25bec0c_amd64 | — |
Workaround
|
Threats
Impact
Moderate
References
39 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat OpenShift AI.",
"title": "Topic"
},
{
"category": "general",
"text": "Release of RHOAI 2.16.0 provides these changes:",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:10852",
"url": "https://access.redhat.com/errata/RHSA-2024:10852"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"url": "https://docs.redhat.com/en/documentation/red_hat_openshift_ai/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-49767",
"url": "https://access.redhat.com/security/cve/CVE-2024-49767"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-3596",
"url": "https://access.redhat.com/security/cve/CVE-2024-3596"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-24786",
"url": "https://access.redhat.com/security/cve/CVE-2024-24786"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-10963",
"url": "https://access.redhat.com/security/cve/CVE-2024-10963"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10852.json"
}
],
"title": "Red Hat Security Advisory: RHOAI 2.16.0 - Red Hat OpenShift AI",
"tracking": {
"current_release_date": "2026-06-23T13:32:55+00:00",
"generator": {
"date": "2026-06-23T13:32:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.0.0"
}
},
"id": "RHSA-2024:10852",
"initial_release_date": "2024-12-05T14:54:56+00:00",
"revision_history": [
{
"date": "2024-12-05T14:54:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-03-25T20:51:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-23T13:32:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift AI 2.16",
"product": {
"name": "Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_ai:2.16::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift AI"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:3fc2da180ef549a8041ebe6a5f5f24869a012a2416c2d3e154b2a5ba9645bf60_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:3fc2da180ef549a8041ebe6a5f5f24869a012a2416c2d3e154b2a5ba9645bf60_amd64",
"product_id": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:3fc2da180ef549a8041ebe6a5f5f24869a012a2416c2d3e154b2a5ba9645bf60_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-codeflare-operator-rhel8@sha256%3A3fc2da180ef549a8041ebe6a5f5f24869a012a2416c2d3e154b2a5ba9645bf60?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.0-1733112229"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:c2a79db6d2ba9c313640149a55f306e8aa4dc36f3cc24bf554c025503b013644_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:c2a79db6d2ba9c313640149a55f306e8aa4dc36f3cc24bf554c025503b013644_amd64",
"product_id": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:c2a79db6d2ba9c313640149a55f306e8aa4dc36f3cc24bf554c025503b013644_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-dashboard-rhel8@sha256%3Ac2a79db6d2ba9c313640149a55f306e8aa4dc36f3cc24bf554c025503b013644?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.0-1733133582"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:0d5e5f17b2eac616c8f5701f89e7309b35000bb7771c311f8763b7b9d1f174a0_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:0d5e5f17b2eac616c8f5701f89e7309b35000bb7771c311f8763b7b9d1f174a0_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:0d5e5f17b2eac616c8f5701f89e7309b35000bb7771c311f8763b7b9d1f174a0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-argo-argoexec-rhel8@sha256%3A0d5e5f17b2eac616c8f5701f89e7309b35000bb7771c311f8763b7b9d1f174a0?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.0-1732953924"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:c5d22d63f967e5cf4bd35488dcf64ce0765a6a2a1070a911f66d7bf6f94f1136_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:c5d22d63f967e5cf4bd35488dcf64ce0765a6a2a1070a911f66d7bf6f94f1136_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:c5d22d63f967e5cf4bd35488dcf64ce0765a6a2a1070a911f66d7bf6f94f1136_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256%3Ac5d22d63f967e5cf4bd35488dcf64ce0765a6a2a1070a911f66d7bf6f94f1136?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.0-1732953924"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f7b6a45b4db2861c7e1ea225405ffcac3cf112b8eb9cf5a1c9fa7ffb68f6820_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f7b6a45b4db2861c7e1ea225405ffcac3cf112b8eb9cf5a1c9fa7ffb68f6820_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f7b6a45b4db2861c7e1ea225405ffcac3cf112b8eb9cf5a1c9fa7ffb68f6820_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-operator-controller-rhel8@sha256%3A4f7b6a45b4db2861c7e1ea225405ffcac3cf112b8eb9cf5a1c9fa7ffb68f6820?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.0-1732953816"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:3e670a110eb3a6e59c6051b485bc88d39cb921b31854f36073f2088d52b53ce1_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:3e670a110eb3a6e59c6051b485bc88d39cb921b31854f36073f2088d52b53ce1_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:3e670a110eb3a6e59c6051b485bc88d39cb921b31854f36073f2088d52b53ce1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kf-notebook-controller-rhel8@sha256%3A3e670a110eb3a6e59c6051b485bc88d39cb921b31854f36073f2088d52b53ce1?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.0-1732953706"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:efe0ec7e60c371b02f2d8431aab69eb1e2ff6c9c93c83d48f8b5e8a5e8d6e46f_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:efe0ec7e60c371b02f2d8431aab69eb1e2ff6c9c93c83d48f8b5e8a5e8d6e46f_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:efe0ec7e60c371b02f2d8431aab69eb1e2ff6c9c93c83d48f8b5e8a5e8d6e46f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kuberay-operator-controller-rhel8@sha256%3Aefe0ec7e60c371b02f2d8431aab69eb1e2ff6c9c93c83d48f8b5e8a5e8d6e46f?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.0-1733112196"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:1fe9fb65f747f217c0f247519b23f702d0dfdb9fb471f99382afa9c25fec3c6f_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:1fe9fb65f747f217c0f247519b23f702d0dfdb9fb471f99382afa9c25fec3c6f_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:1fe9fb65f747f217c0f247519b23f702d0dfdb9fb471f99382afa9c25fec3c6f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kueue-controller-rhel8@sha256%3A1fe9fb65f747f217c0f247519b23f702d0dfdb9fb471f99382afa9c25fec3c6f?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.0-1733126703"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:4bc8931d063ab56fc99a62bf5b606e9f99addb61b6c097ee0401f7e31787a123_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:4bc8931d063ab56fc99a62bf5b606e9f99addb61b6c097ee0401f7e31787a123_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:4bc8931d063ab56fc99a62bf5b606e9f99addb61b6c097ee0401f7e31787a123_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-api-server-v2-rhel8@sha256%3A4bc8931d063ab56fc99a62bf5b606e9f99addb61b6c097ee0401f7e31787a123?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.0-1732954036"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:348e66c3e1e3c17106c4f4957c5e7b9bcefec80deb00e4900066262c356bc308_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:348e66c3e1e3c17106c4f4957c5e7b9bcefec80deb00e4900066262c356bc308_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:348e66c3e1e3c17106c4f4957c5e7b9bcefec80deb00e4900066262c356bc308_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-driver-rhel8@sha256%3A348e66c3e1e3c17106c4f4957c5e7b9bcefec80deb00e4900066262c356bc308?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.0-1732954036"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f1861c81fbb70c28f408072b1bf1b4b79ae1a19637700c455f8133d191e78e6b_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f1861c81fbb70c28f408072b1bf1b4b79ae1a19637700c455f8133d191e78e6b_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f1861c81fbb70c28f408072b1bf1b4b79ae1a19637700c455f8133d191e78e6b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-launcher-rhel8@sha256%3Af1861c81fbb70c28f408072b1bf1b4b79ae1a19637700c455f8133d191e78e6b?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.0-1732954036"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:ab129822211bc9af41a3a52ff10a88d7349a122d0c4e215c824f4e77437cad5e_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:ab129822211bc9af41a3a52ff10a88d7349a122d0c4e215c824f4e77437cad5e_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:ab129822211bc9af41a3a52ff10a88d7349a122d0c4e215c824f4e77437cad5e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256%3Aab129822211bc9af41a3a52ff10a88d7349a122d0c4e215c824f4e77437cad5e?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.0-1732954036"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:59aa33eb2adff1533465d89a6b86cb52c1823a4b724cc5fa535445277826ecf6_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:59aa33eb2adff1533465d89a6b86cb52c1823a4b724cc5fa535445277826ecf6_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:59aa33eb2adff1533465d89a6b86cb52c1823a4b724cc5fa535445277826ecf6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256%3A59aa33eb2adff1533465d89a6b86cb52c1823a4b724cc5fa535445277826ecf6?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.0-1732954036"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:d0e26b14b5c09c23193fbca6409e6a7124baa97138dfc75de17b48241636a4da_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:d0e26b14b5c09c23193fbca6409e6a7124baa97138dfc75de17b48241636a4da_amd64",
"product_id": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:d0e26b14b5c09c23193fbca6409e6a7124baa97138dfc75de17b48241636a4da_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-mlmd-grpc-server-rhel8@sha256%3Ad0e26b14b5c09c23193fbca6409e6a7124baa97138dfc75de17b48241636a4da?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.0-1732953940"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:c693bd7449c90b7406ce66652524d575c2b875d5c9f14f7ced79adf9c98d5fcb_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:c693bd7449c90b7406ce66652524d575c2b875d5c9f14f7ced79adf9c98d5fcb_amd64",
"product_id": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:c693bd7449c90b7406ce66652524d575c2b875d5c9f14f7ced79adf9c98d5fcb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-mm-rest-proxy-rhel8@sha256%3Ac693bd7449c90b7406ce66652524d575c2b875d5c9f14f7ced79adf9c98d5fcb?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.0-1732953738"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:56df2f7095c98e6aa73caf59bbb088ef0824ce0db6acdd5c3a15df53bfd3dbdd_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:56df2f7095c98e6aa73caf59bbb088ef0824ce0db6acdd5c3a15df53bfd3dbdd_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:56df2f7095c98e6aa73caf59bbb088ef0824ce0db6acdd5c3a15df53bfd3dbdd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-controller-rhel8@sha256%3A56df2f7095c98e6aa73caf59bbb088ef0824ce0db6acdd5c3a15df53bfd3dbdd?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.0-1732953799"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:1d348086632e5f94c923f91e40c823ab1c27c3b0abc008e8266abe2fd86062a5_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:1d348086632e5f94c923f91e40c823ab1c27c3b0abc008e8266abe2fd86062a5_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:1d348086632e5f94c923f91e40c823ab1c27c3b0abc008e8266abe2fd86062a5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-registry-operator-rhel8@sha256%3A1d348086632e5f94c923f91e40c823ab1c27c3b0abc008e8266abe2fd86062a5?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.0-1732954095"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:60c9d0b547ad4d46cdabeb0dfb0c835c68c43bd34cd83b196155899b93017e38_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:60c9d0b547ad4d46cdabeb0dfb0c835c68c43bd34cd83b196155899b93017e38_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:60c9d0b547ad4d46cdabeb0dfb0c835c68c43bd34cd83b196155899b93017e38_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-registry-rhel8@sha256%3A60c9d0b547ad4d46cdabeb0dfb0c835c68c43bd34cd83b196155899b93017e38?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.0-1732954132"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:5f61cf084b1d79ee1b651f2b1777ff238c3e31eb76eba71ccb33b01c46f8c1af_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:5f61cf084b1d79ee1b651f2b1777ff238c3e31eb76eba71ccb33b01c46f8c1af_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:5f61cf084b1d79ee1b651f2b1777ff238c3e31eb76eba71ccb33b01c46f8c1af_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-runtime-adapter-rhel8@sha256%3A5f61cf084b1d79ee1b651f2b1777ff238c3e31eb76eba71ccb33b01c46f8c1af?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.0-1732953768"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:873167913efce726fe05667f2a5d3bbdd4aeedc6db905833c9ec620f39a33bd0_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:873167913efce726fe05667f2a5d3bbdd4aeedc6db905833c9ec620f39a33bd0_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:873167913efce726fe05667f2a5d3bbdd4aeedc6db905833c9ec620f39a33bd0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-serving-controller-rhel8@sha256%3A873167913efce726fe05667f2a5d3bbdd4aeedc6db905833c9ec620f39a33bd0?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.0-1732953753"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:6f1ad9675887881dfaa7a8dd81a36ad86c9148f4882141f74b66b28144a73f29_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:6f1ad9675887881dfaa7a8dd81a36ad86c9148f4882141f74b66b28144a73f29_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:6f1ad9675887881dfaa7a8dd81a36ad86c9148f4882141f74b66b28144a73f29_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-rhel8@sha256%3A6f1ad9675887881dfaa7a8dd81a36ad86c9148f4882141f74b66b28144a73f29?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.0-1732899102"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:f96f5d774a07b8f345ddab253cc2671c92a8ba85dda89bd89e5e3c4f126eca50_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:f96f5d774a07b8f345ddab253cc2671c92a8ba85dda89bd89e5e3c4f126eca50_amd64",
"product_id": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:f96f5d774a07b8f345ddab253cc2671c92a8ba85dda89bd89e5e3c4f126eca50_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-notebook-controller-rhel8@sha256%3Af96f5d774a07b8f345ddab253cc2671c92a8ba85dda89bd89e5e3c4f126eca50?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.0-1732953706"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:3e647011ba1561919aaac2c65fe605eff4c64fff4cc229e12490f90dcebf3669_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:3e647011ba1561919aaac2c65fe605eff4c64fff4cc229e12490f90dcebf3669_amd64",
"product_id": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:3e647011ba1561919aaac2c65fe605eff4c64fff4cc229e12490f90dcebf3669_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-operator-bundle@sha256%3A3e647011ba1561919aaac2c65fe605eff4c64fff4cc229e12490f90dcebf3669?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.0-1733155920"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:8eebdb1fa9004bc34fc637ac6e8f195d0f7b71356714ef495c4c1f89d783eb84_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:8eebdb1fa9004bc34fc637ac6e8f195d0f7b71356714ef495c4c1f89d783eb84_amd64",
"product_id": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:8eebdb1fa9004bc34fc637ac6e8f195d0f7b71356714ef495c4c1f89d783eb84_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-rhel8-operator@sha256%3A8eebdb1fa9004bc34fc637ac6e8f195d0f7b71356714ef495c4c1f89d783eb84?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.0-1733155448"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:68ca253d57a89eedda4bd65486ca480a25dd15ea1f7ff0376a50c7f4a40e1395_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:68ca253d57a89eedda4bd65486ca480a25dd15ea1f7ff0376a50c7f4a40e1395_amd64",
"product_id": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:68ca253d57a89eedda4bd65486ca480a25dd15ea1f7ff0376a50c7f4a40e1395_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-training-operator-rhel8@sha256%3A68ca253d57a89eedda4bd65486ca480a25dd15ea1f7ff0376a50c7f4a40e1395?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.0-1732954151"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:ba0929d09d596250ce4c35fc8e8ea1a325c35e87cac2fd4106d96573a870db12_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:ba0929d09d596250ce4c35fc8e8ea1a325c35e87cac2fd4106d96573a870db12_amd64",
"product_id": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:ba0929d09d596250ce4c35fc8e8ea1a325c35e87cac2fd4106d96573a870db12_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-trustyai-service-operator-rhel8@sha256%3Aba0929d09d596250ce4c35fc8e8ea1a325c35e87cac2fd4106d96573a870db12?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.0-1732954483"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:feebb0e5015cba9d86d8ebf711c993f958f4cd01a935a136232b64fdd25bec0c_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:feebb0e5015cba9d86d8ebf711c993f958f4cd01a935a136232b64fdd25bec0c_amd64",
"product_id": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:feebb0e5015cba9d86d8ebf711c993f958f4cd01a935a136232b64fdd25bec0c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-trustyai-service-rhel8@sha256%3Afeebb0e5015cba9d86d8ebf711c993f958f4cd01a935a136232b64fdd25bec0c?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.0-1732898906"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:3fc2da180ef549a8041ebe6a5f5f24869a012a2416c2d3e154b2a5ba9645bf60_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:3fc2da180ef549a8041ebe6a5f5f24869a012a2416c2d3e154b2a5ba9645bf60_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:3fc2da180ef549a8041ebe6a5f5f24869a012a2416c2d3e154b2a5ba9645bf60_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:c2a79db6d2ba9c313640149a55f306e8aa4dc36f3cc24bf554c025503b013644_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:c2a79db6d2ba9c313640149a55f306e8aa4dc36f3cc24bf554c025503b013644_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:c2a79db6d2ba9c313640149a55f306e8aa4dc36f3cc24bf554c025503b013644_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:0d5e5f17b2eac616c8f5701f89e7309b35000bb7771c311f8763b7b9d1f174a0_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:0d5e5f17b2eac616c8f5701f89e7309b35000bb7771c311f8763b7b9d1f174a0_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:0d5e5f17b2eac616c8f5701f89e7309b35000bb7771c311f8763b7b9d1f174a0_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:c5d22d63f967e5cf4bd35488dcf64ce0765a6a2a1070a911f66d7bf6f94f1136_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:c5d22d63f967e5cf4bd35488dcf64ce0765a6a2a1070a911f66d7bf6f94f1136_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:c5d22d63f967e5cf4bd35488dcf64ce0765a6a2a1070a911f66d7bf6f94f1136_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f7b6a45b4db2861c7e1ea225405ffcac3cf112b8eb9cf5a1c9fa7ffb68f6820_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f7b6a45b4db2861c7e1ea225405ffcac3cf112b8eb9cf5a1c9fa7ffb68f6820_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f7b6a45b4db2861c7e1ea225405ffcac3cf112b8eb9cf5a1c9fa7ffb68f6820_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:3e670a110eb3a6e59c6051b485bc88d39cb921b31854f36073f2088d52b53ce1_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:3e670a110eb3a6e59c6051b485bc88d39cb921b31854f36073f2088d52b53ce1_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:3e670a110eb3a6e59c6051b485bc88d39cb921b31854f36073f2088d52b53ce1_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:efe0ec7e60c371b02f2d8431aab69eb1e2ff6c9c93c83d48f8b5e8a5e8d6e46f_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:efe0ec7e60c371b02f2d8431aab69eb1e2ff6c9c93c83d48f8b5e8a5e8d6e46f_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:efe0ec7e60c371b02f2d8431aab69eb1e2ff6c9c93c83d48f8b5e8a5e8d6e46f_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:1fe9fb65f747f217c0f247519b23f702d0dfdb9fb471f99382afa9c25fec3c6f_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:1fe9fb65f747f217c0f247519b23f702d0dfdb9fb471f99382afa9c25fec3c6f_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:1fe9fb65f747f217c0f247519b23f702d0dfdb9fb471f99382afa9c25fec3c6f_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:4bc8931d063ab56fc99a62bf5b606e9f99addb61b6c097ee0401f7e31787a123_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:4bc8931d063ab56fc99a62bf5b606e9f99addb61b6c097ee0401f7e31787a123_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:4bc8931d063ab56fc99a62bf5b606e9f99addb61b6c097ee0401f7e31787a123_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:348e66c3e1e3c17106c4f4957c5e7b9bcefec80deb00e4900066262c356bc308_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:348e66c3e1e3c17106c4f4957c5e7b9bcefec80deb00e4900066262c356bc308_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:348e66c3e1e3c17106c4f4957c5e7b9bcefec80deb00e4900066262c356bc308_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f1861c81fbb70c28f408072b1bf1b4b79ae1a19637700c455f8133d191e78e6b_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f1861c81fbb70c28f408072b1bf1b4b79ae1a19637700c455f8133d191e78e6b_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f1861c81fbb70c28f408072b1bf1b4b79ae1a19637700c455f8133d191e78e6b_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:ab129822211bc9af41a3a52ff10a88d7349a122d0c4e215c824f4e77437cad5e_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:ab129822211bc9af41a3a52ff10a88d7349a122d0c4e215c824f4e77437cad5e_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:ab129822211bc9af41a3a52ff10a88d7349a122d0c4e215c824f4e77437cad5e_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:59aa33eb2adff1533465d89a6b86cb52c1823a4b724cc5fa535445277826ecf6_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:59aa33eb2adff1533465d89a6b86cb52c1823a4b724cc5fa535445277826ecf6_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:59aa33eb2adff1533465d89a6b86cb52c1823a4b724cc5fa535445277826ecf6_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:d0e26b14b5c09c23193fbca6409e6a7124baa97138dfc75de17b48241636a4da_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:d0e26b14b5c09c23193fbca6409e6a7124baa97138dfc75de17b48241636a4da_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:d0e26b14b5c09c23193fbca6409e6a7124baa97138dfc75de17b48241636a4da_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:c693bd7449c90b7406ce66652524d575c2b875d5c9f14f7ced79adf9c98d5fcb_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:c693bd7449c90b7406ce66652524d575c2b875d5c9f14f7ced79adf9c98d5fcb_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:c693bd7449c90b7406ce66652524d575c2b875d5c9f14f7ced79adf9c98d5fcb_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:56df2f7095c98e6aa73caf59bbb088ef0824ce0db6acdd5c3a15df53bfd3dbdd_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:56df2f7095c98e6aa73caf59bbb088ef0824ce0db6acdd5c3a15df53bfd3dbdd_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:56df2f7095c98e6aa73caf59bbb088ef0824ce0db6acdd5c3a15df53bfd3dbdd_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:1d348086632e5f94c923f91e40c823ab1c27c3b0abc008e8266abe2fd86062a5_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:1d348086632e5f94c923f91e40c823ab1c27c3b0abc008e8266abe2fd86062a5_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:1d348086632e5f94c923f91e40c823ab1c27c3b0abc008e8266abe2fd86062a5_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:60c9d0b547ad4d46cdabeb0dfb0c835c68c43bd34cd83b196155899b93017e38_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:60c9d0b547ad4d46cdabeb0dfb0c835c68c43bd34cd83b196155899b93017e38_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:60c9d0b547ad4d46cdabeb0dfb0c835c68c43bd34cd83b196155899b93017e38_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:6f1ad9675887881dfaa7a8dd81a36ad86c9148f4882141f74b66b28144a73f29_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:6f1ad9675887881dfaa7a8dd81a36ad86c9148f4882141f74b66b28144a73f29_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:6f1ad9675887881dfaa7a8dd81a36ad86c9148f4882141f74b66b28144a73f29_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:5f61cf084b1d79ee1b651f2b1777ff238c3e31eb76eba71ccb33b01c46f8c1af_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:5f61cf084b1d79ee1b651f2b1777ff238c3e31eb76eba71ccb33b01c46f8c1af_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:5f61cf084b1d79ee1b651f2b1777ff238c3e31eb76eba71ccb33b01c46f8c1af_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:873167913efce726fe05667f2a5d3bbdd4aeedc6db905833c9ec620f39a33bd0_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:873167913efce726fe05667f2a5d3bbdd4aeedc6db905833c9ec620f39a33bd0_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:873167913efce726fe05667f2a5d3bbdd4aeedc6db905833c9ec620f39a33bd0_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:f96f5d774a07b8f345ddab253cc2671c92a8ba85dda89bd89e5e3c4f126eca50_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:f96f5d774a07b8f345ddab253cc2671c92a8ba85dda89bd89e5e3c4f126eca50_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:f96f5d774a07b8f345ddab253cc2671c92a8ba85dda89bd89e5e3c4f126eca50_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:3e647011ba1561919aaac2c65fe605eff4c64fff4cc229e12490f90dcebf3669_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:3e647011ba1561919aaac2c65fe605eff4c64fff4cc229e12490f90dcebf3669_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:3e647011ba1561919aaac2c65fe605eff4c64fff4cc229e12490f90dcebf3669_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:8eebdb1fa9004bc34fc637ac6e8f195d0f7b71356714ef495c4c1f89d783eb84_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:8eebdb1fa9004bc34fc637ac6e8f195d0f7b71356714ef495c4c1f89d783eb84_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:8eebdb1fa9004bc34fc637ac6e8f195d0f7b71356714ef495c4c1f89d783eb84_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:68ca253d57a89eedda4bd65486ca480a25dd15ea1f7ff0376a50c7f4a40e1395_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:68ca253d57a89eedda4bd65486ca480a25dd15ea1f7ff0376a50c7f4a40e1395_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:68ca253d57a89eedda4bd65486ca480a25dd15ea1f7ff0376a50c7f4a40e1395_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:ba0929d09d596250ce4c35fc8e8ea1a325c35e87cac2fd4106d96573a870db12_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:ba0929d09d596250ce4c35fc8e8ea1a325c35e87cac2fd4106d96573a870db12_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:ba0929d09d596250ce4c35fc8e8ea1a325c35e87cac2fd4106d96573a870db12_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:feebb0e5015cba9d86d8ebf711c993f958f4cd01a935a136232b64fdd25bec0c_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:feebb0e5015cba9d86d8ebf711c993f958f4cd01a935a136232b64fdd25bec0c_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:feebb0e5015cba9d86d8ebf711c993f958f4cd01a935a136232b64fdd25bec0c_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-3596",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2024-02-07T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:3fc2da180ef549a8041ebe6a5f5f24869a012a2416c2d3e154b2a5ba9645bf60_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:c2a79db6d2ba9c313640149a55f306e8aa4dc36f3cc24bf554c025503b013644_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:0d5e5f17b2eac616c8f5701f89e7309b35000bb7771c311f8763b7b9d1f174a0_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:c5d22d63f967e5cf4bd35488dcf64ce0765a6a2a1070a911f66d7bf6f94f1136_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f7b6a45b4db2861c7e1ea225405ffcac3cf112b8eb9cf5a1c9fa7ffb68f6820_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:efe0ec7e60c371b02f2d8431aab69eb1e2ff6c9c93c83d48f8b5e8a5e8d6e46f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:1fe9fb65f747f217c0f247519b23f702d0dfdb9fb471f99382afa9c25fec3c6f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:4bc8931d063ab56fc99a62bf5b606e9f99addb61b6c097ee0401f7e31787a123_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:348e66c3e1e3c17106c4f4957c5e7b9bcefec80deb00e4900066262c356bc308_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f1861c81fbb70c28f408072b1bf1b4b79ae1a19637700c455f8133d191e78e6b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:ab129822211bc9af41a3a52ff10a88d7349a122d0c4e215c824f4e77437cad5e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:59aa33eb2adff1533465d89a6b86cb52c1823a4b724cc5fa535445277826ecf6_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:d0e26b14b5c09c23193fbca6409e6a7124baa97138dfc75de17b48241636a4da_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:c693bd7449c90b7406ce66652524d575c2b875d5c9f14f7ced79adf9c98d5fcb_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:56df2f7095c98e6aa73caf59bbb088ef0824ce0db6acdd5c3a15df53bfd3dbdd_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:1d348086632e5f94c923f91e40c823ab1c27c3b0abc008e8266abe2fd86062a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:60c9d0b547ad4d46cdabeb0dfb0c835c68c43bd34cd83b196155899b93017e38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:6f1ad9675887881dfaa7a8dd81a36ad86c9148f4882141f74b66b28144a73f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:5f61cf084b1d79ee1b651f2b1777ff238c3e31eb76eba71ccb33b01c46f8c1af_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:873167913efce726fe05667f2a5d3bbdd4aeedc6db905833c9ec620f39a33bd0_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:f96f5d774a07b8f345ddab253cc2671c92a8ba85dda89bd89e5e3c4f126eca50_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:3e647011ba1561919aaac2c65fe605eff4c64fff4cc229e12490f90dcebf3669_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:8eebdb1fa9004bc34fc637ac6e8f195d0f7b71356714ef495c4c1f89d783eb84_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:68ca253d57a89eedda4bd65486ca480a25dd15ea1f7ff0376a50c7f4a40e1395_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:ba0929d09d596250ce4c35fc8e8ea1a325c35e87cac2fd4106d96573a870db12_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:feebb0e5015cba9d86d8ebf711c993f958f4cd01a935a136232b64fdd25bec0c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2263240"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in the RADIUS (Remote Authentication Dial-In User Service) protocol allows attackers to forge authentication responses when the Message-Authenticator attribute is not enforced. This issue arises from a cryptographically insecure integrity check using MD5, enabling attackers to spoof UDP-based RADIUS response packets. This can result in unauthorized access by modifying an Access-Reject response to an Access-Accept response, thereby compromising the authentication process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "freeradius: forgery attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is of Important severity due to its ability to undermine the fundamental security mechanisms of RADIUS-based authentication systems. By exploiting the weak MD5 integrity check, an attacker can forge RADIUS responses, effectively bypassing authentication controls and gaining unauthorized access to network resources. This poses a significant threat to environments relying on RADIUS for user and device authentication, particularly those lacking enforced Message-Authenticator attributes or TLS/DTLS encryption.\n\nThere are several preconditions for this attack to be possible:\n* An attacker needs man-in-the-middle network access between the RADIUS client and server\n* The client and server must be using RADIUS/UDP to communicate\n* The attacker needs to be able to trigger a RADIUS client Access-Request ( for example the client is using PAP authentication)\n\nDue to these attack surface limitations, the impact is rated Important.\nWithin Red Hat offerings, this impacts the FreeRADIUS package. This flaw allows a local, unauthenticated attacker to conduct a man-in-the-middle attack to log in as a third party without knowing their credentials. Servers using Extensible Authentication Protocol (EAP) with required Message-Authenticator attributes or those employing TLS/DTLS encryption are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:3e670a110eb3a6e59c6051b485bc88d39cb921b31854f36073f2088d52b53ce1_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:3fc2da180ef549a8041ebe6a5f5f24869a012a2416c2d3e154b2a5ba9645bf60_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:c2a79db6d2ba9c313640149a55f306e8aa4dc36f3cc24bf554c025503b013644_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:0d5e5f17b2eac616c8f5701f89e7309b35000bb7771c311f8763b7b9d1f174a0_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:c5d22d63f967e5cf4bd35488dcf64ce0765a6a2a1070a911f66d7bf6f94f1136_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f7b6a45b4db2861c7e1ea225405ffcac3cf112b8eb9cf5a1c9fa7ffb68f6820_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:efe0ec7e60c371b02f2d8431aab69eb1e2ff6c9c93c83d48f8b5e8a5e8d6e46f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:1fe9fb65f747f217c0f247519b23f702d0dfdb9fb471f99382afa9c25fec3c6f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:4bc8931d063ab56fc99a62bf5b606e9f99addb61b6c097ee0401f7e31787a123_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:348e66c3e1e3c17106c4f4957c5e7b9bcefec80deb00e4900066262c356bc308_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f1861c81fbb70c28f408072b1bf1b4b79ae1a19637700c455f8133d191e78e6b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:ab129822211bc9af41a3a52ff10a88d7349a122d0c4e215c824f4e77437cad5e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:59aa33eb2adff1533465d89a6b86cb52c1823a4b724cc5fa535445277826ecf6_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:d0e26b14b5c09c23193fbca6409e6a7124baa97138dfc75de17b48241636a4da_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:c693bd7449c90b7406ce66652524d575c2b875d5c9f14f7ced79adf9c98d5fcb_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:56df2f7095c98e6aa73caf59bbb088ef0824ce0db6acdd5c3a15df53bfd3dbdd_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:1d348086632e5f94c923f91e40c823ab1c27c3b0abc008e8266abe2fd86062a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:60c9d0b547ad4d46cdabeb0dfb0c835c68c43bd34cd83b196155899b93017e38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:6f1ad9675887881dfaa7a8dd81a36ad86c9148f4882141f74b66b28144a73f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:5f61cf084b1d79ee1b651f2b1777ff238c3e31eb76eba71ccb33b01c46f8c1af_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:873167913efce726fe05667f2a5d3bbdd4aeedc6db905833c9ec620f39a33bd0_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:f96f5d774a07b8f345ddab253cc2671c92a8ba85dda89bd89e5e3c4f126eca50_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:3e647011ba1561919aaac2c65fe605eff4c64fff4cc229e12490f90dcebf3669_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:8eebdb1fa9004bc34fc637ac6e8f195d0f7b71356714ef495c4c1f89d783eb84_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:68ca253d57a89eedda4bd65486ca480a25dd15ea1f7ff0376a50c7f4a40e1395_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:ba0929d09d596250ce4c35fc8e8ea1a325c35e87cac2fd4106d96573a870db12_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:feebb0e5015cba9d86d8ebf711c993f958f4cd01a935a136232b64fdd25bec0c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-3596"
},
{
"category": "external",
"summary": "RHBZ#2263240",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263240"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-3596",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3596"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/",
"url": "https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc2865",
"url": "https://datatracker.ietf.org/doc/html/rfc2865"
},
{
"category": "external",
"summary": "https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf",
"url": "https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf"
},
{
"category": "external",
"summary": "https://w1.fi/security/2024-1/hostapd-and-radius-protocol-forgery-attacks.txt",
"url": "https://w1.fi/security/2024-1/hostapd-and-radius-protocol-forgery-attacks.txt"
},
{
"category": "external",
"summary": "https://www.blastradius.fail/",
"url": "https://www.blastradius.fail/"
},
{
"category": "external",
"summary": "https://www.kb.cert.org/vuls/id/456537",
"url": "https://www.kb.cert.org/vuls/id/456537"
}
],
"release_date": "2024-07-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-05T14:54:56+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:3e670a110eb3a6e59c6051b485bc88d39cb921b31854f36073f2088d52b53ce1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10852"
},
{
"category": "workaround",
"details": "Disable the use of RADIUS/UDP and RADIUS/TCP.\nRADIUS/TLS or RADIUS/DTLS should be used.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:3fc2da180ef549a8041ebe6a5f5f24869a012a2416c2d3e154b2a5ba9645bf60_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:c2a79db6d2ba9c313640149a55f306e8aa4dc36f3cc24bf554c025503b013644_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:0d5e5f17b2eac616c8f5701f89e7309b35000bb7771c311f8763b7b9d1f174a0_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:c5d22d63f967e5cf4bd35488dcf64ce0765a6a2a1070a911f66d7bf6f94f1136_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f7b6a45b4db2861c7e1ea225405ffcac3cf112b8eb9cf5a1c9fa7ffb68f6820_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:3e670a110eb3a6e59c6051b485bc88d39cb921b31854f36073f2088d52b53ce1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:efe0ec7e60c371b02f2d8431aab69eb1e2ff6c9c93c83d48f8b5e8a5e8d6e46f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:1fe9fb65f747f217c0f247519b23f702d0dfdb9fb471f99382afa9c25fec3c6f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:4bc8931d063ab56fc99a62bf5b606e9f99addb61b6c097ee0401f7e31787a123_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:348e66c3e1e3c17106c4f4957c5e7b9bcefec80deb00e4900066262c356bc308_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f1861c81fbb70c28f408072b1bf1b4b79ae1a19637700c455f8133d191e78e6b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:ab129822211bc9af41a3a52ff10a88d7349a122d0c4e215c824f4e77437cad5e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:59aa33eb2adff1533465d89a6b86cb52c1823a4b724cc5fa535445277826ecf6_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:d0e26b14b5c09c23193fbca6409e6a7124baa97138dfc75de17b48241636a4da_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:c693bd7449c90b7406ce66652524d575c2b875d5c9f14f7ced79adf9c98d5fcb_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:56df2f7095c98e6aa73caf59bbb088ef0824ce0db6acdd5c3a15df53bfd3dbdd_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:1d348086632e5f94c923f91e40c823ab1c27c3b0abc008e8266abe2fd86062a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:60c9d0b547ad4d46cdabeb0dfb0c835c68c43bd34cd83b196155899b93017e38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:6f1ad9675887881dfaa7a8dd81a36ad86c9148f4882141f74b66b28144a73f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:5f61cf084b1d79ee1b651f2b1777ff238c3e31eb76eba71ccb33b01c46f8c1af_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:873167913efce726fe05667f2a5d3bbdd4aeedc6db905833c9ec620f39a33bd0_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:f96f5d774a07b8f345ddab253cc2671c92a8ba85dda89bd89e5e3c4f126eca50_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:3e647011ba1561919aaac2c65fe605eff4c64fff4cc229e12490f90dcebf3669_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:8eebdb1fa9004bc34fc637ac6e8f195d0f7b71356714ef495c4c1f89d783eb84_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:68ca253d57a89eedda4bd65486ca480a25dd15ea1f7ff0376a50c7f4a40e1395_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:ba0929d09d596250ce4c35fc8e8ea1a325c35e87cac2fd4106d96573a870db12_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:feebb0e5015cba9d86d8ebf711c993f958f4cd01a935a136232b64fdd25bec0c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:3fc2da180ef549a8041ebe6a5f5f24869a012a2416c2d3e154b2a5ba9645bf60_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:c2a79db6d2ba9c313640149a55f306e8aa4dc36f3cc24bf554c025503b013644_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:0d5e5f17b2eac616c8f5701f89e7309b35000bb7771c311f8763b7b9d1f174a0_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:c5d22d63f967e5cf4bd35488dcf64ce0765a6a2a1070a911f66d7bf6f94f1136_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f7b6a45b4db2861c7e1ea225405ffcac3cf112b8eb9cf5a1c9fa7ffb68f6820_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:3e670a110eb3a6e59c6051b485bc88d39cb921b31854f36073f2088d52b53ce1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:efe0ec7e60c371b02f2d8431aab69eb1e2ff6c9c93c83d48f8b5e8a5e8d6e46f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:1fe9fb65f747f217c0f247519b23f702d0dfdb9fb471f99382afa9c25fec3c6f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:4bc8931d063ab56fc99a62bf5b606e9f99addb61b6c097ee0401f7e31787a123_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:348e66c3e1e3c17106c4f4957c5e7b9bcefec80deb00e4900066262c356bc308_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f1861c81fbb70c28f408072b1bf1b4b79ae1a19637700c455f8133d191e78e6b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:ab129822211bc9af41a3a52ff10a88d7349a122d0c4e215c824f4e77437cad5e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:59aa33eb2adff1533465d89a6b86cb52c1823a4b724cc5fa535445277826ecf6_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:d0e26b14b5c09c23193fbca6409e6a7124baa97138dfc75de17b48241636a4da_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:c693bd7449c90b7406ce66652524d575c2b875d5c9f14f7ced79adf9c98d5fcb_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:56df2f7095c98e6aa73caf59bbb088ef0824ce0db6acdd5c3a15df53bfd3dbdd_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:1d348086632e5f94c923f91e40c823ab1c27c3b0abc008e8266abe2fd86062a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:60c9d0b547ad4d46cdabeb0dfb0c835c68c43bd34cd83b196155899b93017e38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:6f1ad9675887881dfaa7a8dd81a36ad86c9148f4882141f74b66b28144a73f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:5f61cf084b1d79ee1b651f2b1777ff238c3e31eb76eba71ccb33b01c46f8c1af_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:873167913efce726fe05667f2a5d3bbdd4aeedc6db905833c9ec620f39a33bd0_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:f96f5d774a07b8f345ddab253cc2671c92a8ba85dda89bd89e5e3c4f126eca50_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:3e647011ba1561919aaac2c65fe605eff4c64fff4cc229e12490f90dcebf3669_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:8eebdb1fa9004bc34fc637ac6e8f195d0f7b71356714ef495c4c1f89d783eb84_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:68ca253d57a89eedda4bd65486ca480a25dd15ea1f7ff0376a50c7f4a40e1395_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:ba0929d09d596250ce4c35fc8e8ea1a325c35e87cac2fd4106d96573a870db12_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:feebb0e5015cba9d86d8ebf711c993f958f4cd01a935a136232b64fdd25bec0c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "freeradius: forgery attack"
},
{
"cve": "CVE-2024-10963",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2024-11-07T07:38:52.548000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:3fc2da180ef549a8041ebe6a5f5f24869a012a2416c2d3e154b2a5ba9645bf60_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:0d5e5f17b2eac616c8f5701f89e7309b35000bb7771c311f8763b7b9d1f174a0_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:c5d22d63f967e5cf4bd35488dcf64ce0765a6a2a1070a911f66d7bf6f94f1136_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f7b6a45b4db2861c7e1ea225405ffcac3cf112b8eb9cf5a1c9fa7ffb68f6820_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:3e670a110eb3a6e59c6051b485bc88d39cb921b31854f36073f2088d52b53ce1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:efe0ec7e60c371b02f2d8431aab69eb1e2ff6c9c93c83d48f8b5e8a5e8d6e46f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:1fe9fb65f747f217c0f247519b23f702d0dfdb9fb471f99382afa9c25fec3c6f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:4bc8931d063ab56fc99a62bf5b606e9f99addb61b6c097ee0401f7e31787a123_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:348e66c3e1e3c17106c4f4957c5e7b9bcefec80deb00e4900066262c356bc308_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f1861c81fbb70c28f408072b1bf1b4b79ae1a19637700c455f8133d191e78e6b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:ab129822211bc9af41a3a52ff10a88d7349a122d0c4e215c824f4e77437cad5e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:59aa33eb2adff1533465d89a6b86cb52c1823a4b724cc5fa535445277826ecf6_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:d0e26b14b5c09c23193fbca6409e6a7124baa97138dfc75de17b48241636a4da_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:c693bd7449c90b7406ce66652524d575c2b875d5c9f14f7ced79adf9c98d5fcb_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:56df2f7095c98e6aa73caf59bbb088ef0824ce0db6acdd5c3a15df53bfd3dbdd_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:1d348086632e5f94c923f91e40c823ab1c27c3b0abc008e8266abe2fd86062a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:60c9d0b547ad4d46cdabeb0dfb0c835c68c43bd34cd83b196155899b93017e38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:6f1ad9675887881dfaa7a8dd81a36ad86c9148f4882141f74b66b28144a73f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:5f61cf084b1d79ee1b651f2b1777ff238c3e31eb76eba71ccb33b01c46f8c1af_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:873167913efce726fe05667f2a5d3bbdd4aeedc6db905833c9ec620f39a33bd0_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:f96f5d774a07b8f345ddab253cc2671c92a8ba85dda89bd89e5e3c4f126eca50_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:3e647011ba1561919aaac2c65fe605eff4c64fff4cc229e12490f90dcebf3669_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:8eebdb1fa9004bc34fc637ac6e8f195d0f7b71356714ef495c4c1f89d783eb84_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:68ca253d57a89eedda4bd65486ca480a25dd15ea1f7ff0376a50c7f4a40e1395_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:ba0929d09d596250ce4c35fc8e8ea1a325c35e87cac2fd4106d96573a870db12_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:feebb0e5015cba9d86d8ebf711c993f958f4cd01a935a136232b64fdd25bec0c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2324291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_access is rated with an Important severity because it directly impacts the integrity of access control mechanisms in secure environments. By allowing hostname spoofing to bypass restrictions intended for specific local TTYs or services, the vulnerability enables attackers with minimal effort to exploit gaps in security policies that rely on access.conf configurations. The potential for unauthorized access is significant, as attackers with root privileges on any networked device can impersonate trusted service names to evade local access controls.\n\nThis vulnerability was introduced in RHEL-9.4 and does not affect previous versions of RHEL-9.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:c2a79db6d2ba9c313640149a55f306e8aa4dc36f3cc24bf554c025503b013644_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:3fc2da180ef549a8041ebe6a5f5f24869a012a2416c2d3e154b2a5ba9645bf60_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:0d5e5f17b2eac616c8f5701f89e7309b35000bb7771c311f8763b7b9d1f174a0_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:c5d22d63f967e5cf4bd35488dcf64ce0765a6a2a1070a911f66d7bf6f94f1136_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f7b6a45b4db2861c7e1ea225405ffcac3cf112b8eb9cf5a1c9fa7ffb68f6820_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:3e670a110eb3a6e59c6051b485bc88d39cb921b31854f36073f2088d52b53ce1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:efe0ec7e60c371b02f2d8431aab69eb1e2ff6c9c93c83d48f8b5e8a5e8d6e46f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:1fe9fb65f747f217c0f247519b23f702d0dfdb9fb471f99382afa9c25fec3c6f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:4bc8931d063ab56fc99a62bf5b606e9f99addb61b6c097ee0401f7e31787a123_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:348e66c3e1e3c17106c4f4957c5e7b9bcefec80deb00e4900066262c356bc308_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f1861c81fbb70c28f408072b1bf1b4b79ae1a19637700c455f8133d191e78e6b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:ab129822211bc9af41a3a52ff10a88d7349a122d0c4e215c824f4e77437cad5e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:59aa33eb2adff1533465d89a6b86cb52c1823a4b724cc5fa535445277826ecf6_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:d0e26b14b5c09c23193fbca6409e6a7124baa97138dfc75de17b48241636a4da_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:c693bd7449c90b7406ce66652524d575c2b875d5c9f14f7ced79adf9c98d5fcb_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:56df2f7095c98e6aa73caf59bbb088ef0824ce0db6acdd5c3a15df53bfd3dbdd_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:1d348086632e5f94c923f91e40c823ab1c27c3b0abc008e8266abe2fd86062a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:60c9d0b547ad4d46cdabeb0dfb0c835c68c43bd34cd83b196155899b93017e38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:6f1ad9675887881dfaa7a8dd81a36ad86c9148f4882141f74b66b28144a73f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:5f61cf084b1d79ee1b651f2b1777ff238c3e31eb76eba71ccb33b01c46f8c1af_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:873167913efce726fe05667f2a5d3bbdd4aeedc6db905833c9ec620f39a33bd0_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:f96f5d774a07b8f345ddab253cc2671c92a8ba85dda89bd89e5e3c4f126eca50_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:3e647011ba1561919aaac2c65fe605eff4c64fff4cc229e12490f90dcebf3669_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:8eebdb1fa9004bc34fc637ac6e8f195d0f7b71356714ef495c4c1f89d783eb84_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:68ca253d57a89eedda4bd65486ca480a25dd15ea1f7ff0376a50c7f4a40e1395_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:ba0929d09d596250ce4c35fc8e8ea1a325c35e87cac2fd4106d96573a870db12_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:feebb0e5015cba9d86d8ebf711c993f958f4cd01a935a136232b64fdd25bec0c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-10963"
},
{
"category": "external",
"summary": "RHBZ#2324291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-10963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-10963",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10963"
},
{
"category": "external",
"summary": "https://github.com/linux-pam/linux-pam/issues/834",
"url": "https://github.com/linux-pam/linux-pam/issues/834"
},
{
"category": "external",
"summary": "https://github.com/linux-pam/linux-pam/pull/835",
"url": "https://github.com/linux-pam/linux-pam/pull/835"
}
],
"release_date": "2024-11-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-05T14:54:56+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:c2a79db6d2ba9c313640149a55f306e8aa4dc36f3cc24bf554c025503b013644_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10852"
},
{
"category": "workaround",
"details": "To reduce the risk, administrators should ensure that no DNS hostname matches local TTY or service names used in pam_access. Additionally, implement DNSSEC to prevent spoofing of DNS responses. For stronger protection, consider reconfiguring pam_access to only accept fully qualified domain names (FQDNs) in access.conf",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:3fc2da180ef549a8041ebe6a5f5f24869a012a2416c2d3e154b2a5ba9645bf60_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:c2a79db6d2ba9c313640149a55f306e8aa4dc36f3cc24bf554c025503b013644_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:0d5e5f17b2eac616c8f5701f89e7309b35000bb7771c311f8763b7b9d1f174a0_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:c5d22d63f967e5cf4bd35488dcf64ce0765a6a2a1070a911f66d7bf6f94f1136_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f7b6a45b4db2861c7e1ea225405ffcac3cf112b8eb9cf5a1c9fa7ffb68f6820_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:3e670a110eb3a6e59c6051b485bc88d39cb921b31854f36073f2088d52b53ce1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:efe0ec7e60c371b02f2d8431aab69eb1e2ff6c9c93c83d48f8b5e8a5e8d6e46f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:1fe9fb65f747f217c0f247519b23f702d0dfdb9fb471f99382afa9c25fec3c6f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:4bc8931d063ab56fc99a62bf5b606e9f99addb61b6c097ee0401f7e31787a123_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:348e66c3e1e3c17106c4f4957c5e7b9bcefec80deb00e4900066262c356bc308_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f1861c81fbb70c28f408072b1bf1b4b79ae1a19637700c455f8133d191e78e6b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:ab129822211bc9af41a3a52ff10a88d7349a122d0c4e215c824f4e77437cad5e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:59aa33eb2adff1533465d89a6b86cb52c1823a4b724cc5fa535445277826ecf6_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:d0e26b14b5c09c23193fbca6409e6a7124baa97138dfc75de17b48241636a4da_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:c693bd7449c90b7406ce66652524d575c2b875d5c9f14f7ced79adf9c98d5fcb_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:56df2f7095c98e6aa73caf59bbb088ef0824ce0db6acdd5c3a15df53bfd3dbdd_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:1d348086632e5f94c923f91e40c823ab1c27c3b0abc008e8266abe2fd86062a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:60c9d0b547ad4d46cdabeb0dfb0c835c68c43bd34cd83b196155899b93017e38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:6f1ad9675887881dfaa7a8dd81a36ad86c9148f4882141f74b66b28144a73f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:5f61cf084b1d79ee1b651f2b1777ff238c3e31eb76eba71ccb33b01c46f8c1af_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:873167913efce726fe05667f2a5d3bbdd4aeedc6db905833c9ec620f39a33bd0_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:f96f5d774a07b8f345ddab253cc2671c92a8ba85dda89bd89e5e3c4f126eca50_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:3e647011ba1561919aaac2c65fe605eff4c64fff4cc229e12490f90dcebf3669_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:8eebdb1fa9004bc34fc637ac6e8f195d0f7b71356714ef495c4c1f89d783eb84_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:68ca253d57a89eedda4bd65486ca480a25dd15ea1f7ff0376a50c7f4a40e1395_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:ba0929d09d596250ce4c35fc8e8ea1a325c35e87cac2fd4106d96573a870db12_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:feebb0e5015cba9d86d8ebf711c993f958f4cd01a935a136232b64fdd25bec0c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:3fc2da180ef549a8041ebe6a5f5f24869a012a2416c2d3e154b2a5ba9645bf60_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:c2a79db6d2ba9c313640149a55f306e8aa4dc36f3cc24bf554c025503b013644_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:0d5e5f17b2eac616c8f5701f89e7309b35000bb7771c311f8763b7b9d1f174a0_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:c5d22d63f967e5cf4bd35488dcf64ce0765a6a2a1070a911f66d7bf6f94f1136_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f7b6a45b4db2861c7e1ea225405ffcac3cf112b8eb9cf5a1c9fa7ffb68f6820_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:3e670a110eb3a6e59c6051b485bc88d39cb921b31854f36073f2088d52b53ce1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:efe0ec7e60c371b02f2d8431aab69eb1e2ff6c9c93c83d48f8b5e8a5e8d6e46f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:1fe9fb65f747f217c0f247519b23f702d0dfdb9fb471f99382afa9c25fec3c6f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:4bc8931d063ab56fc99a62bf5b606e9f99addb61b6c097ee0401f7e31787a123_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:348e66c3e1e3c17106c4f4957c5e7b9bcefec80deb00e4900066262c356bc308_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f1861c81fbb70c28f408072b1bf1b4b79ae1a19637700c455f8133d191e78e6b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:ab129822211bc9af41a3a52ff10a88d7349a122d0c4e215c824f4e77437cad5e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:59aa33eb2adff1533465d89a6b86cb52c1823a4b724cc5fa535445277826ecf6_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:d0e26b14b5c09c23193fbca6409e6a7124baa97138dfc75de17b48241636a4da_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:c693bd7449c90b7406ce66652524d575c2b875d5c9f14f7ced79adf9c98d5fcb_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:56df2f7095c98e6aa73caf59bbb088ef0824ce0db6acdd5c3a15df53bfd3dbdd_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:1d348086632e5f94c923f91e40c823ab1c27c3b0abc008e8266abe2fd86062a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:60c9d0b547ad4d46cdabeb0dfb0c835c68c43bd34cd83b196155899b93017e38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:6f1ad9675887881dfaa7a8dd81a36ad86c9148f4882141f74b66b28144a73f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:5f61cf084b1d79ee1b651f2b1777ff238c3e31eb76eba71ccb33b01c46f8c1af_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:873167913efce726fe05667f2a5d3bbdd4aeedc6db905833c9ec620f39a33bd0_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:f96f5d774a07b8f345ddab253cc2671c92a8ba85dda89bd89e5e3c4f126eca50_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:3e647011ba1561919aaac2c65fe605eff4c64fff4cc229e12490f90dcebf3669_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:8eebdb1fa9004bc34fc637ac6e8f195d0f7b71356714ef495c4c1f89d783eb84_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:68ca253d57a89eedda4bd65486ca480a25dd15ea1f7ff0376a50c7f4a40e1395_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:ba0929d09d596250ce4c35fc8e8ea1a325c35e87cac2fd4106d96573a870db12_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:feebb0e5015cba9d86d8ebf711c993f958f4cd01a935a136232b64fdd25bec0c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass"
},
{
"cve": "CVE-2024-24786",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2024-03-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:3fc2da180ef549a8041ebe6a5f5f24869a012a2416c2d3e154b2a5ba9645bf60_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:c2a79db6d2ba9c313640149a55f306e8aa4dc36f3cc24bf554c025503b013644_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:1fe9fb65f747f217c0f247519b23f702d0dfdb9fb471f99382afa9c25fec3c6f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:4bc8931d063ab56fc99a62bf5b606e9f99addb61b6c097ee0401f7e31787a123_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:348e66c3e1e3c17106c4f4957c5e7b9bcefec80deb00e4900066262c356bc308_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f1861c81fbb70c28f408072b1bf1b4b79ae1a19637700c455f8133d191e78e6b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:ab129822211bc9af41a3a52ff10a88d7349a122d0c4e215c824f4e77437cad5e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:59aa33eb2adff1533465d89a6b86cb52c1823a4b724cc5fa535445277826ecf6_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:d0e26b14b5c09c23193fbca6409e6a7124baa97138dfc75de17b48241636a4da_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:c693bd7449c90b7406ce66652524d575c2b875d5c9f14f7ced79adf9c98d5fcb_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:56df2f7095c98e6aa73caf59bbb088ef0824ce0db6acdd5c3a15df53bfd3dbdd_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:1d348086632e5f94c923f91e40c823ab1c27c3b0abc008e8266abe2fd86062a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:60c9d0b547ad4d46cdabeb0dfb0c835c68c43bd34cd83b196155899b93017e38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:6f1ad9675887881dfaa7a8dd81a36ad86c9148f4882141f74b66b28144a73f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:5f61cf084b1d79ee1b651f2b1777ff238c3e31eb76eba71ccb33b01c46f8c1af_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:873167913efce726fe05667f2a5d3bbdd4aeedc6db905833c9ec620f39a33bd0_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:f96f5d774a07b8f345ddab253cc2671c92a8ba85dda89bd89e5e3c4f126eca50_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:3e647011ba1561919aaac2c65fe605eff4c64fff4cc229e12490f90dcebf3669_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:8eebdb1fa9004bc34fc637ac6e8f195d0f7b71356714ef495c4c1f89d783eb84_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:68ca253d57a89eedda4bd65486ca480a25dd15ea1f7ff0376a50c7f4a40e1395_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:ba0929d09d596250ce4c35fc8e8ea1a325c35e87cac2fd4106d96573a870db12_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:feebb0e5015cba9d86d8ebf711c993f958f4cd01a935a136232b64fdd25bec0c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2268046"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang\u0027s protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. This flaw allows an attacker to craft malicious input tailored to trigger the identified flaw in the unmarshal function. By providing carefully constructed invalid inputs, they could potentially cause the function to enter an infinite loop, resulting in a denial of service condition or other unintended behaviors in the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:0d5e5f17b2eac616c8f5701f89e7309b35000bb7771c311f8763b7b9d1f174a0_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:c5d22d63f967e5cf4bd35488dcf64ce0765a6a2a1070a911f66d7bf6f94f1136_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f7b6a45b4db2861c7e1ea225405ffcac3cf112b8eb9cf5a1c9fa7ffb68f6820_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:3e670a110eb3a6e59c6051b485bc88d39cb921b31854f36073f2088d52b53ce1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:efe0ec7e60c371b02f2d8431aab69eb1e2ff6c9c93c83d48f8b5e8a5e8d6e46f_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:3fc2da180ef549a8041ebe6a5f5f24869a012a2416c2d3e154b2a5ba9645bf60_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:c2a79db6d2ba9c313640149a55f306e8aa4dc36f3cc24bf554c025503b013644_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:1fe9fb65f747f217c0f247519b23f702d0dfdb9fb471f99382afa9c25fec3c6f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:4bc8931d063ab56fc99a62bf5b606e9f99addb61b6c097ee0401f7e31787a123_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:348e66c3e1e3c17106c4f4957c5e7b9bcefec80deb00e4900066262c356bc308_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f1861c81fbb70c28f408072b1bf1b4b79ae1a19637700c455f8133d191e78e6b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:ab129822211bc9af41a3a52ff10a88d7349a122d0c4e215c824f4e77437cad5e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:59aa33eb2adff1533465d89a6b86cb52c1823a4b724cc5fa535445277826ecf6_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:d0e26b14b5c09c23193fbca6409e6a7124baa97138dfc75de17b48241636a4da_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:c693bd7449c90b7406ce66652524d575c2b875d5c9f14f7ced79adf9c98d5fcb_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:56df2f7095c98e6aa73caf59bbb088ef0824ce0db6acdd5c3a15df53bfd3dbdd_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:1d348086632e5f94c923f91e40c823ab1c27c3b0abc008e8266abe2fd86062a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:60c9d0b547ad4d46cdabeb0dfb0c835c68c43bd34cd83b196155899b93017e38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:6f1ad9675887881dfaa7a8dd81a36ad86c9148f4882141f74b66b28144a73f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:5f61cf084b1d79ee1b651f2b1777ff238c3e31eb76eba71ccb33b01c46f8c1af_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:873167913efce726fe05667f2a5d3bbdd4aeedc6db905833c9ec620f39a33bd0_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:f96f5d774a07b8f345ddab253cc2671c92a8ba85dda89bd89e5e3c4f126eca50_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:3e647011ba1561919aaac2c65fe605eff4c64fff4cc229e12490f90dcebf3669_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:8eebdb1fa9004bc34fc637ac6e8f195d0f7b71356714ef495c4c1f89d783eb84_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:68ca253d57a89eedda4bd65486ca480a25dd15ea1f7ff0376a50c7f4a40e1395_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:ba0929d09d596250ce4c35fc8e8ea1a325c35e87cac2fd4106d96573a870db12_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:feebb0e5015cba9d86d8ebf711c993f958f4cd01a935a136232b64fdd25bec0c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24786"
},
{
"category": "external",
"summary": "RHBZ#2268046",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786"
},
{
"category": "external",
"summary": "https://go.dev/cl/569356",
"url": "https://go.dev/cl/569356"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/",
"url": "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-2611",
"url": "https://pkg.go.dev/vuln/GO-2024-2611"
}
],
"release_date": "2024-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-05T14:54:56+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:0d5e5f17b2eac616c8f5701f89e7309b35000bb7771c311f8763b7b9d1f174a0_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:c5d22d63f967e5cf4bd35488dcf64ce0765a6a2a1070a911f66d7bf6f94f1136_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f7b6a45b4db2861c7e1ea225405ffcac3cf112b8eb9cf5a1c9fa7ffb68f6820_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:3e670a110eb3a6e59c6051b485bc88d39cb921b31854f36073f2088d52b53ce1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:efe0ec7e60c371b02f2d8431aab69eb1e2ff6c9c93c83d48f8b5e8a5e8d6e46f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10852"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:3fc2da180ef549a8041ebe6a5f5f24869a012a2416c2d3e154b2a5ba9645bf60_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:c2a79db6d2ba9c313640149a55f306e8aa4dc36f3cc24bf554c025503b013644_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:0d5e5f17b2eac616c8f5701f89e7309b35000bb7771c311f8763b7b9d1f174a0_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:c5d22d63f967e5cf4bd35488dcf64ce0765a6a2a1070a911f66d7bf6f94f1136_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f7b6a45b4db2861c7e1ea225405ffcac3cf112b8eb9cf5a1c9fa7ffb68f6820_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:3e670a110eb3a6e59c6051b485bc88d39cb921b31854f36073f2088d52b53ce1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:efe0ec7e60c371b02f2d8431aab69eb1e2ff6c9c93c83d48f8b5e8a5e8d6e46f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:1fe9fb65f747f217c0f247519b23f702d0dfdb9fb471f99382afa9c25fec3c6f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:4bc8931d063ab56fc99a62bf5b606e9f99addb61b6c097ee0401f7e31787a123_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:348e66c3e1e3c17106c4f4957c5e7b9bcefec80deb00e4900066262c356bc308_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f1861c81fbb70c28f408072b1bf1b4b79ae1a19637700c455f8133d191e78e6b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:ab129822211bc9af41a3a52ff10a88d7349a122d0c4e215c824f4e77437cad5e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:59aa33eb2adff1533465d89a6b86cb52c1823a4b724cc5fa535445277826ecf6_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:d0e26b14b5c09c23193fbca6409e6a7124baa97138dfc75de17b48241636a4da_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:c693bd7449c90b7406ce66652524d575c2b875d5c9f14f7ced79adf9c98d5fcb_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:56df2f7095c98e6aa73caf59bbb088ef0824ce0db6acdd5c3a15df53bfd3dbdd_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:1d348086632e5f94c923f91e40c823ab1c27c3b0abc008e8266abe2fd86062a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:60c9d0b547ad4d46cdabeb0dfb0c835c68c43bd34cd83b196155899b93017e38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:6f1ad9675887881dfaa7a8dd81a36ad86c9148f4882141f74b66b28144a73f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:5f61cf084b1d79ee1b651f2b1777ff238c3e31eb76eba71ccb33b01c46f8c1af_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:873167913efce726fe05667f2a5d3bbdd4aeedc6db905833c9ec620f39a33bd0_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:f96f5d774a07b8f345ddab253cc2671c92a8ba85dda89bd89e5e3c4f126eca50_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:3e647011ba1561919aaac2c65fe605eff4c64fff4cc229e12490f90dcebf3669_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:8eebdb1fa9004bc34fc637ac6e8f195d0f7b71356714ef495c4c1f89d783eb84_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:68ca253d57a89eedda4bd65486ca480a25dd15ea1f7ff0376a50c7f4a40e1395_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:ba0929d09d596250ce4c35fc8e8ea1a325c35e87cac2fd4106d96573a870db12_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:feebb0e5015cba9d86d8ebf711c993f958f4cd01a935a136232b64fdd25bec0c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:3fc2da180ef549a8041ebe6a5f5f24869a012a2416c2d3e154b2a5ba9645bf60_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:c2a79db6d2ba9c313640149a55f306e8aa4dc36f3cc24bf554c025503b013644_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:0d5e5f17b2eac616c8f5701f89e7309b35000bb7771c311f8763b7b9d1f174a0_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:c5d22d63f967e5cf4bd35488dcf64ce0765a6a2a1070a911f66d7bf6f94f1136_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f7b6a45b4db2861c7e1ea225405ffcac3cf112b8eb9cf5a1c9fa7ffb68f6820_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:3e670a110eb3a6e59c6051b485bc88d39cb921b31854f36073f2088d52b53ce1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:efe0ec7e60c371b02f2d8431aab69eb1e2ff6c9c93c83d48f8b5e8a5e8d6e46f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:1fe9fb65f747f217c0f247519b23f702d0dfdb9fb471f99382afa9c25fec3c6f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:4bc8931d063ab56fc99a62bf5b606e9f99addb61b6c097ee0401f7e31787a123_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:348e66c3e1e3c17106c4f4957c5e7b9bcefec80deb00e4900066262c356bc308_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f1861c81fbb70c28f408072b1bf1b4b79ae1a19637700c455f8133d191e78e6b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:ab129822211bc9af41a3a52ff10a88d7349a122d0c4e215c824f4e77437cad5e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:59aa33eb2adff1533465d89a6b86cb52c1823a4b724cc5fa535445277826ecf6_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:d0e26b14b5c09c23193fbca6409e6a7124baa97138dfc75de17b48241636a4da_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:c693bd7449c90b7406ce66652524d575c2b875d5c9f14f7ced79adf9c98d5fcb_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:56df2f7095c98e6aa73caf59bbb088ef0824ce0db6acdd5c3a15df53bfd3dbdd_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:1d348086632e5f94c923f91e40c823ab1c27c3b0abc008e8266abe2fd86062a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:60c9d0b547ad4d46cdabeb0dfb0c835c68c43bd34cd83b196155899b93017e38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:6f1ad9675887881dfaa7a8dd81a36ad86c9148f4882141f74b66b28144a73f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:5f61cf084b1d79ee1b651f2b1777ff238c3e31eb76eba71ccb33b01c46f8c1af_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:873167913efce726fe05667f2a5d3bbdd4aeedc6db905833c9ec620f39a33bd0_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:f96f5d774a07b8f345ddab253cc2671c92a8ba85dda89bd89e5e3c4f126eca50_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:3e647011ba1561919aaac2c65fe605eff4c64fff4cc229e12490f90dcebf3669_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:8eebdb1fa9004bc34fc637ac6e8f195d0f7b71356714ef495c4c1f89d783eb84_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:68ca253d57a89eedda4bd65486ca480a25dd15ea1f7ff0376a50c7f4a40e1395_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:ba0929d09d596250ce4c35fc8e8ea1a325c35e87cac2fd4106d96573a870db12_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:feebb0e5015cba9d86d8ebf711c993f958f4cd01a935a136232b64fdd25bec0c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON"
},
{
"cve": "CVE-2024-49767",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-10-25T20:00:37.993073+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:3fc2da180ef549a8041ebe6a5f5f24869a012a2416c2d3e154b2a5ba9645bf60_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:c2a79db6d2ba9c313640149a55f306e8aa4dc36f3cc24bf554c025503b013644_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:0d5e5f17b2eac616c8f5701f89e7309b35000bb7771c311f8763b7b9d1f174a0_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:c5d22d63f967e5cf4bd35488dcf64ce0765a6a2a1070a911f66d7bf6f94f1136_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f7b6a45b4db2861c7e1ea225405ffcac3cf112b8eb9cf5a1c9fa7ffb68f6820_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:3e670a110eb3a6e59c6051b485bc88d39cb921b31854f36073f2088d52b53ce1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:efe0ec7e60c371b02f2d8431aab69eb1e2ff6c9c93c83d48f8b5e8a5e8d6e46f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:1fe9fb65f747f217c0f247519b23f702d0dfdb9fb471f99382afa9c25fec3c6f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:4bc8931d063ab56fc99a62bf5b606e9f99addb61b6c097ee0401f7e31787a123_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:348e66c3e1e3c17106c4f4957c5e7b9bcefec80deb00e4900066262c356bc308_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f1861c81fbb70c28f408072b1bf1b4b79ae1a19637700c455f8133d191e78e6b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:ab129822211bc9af41a3a52ff10a88d7349a122d0c4e215c824f4e77437cad5e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:59aa33eb2adff1533465d89a6b86cb52c1823a4b724cc5fa535445277826ecf6_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:d0e26b14b5c09c23193fbca6409e6a7124baa97138dfc75de17b48241636a4da_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:c693bd7449c90b7406ce66652524d575c2b875d5c9f14f7ced79adf9c98d5fcb_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:56df2f7095c98e6aa73caf59bbb088ef0824ce0db6acdd5c3a15df53bfd3dbdd_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:1d348086632e5f94c923f91e40c823ab1c27c3b0abc008e8266abe2fd86062a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:60c9d0b547ad4d46cdabeb0dfb0c835c68c43bd34cd83b196155899b93017e38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:6f1ad9675887881dfaa7a8dd81a36ad86c9148f4882141f74b66b28144a73f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:873167913efce726fe05667f2a5d3bbdd4aeedc6db905833c9ec620f39a33bd0_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:f96f5d774a07b8f345ddab253cc2671c92a8ba85dda89bd89e5e3c4f126eca50_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:3e647011ba1561919aaac2c65fe605eff4c64fff4cc229e12490f90dcebf3669_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:8eebdb1fa9004bc34fc637ac6e8f195d0f7b71356714ef495c4c1f89d783eb84_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:68ca253d57a89eedda4bd65486ca480a25dd15ea1f7ff0376a50c7f4a40e1395_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:ba0929d09d596250ce4c35fc8e8ea1a325c35e87cac2fd4106d96573a870db12_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:feebb0e5015cba9d86d8ebf711c993f958f4cd01a935a136232b64fdd25bec0c_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2321829"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Werkzueg web application library. Applications using Werkzeug to parse multipart/form-data requests are vulnerable to resource exhaustion. A specially crafted form body can bypass the Request.max_form_memory_size setting and trigger a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "werkzeug: python-werkzeug: Werkzeug possible resource exhaustion when parsing file data in forms",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:5f61cf084b1d79ee1b651f2b1777ff238c3e31eb76eba71ccb33b01c46f8c1af_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:3fc2da180ef549a8041ebe6a5f5f24869a012a2416c2d3e154b2a5ba9645bf60_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:c2a79db6d2ba9c313640149a55f306e8aa4dc36f3cc24bf554c025503b013644_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:0d5e5f17b2eac616c8f5701f89e7309b35000bb7771c311f8763b7b9d1f174a0_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:c5d22d63f967e5cf4bd35488dcf64ce0765a6a2a1070a911f66d7bf6f94f1136_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f7b6a45b4db2861c7e1ea225405ffcac3cf112b8eb9cf5a1c9fa7ffb68f6820_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:3e670a110eb3a6e59c6051b485bc88d39cb921b31854f36073f2088d52b53ce1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:efe0ec7e60c371b02f2d8431aab69eb1e2ff6c9c93c83d48f8b5e8a5e8d6e46f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:1fe9fb65f747f217c0f247519b23f702d0dfdb9fb471f99382afa9c25fec3c6f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:4bc8931d063ab56fc99a62bf5b606e9f99addb61b6c097ee0401f7e31787a123_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:348e66c3e1e3c17106c4f4957c5e7b9bcefec80deb00e4900066262c356bc308_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f1861c81fbb70c28f408072b1bf1b4b79ae1a19637700c455f8133d191e78e6b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:ab129822211bc9af41a3a52ff10a88d7349a122d0c4e215c824f4e77437cad5e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:59aa33eb2adff1533465d89a6b86cb52c1823a4b724cc5fa535445277826ecf6_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:d0e26b14b5c09c23193fbca6409e6a7124baa97138dfc75de17b48241636a4da_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:c693bd7449c90b7406ce66652524d575c2b875d5c9f14f7ced79adf9c98d5fcb_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:56df2f7095c98e6aa73caf59bbb088ef0824ce0db6acdd5c3a15df53bfd3dbdd_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:1d348086632e5f94c923f91e40c823ab1c27c3b0abc008e8266abe2fd86062a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:60c9d0b547ad4d46cdabeb0dfb0c835c68c43bd34cd83b196155899b93017e38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:6f1ad9675887881dfaa7a8dd81a36ad86c9148f4882141f74b66b28144a73f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:873167913efce726fe05667f2a5d3bbdd4aeedc6db905833c9ec620f39a33bd0_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:f96f5d774a07b8f345ddab253cc2671c92a8ba85dda89bd89e5e3c4f126eca50_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:3e647011ba1561919aaac2c65fe605eff4c64fff4cc229e12490f90dcebf3669_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:8eebdb1fa9004bc34fc637ac6e8f195d0f7b71356714ef495c4c1f89d783eb84_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:68ca253d57a89eedda4bd65486ca480a25dd15ea1f7ff0376a50c7f4a40e1395_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:ba0929d09d596250ce4c35fc8e8ea1a325c35e87cac2fd4106d96573a870db12_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:feebb0e5015cba9d86d8ebf711c993f958f4cd01a935a136232b64fdd25bec0c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-49767"
},
{
"category": "external",
"summary": "RHBZ#2321829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2321829"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-49767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49767"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-49767",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49767"
},
{
"category": "external",
"summary": "https://github.com/pallets/quart/commit/5e78c4169b8eb66b91ead3e62d44721b9e1644ee",
"url": "https://github.com/pallets/quart/commit/5e78c4169b8eb66b91ead3e62d44721b9e1644ee"
},
{
"category": "external",
"summary": "https://github.com/pallets/werkzeug/commit/50cfeebcb0727e18cc52ffbeb125f4a66551179b",
"url": "https://github.com/pallets/werkzeug/commit/50cfeebcb0727e18cc52ffbeb125f4a66551179b"
},
{
"category": "external",
"summary": "https://github.com/pallets/werkzeug/releases/tag/3.0.6",
"url": "https://github.com/pallets/werkzeug/releases/tag/3.0.6"
},
{
"category": "external",
"summary": "https://github.com/pallets/werkzeug/security/advisories/GHSA-q34m-jh98-gwm2",
"url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-q34m-jh98-gwm2"
}
],
"release_date": "2024-10-25T19:41:35.029000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-12-05T14:54:56+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:5f61cf084b1d79ee1b651f2b1777ff238c3e31eb76eba71ccb33b01c46f8c1af_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:10852"
},
{
"category": "workaround",
"details": "The Request.max_content_length setting and resource limits provided by deployment software and platforms are available to limit the resources used during a request. This vulnerability does not affect those settings. All three types of limits should be considered and set appropriately when deploying an application.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:3fc2da180ef549a8041ebe6a5f5f24869a012a2416c2d3e154b2a5ba9645bf60_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:c2a79db6d2ba9c313640149a55f306e8aa4dc36f3cc24bf554c025503b013644_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:0d5e5f17b2eac616c8f5701f89e7309b35000bb7771c311f8763b7b9d1f174a0_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:c5d22d63f967e5cf4bd35488dcf64ce0765a6a2a1070a911f66d7bf6f94f1136_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f7b6a45b4db2861c7e1ea225405ffcac3cf112b8eb9cf5a1c9fa7ffb68f6820_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:3e670a110eb3a6e59c6051b485bc88d39cb921b31854f36073f2088d52b53ce1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:efe0ec7e60c371b02f2d8431aab69eb1e2ff6c9c93c83d48f8b5e8a5e8d6e46f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:1fe9fb65f747f217c0f247519b23f702d0dfdb9fb471f99382afa9c25fec3c6f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:4bc8931d063ab56fc99a62bf5b606e9f99addb61b6c097ee0401f7e31787a123_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:348e66c3e1e3c17106c4f4957c5e7b9bcefec80deb00e4900066262c356bc308_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f1861c81fbb70c28f408072b1bf1b4b79ae1a19637700c455f8133d191e78e6b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:ab129822211bc9af41a3a52ff10a88d7349a122d0c4e215c824f4e77437cad5e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:59aa33eb2adff1533465d89a6b86cb52c1823a4b724cc5fa535445277826ecf6_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:d0e26b14b5c09c23193fbca6409e6a7124baa97138dfc75de17b48241636a4da_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:c693bd7449c90b7406ce66652524d575c2b875d5c9f14f7ced79adf9c98d5fcb_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:56df2f7095c98e6aa73caf59bbb088ef0824ce0db6acdd5c3a15df53bfd3dbdd_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:1d348086632e5f94c923f91e40c823ab1c27c3b0abc008e8266abe2fd86062a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:60c9d0b547ad4d46cdabeb0dfb0c835c68c43bd34cd83b196155899b93017e38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:6f1ad9675887881dfaa7a8dd81a36ad86c9148f4882141f74b66b28144a73f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:5f61cf084b1d79ee1b651f2b1777ff238c3e31eb76eba71ccb33b01c46f8c1af_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:873167913efce726fe05667f2a5d3bbdd4aeedc6db905833c9ec620f39a33bd0_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:f96f5d774a07b8f345ddab253cc2671c92a8ba85dda89bd89e5e3c4f126eca50_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:3e647011ba1561919aaac2c65fe605eff4c64fff4cc229e12490f90dcebf3669_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:8eebdb1fa9004bc34fc637ac6e8f195d0f7b71356714ef495c4c1f89d783eb84_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:68ca253d57a89eedda4bd65486ca480a25dd15ea1f7ff0376a50c7f4a40e1395_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:ba0929d09d596250ce4c35fc8e8ea1a325c35e87cac2fd4106d96573a870db12_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:feebb0e5015cba9d86d8ebf711c993f958f4cd01a935a136232b64fdd25bec0c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:3fc2da180ef549a8041ebe6a5f5f24869a012a2416c2d3e154b2a5ba9645bf60_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:c2a79db6d2ba9c313640149a55f306e8aa4dc36f3cc24bf554c025503b013644_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:0d5e5f17b2eac616c8f5701f89e7309b35000bb7771c311f8763b7b9d1f174a0_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:c5d22d63f967e5cf4bd35488dcf64ce0765a6a2a1070a911f66d7bf6f94f1136_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f7b6a45b4db2861c7e1ea225405ffcac3cf112b8eb9cf5a1c9fa7ffb68f6820_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:3e670a110eb3a6e59c6051b485bc88d39cb921b31854f36073f2088d52b53ce1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:efe0ec7e60c371b02f2d8431aab69eb1e2ff6c9c93c83d48f8b5e8a5e8d6e46f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:1fe9fb65f747f217c0f247519b23f702d0dfdb9fb471f99382afa9c25fec3c6f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:4bc8931d063ab56fc99a62bf5b606e9f99addb61b6c097ee0401f7e31787a123_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:348e66c3e1e3c17106c4f4957c5e7b9bcefec80deb00e4900066262c356bc308_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f1861c81fbb70c28f408072b1bf1b4b79ae1a19637700c455f8133d191e78e6b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:ab129822211bc9af41a3a52ff10a88d7349a122d0c4e215c824f4e77437cad5e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:59aa33eb2adff1533465d89a6b86cb52c1823a4b724cc5fa535445277826ecf6_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:d0e26b14b5c09c23193fbca6409e6a7124baa97138dfc75de17b48241636a4da_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:c693bd7449c90b7406ce66652524d575c2b875d5c9f14f7ced79adf9c98d5fcb_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:56df2f7095c98e6aa73caf59bbb088ef0824ce0db6acdd5c3a15df53bfd3dbdd_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:1d348086632e5f94c923f91e40c823ab1c27c3b0abc008e8266abe2fd86062a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:60c9d0b547ad4d46cdabeb0dfb0c835c68c43bd34cd83b196155899b93017e38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:6f1ad9675887881dfaa7a8dd81a36ad86c9148f4882141f74b66b28144a73f29_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:5f61cf084b1d79ee1b651f2b1777ff238c3e31eb76eba71ccb33b01c46f8c1af_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:873167913efce726fe05667f2a5d3bbdd4aeedc6db905833c9ec620f39a33bd0_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:f96f5d774a07b8f345ddab253cc2671c92a8ba85dda89bd89e5e3c4f126eca50_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:3e647011ba1561919aaac2c65fe605eff4c64fff4cc229e12490f90dcebf3669_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:8eebdb1fa9004bc34fc637ac6e8f195d0f7b71356714ef495c4c1f89d783eb84_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:68ca253d57a89eedda4bd65486ca480a25dd15ea1f7ff0376a50c7f4a40e1395_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:ba0929d09d596250ce4c35fc8e8ea1a325c35e87cac2fd4106d96573a870db12_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:feebb0e5015cba9d86d8ebf711c993f958f4cd01a935a136232b64fdd25bec0c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "werkzeug: python-werkzeug: Werkzeug possible resource exhaustion when parsing file data in forms"
}
]
}
RHSA-2025:3714
Vulnerability from csaf_redhat - Published: 2025-04-08 19:22 - Updated: 2026-06-02 15:11Summary
Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.14.2
Severity
Critical
Notes
Topic: cert-manager Operator for Red Hat OpenShift 1.14.2
Details: The cert-manager Operator for Red Hat OpenShift builds on top of Kubernetes, introducing certificate authorities and certificates as first-class resource types in the Kubernetes API. This makes it possible to provide certificates-as-a-service to developers working within your Kubernetes cluster.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information.
6.0 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:2f3ffd42acbea226e8245a27ab6f5dda831dc2d9257f7ef7d5f9c067df305605_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:383d3e03d07f5203a2f002ac6c558549f0b4a54e442332178100094fd076f5fe_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a594b7ff2fa1ff1b5e6764815d792ea546901edd566e8d2ec84674b3b1248bf1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:d2b37ee05356f9b32b677c0edecf9b942ec5102655715a067dc35279c597dd9e_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:0f576aede28d85a5157a400605680821d2f9bc8fa5ae0f1c88116c8b73a692f8_ppc64le | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:43cdb26e404d68d3b86d48fbfba0bf427ae8215fcf6abc014e3ce9fa026d2d7f_arm64 | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:6147724b354a70fe9ddd6e255fc7307f5eed01a41a4e26f7e83aed95d640157d_amd64 | — |
Workaround
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:cc360ce8ff69de2615e1542327f3f4938ac0934c9da610d28ea310d005692e20_s390x | — |
Workaround
|
Threats
Impact
Moderate
A vulnerability was found in Authorization plugins in Docker Engine (AuthZ). Using a specially-crafted API request, an Engine API client could make the daemon forward a request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request that it would have otherwise denied if the body had been forwarded to it.
9.9 (Critical)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:2f3ffd42acbea226e8245a27ab6f5dda831dc2d9257f7ef7d5f9c067df305605_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:383d3e03d07f5203a2f002ac6c558549f0b4a54e442332178100094fd076f5fe_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a594b7ff2fa1ff1b5e6764815d792ea546901edd566e8d2ec84674b3b1248bf1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:d2b37ee05356f9b32b677c0edecf9b942ec5102655715a067dc35279c597dd9e_amd64 | — |
Vendor Fix
fix
|
Known not affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:0f576aede28d85a5157a400605680821d2f9bc8fa5ae0f1c88116c8b73a692f8_ppc64le | — | ||
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:43cdb26e404d68d3b86d48fbfba0bf427ae8215fcf6abc014e3ce9fa026d2d7f_arm64 | — | ||
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:6147724b354a70fe9ddd6e255fc7307f5eed01a41a4e26f7e83aed95d640157d_amd64 | — | ||
| Unresolved product id: cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:cc360ce8ff69de2615e1542327f3f4938ac0934c9da610d28ea310d005692e20_s390x | — |
Threats
Impact
Critical
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cert-manager Operator for Red Hat OpenShift 1.14.2",
"title": "Topic"
},
{
"category": "general",
"text": "The cert-manager Operator for Red Hat OpenShift builds on top of Kubernetes, introducing certificate authorities and certificates as first-class resource types in the Kubernetes API. This makes it possible to provide certificates-as-a-service to developers working within your Kubernetes cluster.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:3714",
"url": "https://access.redhat.com/errata/RHSA-2025:3714"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-41110",
"url": "https://access.redhat.com/security/cve/CVE-2024-41110"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-6104",
"url": "https://access.redhat.com/security/cve/CVE-2024-6104"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html",
"url": "https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3714.json"
}
],
"title": "Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.14.2",
"tracking": {
"current_release_date": "2026-06-02T15:11:26+00:00",
"generator": {
"date": "2026-06-02T15:11:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:3714",
"initial_release_date": "2025-04-08T19:22:48+00:00",
"revision_history": [
{
"date": "2025-04-08T19:22:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-04-08T19:22:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-02T15:11:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "cert-manager operator for Red Hat OpenShift 1.14",
"product": {
"name": "cert-manager operator for Red Hat OpenShift 1.14",
"product_id": "cert-manager operator for Red Hat OpenShift 1.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cert_manager:1.14::el9"
}
}
}
],
"category": "product_family",
"name": "cert-manager operator for Red Hat OpenShift"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:d2b37ee05356f9b32b677c0edecf9b942ec5102655715a067dc35279c597dd9e_amd64",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:d2b37ee05356f9b32b677c0edecf9b942ec5102655715a067dc35279c597dd9e_amd64",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:d2b37ee05356f9b32b677c0edecf9b942ec5102655715a067dc35279c597dd9e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-rhel9@sha256%3Ad2b37ee05356f9b32b677c0edecf9b942ec5102655715a067dc35279c597dd9e?arch=amd64\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=v1.14.7-1743759417"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:6147724b354a70fe9ddd6e255fc7307f5eed01a41a4e26f7e83aed95d640157d_amd64",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:6147724b354a70fe9ddd6e255fc7307f5eed01a41a4e26f7e83aed95d640157d_amd64",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:6147724b354a70fe9ddd6e255fc7307f5eed01a41a4e26f7e83aed95d640157d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-acmesolver-rhel9@sha256%3A6147724b354a70fe9ddd6e255fc7307f5eed01a41a4e26f7e83aed95d640157d?arch=amd64\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=v1.14.7-1743760064"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a594b7ff2fa1ff1b5e6764815d792ea546901edd566e8d2ec84674b3b1248bf1_s390x",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a594b7ff2fa1ff1b5e6764815d792ea546901edd566e8d2ec84674b3b1248bf1_s390x",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a594b7ff2fa1ff1b5e6764815d792ea546901edd566e8d2ec84674b3b1248bf1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-rhel9@sha256%3Aa594b7ff2fa1ff1b5e6764815d792ea546901edd566e8d2ec84674b3b1248bf1?arch=s390x\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=v1.14.7-1743759417"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:cc360ce8ff69de2615e1542327f3f4938ac0934c9da610d28ea310d005692e20_s390x",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:cc360ce8ff69de2615e1542327f3f4938ac0934c9da610d28ea310d005692e20_s390x",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:cc360ce8ff69de2615e1542327f3f4938ac0934c9da610d28ea310d005692e20_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-acmesolver-rhel9@sha256%3Acc360ce8ff69de2615e1542327f3f4938ac0934c9da610d28ea310d005692e20?arch=s390x\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=v1.14.7-1743760064"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:2f3ffd42acbea226e8245a27ab6f5dda831dc2d9257f7ef7d5f9c067df305605_ppc64le",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:2f3ffd42acbea226e8245a27ab6f5dda831dc2d9257f7ef7d5f9c067df305605_ppc64le",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:2f3ffd42acbea226e8245a27ab6f5dda831dc2d9257f7ef7d5f9c067df305605_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-rhel9@sha256%3A2f3ffd42acbea226e8245a27ab6f5dda831dc2d9257f7ef7d5f9c067df305605?arch=ppc64le\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=v1.14.7-1743759417"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:0f576aede28d85a5157a400605680821d2f9bc8fa5ae0f1c88116c8b73a692f8_ppc64le",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:0f576aede28d85a5157a400605680821d2f9bc8fa5ae0f1c88116c8b73a692f8_ppc64le",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:0f576aede28d85a5157a400605680821d2f9bc8fa5ae0f1c88116c8b73a692f8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-acmesolver-rhel9@sha256%3A0f576aede28d85a5157a400605680821d2f9bc8fa5ae0f1c88116c8b73a692f8?arch=ppc64le\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=v1.14.7-1743760064"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:383d3e03d07f5203a2f002ac6c558549f0b4a54e442332178100094fd076f5fe_arm64",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:383d3e03d07f5203a2f002ac6c558549f0b4a54e442332178100094fd076f5fe_arm64",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:383d3e03d07f5203a2f002ac6c558549f0b4a54e442332178100094fd076f5fe_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-rhel9@sha256%3A383d3e03d07f5203a2f002ac6c558549f0b4a54e442332178100094fd076f5fe?arch=arm64\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=v1.14.7-1743759417"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:43cdb26e404d68d3b86d48fbfba0bf427ae8215fcf6abc014e3ce9fa026d2d7f_arm64",
"product": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:43cdb26e404d68d3b86d48fbfba0bf427ae8215fcf6abc014e3ce9fa026d2d7f_arm64",
"product_id": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:43cdb26e404d68d3b86d48fbfba0bf427ae8215fcf6abc014e3ce9fa026d2d7f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jetstack-cert-manager-acmesolver-rhel9@sha256%3A43cdb26e404d68d3b86d48fbfba0bf427ae8215fcf6abc014e3ce9fa026d2d7f?arch=arm64\u0026repository_url=registry.redhat.io/cert-manager\u0026tag=v1.14.7-1743760064"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:0f576aede28d85a5157a400605680821d2f9bc8fa5ae0f1c88116c8b73a692f8_ppc64le as a component of cert-manager operator for Red Hat OpenShift 1.14",
"product_id": "cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:0f576aede28d85a5157a400605680821d2f9bc8fa5ae0f1c88116c8b73a692f8_ppc64le"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:0f576aede28d85a5157a400605680821d2f9bc8fa5ae0f1c88116c8b73a692f8_ppc64le",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:43cdb26e404d68d3b86d48fbfba0bf427ae8215fcf6abc014e3ce9fa026d2d7f_arm64 as a component of cert-manager operator for Red Hat OpenShift 1.14",
"product_id": "cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:43cdb26e404d68d3b86d48fbfba0bf427ae8215fcf6abc014e3ce9fa026d2d7f_arm64"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:43cdb26e404d68d3b86d48fbfba0bf427ae8215fcf6abc014e3ce9fa026d2d7f_arm64",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:6147724b354a70fe9ddd6e255fc7307f5eed01a41a4e26f7e83aed95d640157d_amd64 as a component of cert-manager operator for Red Hat OpenShift 1.14",
"product_id": "cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:6147724b354a70fe9ddd6e255fc7307f5eed01a41a4e26f7e83aed95d640157d_amd64"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:6147724b354a70fe9ddd6e255fc7307f5eed01a41a4e26f7e83aed95d640157d_amd64",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:cc360ce8ff69de2615e1542327f3f4938ac0934c9da610d28ea310d005692e20_s390x as a component of cert-manager operator for Red Hat OpenShift 1.14",
"product_id": "cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:cc360ce8ff69de2615e1542327f3f4938ac0934c9da610d28ea310d005692e20_s390x"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:cc360ce8ff69de2615e1542327f3f4938ac0934c9da610d28ea310d005692e20_s390x",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:2f3ffd42acbea226e8245a27ab6f5dda831dc2d9257f7ef7d5f9c067df305605_ppc64le as a component of cert-manager operator for Red Hat OpenShift 1.14",
"product_id": "cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:2f3ffd42acbea226e8245a27ab6f5dda831dc2d9257f7ef7d5f9c067df305605_ppc64le"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:2f3ffd42acbea226e8245a27ab6f5dda831dc2d9257f7ef7d5f9c067df305605_ppc64le",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:383d3e03d07f5203a2f002ac6c558549f0b4a54e442332178100094fd076f5fe_arm64 as a component of cert-manager operator for Red Hat OpenShift 1.14",
"product_id": "cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:383d3e03d07f5203a2f002ac6c558549f0b4a54e442332178100094fd076f5fe_arm64"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:383d3e03d07f5203a2f002ac6c558549f0b4a54e442332178100094fd076f5fe_arm64",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a594b7ff2fa1ff1b5e6764815d792ea546901edd566e8d2ec84674b3b1248bf1_s390x as a component of cert-manager operator for Red Hat OpenShift 1.14",
"product_id": "cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a594b7ff2fa1ff1b5e6764815d792ea546901edd566e8d2ec84674b3b1248bf1_s390x"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a594b7ff2fa1ff1b5e6764815d792ea546901edd566e8d2ec84674b3b1248bf1_s390x",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:d2b37ee05356f9b32b677c0edecf9b942ec5102655715a067dc35279c597dd9e_amd64 as a component of cert-manager operator for Red Hat OpenShift 1.14",
"product_id": "cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:d2b37ee05356f9b32b677c0edecf9b942ec5102655715a067dc35279c597dd9e_amd64"
},
"product_reference": "registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:d2b37ee05356f9b32b677c0edecf9b942ec5102655715a067dc35279c597dd9e_amd64",
"relates_to_product_reference": "cert-manager operator for Red Hat OpenShift 1.14"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-6104",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2024-06-24T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:0f576aede28d85a5157a400605680821d2f9bc8fa5ae0f1c88116c8b73a692f8_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:43cdb26e404d68d3b86d48fbfba0bf427ae8215fcf6abc014e3ce9fa026d2d7f_arm64",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:6147724b354a70fe9ddd6e255fc7307f5eed01a41a4e26f7e83aed95d640157d_amd64",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:cc360ce8ff69de2615e1542327f3f4938ac0934c9da610d28ea310d005692e20_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2294000"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go-retryablehttp: url might write sensitive information to log file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:2f3ffd42acbea226e8245a27ab6f5dda831dc2d9257f7ef7d5f9c067df305605_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:383d3e03d07f5203a2f002ac6c558549f0b4a54e442332178100094fd076f5fe_arm64",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a594b7ff2fa1ff1b5e6764815d792ea546901edd566e8d2ec84674b3b1248bf1_s390x",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:d2b37ee05356f9b32b677c0edecf9b942ec5102655715a067dc35279c597dd9e_amd64"
],
"known_not_affected": [
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:0f576aede28d85a5157a400605680821d2f9bc8fa5ae0f1c88116c8b73a692f8_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:43cdb26e404d68d3b86d48fbfba0bf427ae8215fcf6abc014e3ce9fa026d2d7f_arm64",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:6147724b354a70fe9ddd6e255fc7307f5eed01a41a4e26f7e83aed95d640157d_amd64",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:cc360ce8ff69de2615e1542327f3f4938ac0934c9da610d28ea310d005692e20_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-6104"
},
{
"category": "external",
"summary": "RHBZ#2294000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-6104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6104"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-6104",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6104"
}
],
"release_date": "2024-06-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-08T19:22:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used when installing the cert-manager Operator for Red Hat OpenShift.\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a new version of the Operator. No further action is required to upgrade. This is the default setting.\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional information.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:2f3ffd42acbea226e8245a27ab6f5dda831dc2d9257f7ef7d5f9c067df305605_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:383d3e03d07f5203a2f002ac6c558549f0b4a54e442332178100094fd076f5fe_arm64",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a594b7ff2fa1ff1b5e6764815d792ea546901edd566e8d2ec84674b3b1248bf1_s390x",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:d2b37ee05356f9b32b677c0edecf9b942ec5102655715a067dc35279c597dd9e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3714"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:0f576aede28d85a5157a400605680821d2f9bc8fa5ae0f1c88116c8b73a692f8_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:43cdb26e404d68d3b86d48fbfba0bf427ae8215fcf6abc014e3ce9fa026d2d7f_arm64",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:6147724b354a70fe9ddd6e255fc7307f5eed01a41a4e26f7e83aed95d640157d_amd64",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:cc360ce8ff69de2615e1542327f3f4938ac0934c9da610d28ea310d005692e20_s390x",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:2f3ffd42acbea226e8245a27ab6f5dda831dc2d9257f7ef7d5f9c067df305605_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:383d3e03d07f5203a2f002ac6c558549f0b4a54e442332178100094fd076f5fe_arm64",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a594b7ff2fa1ff1b5e6764815d792ea546901edd566e8d2ec84674b3b1248bf1_s390x",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:d2b37ee05356f9b32b677c0edecf9b942ec5102655715a067dc35279c597dd9e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:0f576aede28d85a5157a400605680821d2f9bc8fa5ae0f1c88116c8b73a692f8_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:43cdb26e404d68d3b86d48fbfba0bf427ae8215fcf6abc014e3ce9fa026d2d7f_arm64",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:6147724b354a70fe9ddd6e255fc7307f5eed01a41a4e26f7e83aed95d640157d_amd64",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:cc360ce8ff69de2615e1542327f3f4938ac0934c9da610d28ea310d005692e20_s390x",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:2f3ffd42acbea226e8245a27ab6f5dda831dc2d9257f7ef7d5f9c067df305605_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:383d3e03d07f5203a2f002ac6c558549f0b4a54e442332178100094fd076f5fe_arm64",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a594b7ff2fa1ff1b5e6764815d792ea546901edd566e8d2ec84674b3b1248bf1_s390x",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:d2b37ee05356f9b32b677c0edecf9b942ec5102655715a067dc35279c597dd9e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "go-retryablehttp: url might write sensitive information to log file"
},
{
"cve": "CVE-2024-41110",
"cwe": {
"id": "CWE-807",
"name": "Reliance on Untrusted Inputs in a Security Decision"
},
"discovery_date": "2024-07-24T17:20:58+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:0f576aede28d85a5157a400605680821d2f9bc8fa5ae0f1c88116c8b73a692f8_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:43cdb26e404d68d3b86d48fbfba0bf427ae8215fcf6abc014e3ce9fa026d2d7f_arm64",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:6147724b354a70fe9ddd6e255fc7307f5eed01a41a4e26f7e83aed95d640157d_amd64",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:cc360ce8ff69de2615e1542327f3f4938ac0934c9da610d28ea310d005692e20_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2299720"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Authorization plugins in Docker Engine (AuthZ). Using a specially-crafted API request, an Engine API client could make the daemon forward a request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request that it would have otherwise denied if the body had been forwarded to it.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "moby: Authz zero length regression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is a regression of a fix from a 2019 issue for this same scenario, which was not carried forward.\nAnyone who depends on authorization plugins that introspect the request or response body to make access control decisions may be impacted.\n\nRed Hat does not ship AuthZ plugin in any of the current container tools such as Podman, Buildah, Skopeo, and containernetworking-plugins, therefore, they are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:2f3ffd42acbea226e8245a27ab6f5dda831dc2d9257f7ef7d5f9c067df305605_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:383d3e03d07f5203a2f002ac6c558549f0b4a54e442332178100094fd076f5fe_arm64",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a594b7ff2fa1ff1b5e6764815d792ea546901edd566e8d2ec84674b3b1248bf1_s390x",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:d2b37ee05356f9b32b677c0edecf9b942ec5102655715a067dc35279c597dd9e_amd64"
],
"known_not_affected": [
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:0f576aede28d85a5157a400605680821d2f9bc8fa5ae0f1c88116c8b73a692f8_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:43cdb26e404d68d3b86d48fbfba0bf427ae8215fcf6abc014e3ce9fa026d2d7f_arm64",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:6147724b354a70fe9ddd6e255fc7307f5eed01a41a4e26f7e83aed95d640157d_amd64",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:cc360ce8ff69de2615e1542327f3f4938ac0934c9da610d28ea310d005692e20_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-41110"
},
{
"category": "external",
"summary": "RHBZ#2299720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2299720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-41110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41110"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-41110",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41110"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191",
"url": "https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76",
"url": "https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919",
"url": "https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b",
"url": "https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0",
"url": "https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1",
"url": "https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00",
"url": "https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f",
"url": "https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801",
"url": "https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb",
"url": "https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq",
"url": "https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq"
},
{
"category": "external",
"summary": "https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin",
"url": "https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin"
}
],
"release_date": "2024-07-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-08T19:22:48+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nThe steps to apply the upgraded images are different depending on the installation plan approval policy you used when installing the cert-manager Operator for Red Hat OpenShift.\n- If the approval policy is set to `Automatic`, then the Operator will be upgraded automatically when there is a new version of the Operator. No further action is required to upgrade. This is the default setting.\n- If you changed the approval policy to `Manual`, then you must manually approve the upgrade to the Operator.\nSee https://docs.openshift.com/container-platform/latest/security/cert_manager_operator/index.html for additional information.",
"product_ids": [
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:2f3ffd42acbea226e8245a27ab6f5dda831dc2d9257f7ef7d5f9c067df305605_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:383d3e03d07f5203a2f002ac6c558549f0b4a54e442332178100094fd076f5fe_arm64",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a594b7ff2fa1ff1b5e6764815d792ea546901edd566e8d2ec84674b3b1248bf1_s390x",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:d2b37ee05356f9b32b677c0edecf9b942ec5102655715a067dc35279c597dd9e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3714"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:0f576aede28d85a5157a400605680821d2f9bc8fa5ae0f1c88116c8b73a692f8_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:43cdb26e404d68d3b86d48fbfba0bf427ae8215fcf6abc014e3ce9fa026d2d7f_arm64",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:6147724b354a70fe9ddd6e255fc7307f5eed01a41a4e26f7e83aed95d640157d_amd64",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-acmesolver-rhel9@sha256:cc360ce8ff69de2615e1542327f3f4938ac0934c9da610d28ea310d005692e20_s390x",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:2f3ffd42acbea226e8245a27ab6f5dda831dc2d9257f7ef7d5f9c067df305605_ppc64le",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:383d3e03d07f5203a2f002ac6c558549f0b4a54e442332178100094fd076f5fe_arm64",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:a594b7ff2fa1ff1b5e6764815d792ea546901edd566e8d2ec84674b3b1248bf1_s390x",
"cert-manager operator for Red Hat OpenShift 1.14:registry.redhat.io/cert-manager/jetstack-cert-manager-rhel9@sha256:d2b37ee05356f9b32b677c0edecf9b942ec5102655715a067dc35279c597dd9e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "moby: Authz zero length regression"
}
]
}
SUSE-RU-2024:4391-1
Vulnerability from csaf_suse - Published: 2024-12-20 09:13 - Updated: 2024-12-20 09:13Summary
Recommended update for docker-stable
Severity
Moderate
Notes
Title of the patch: Recommended update for docker-stable
Description of the patch: This update for docker-stable fixes the following issues:
- Update docker-buildx to v0.19.2. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.19.2>.
Some notable changelogs from the last update:
* <https://github.com/docker/buildx/releases/tag/v0.19.0>
* <https://github.com/docker/buildx/releases/tag/v0.18.0>
- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to
disable the SUSEConnect integration with Docker (which creates special mounts
in /run/secrets to allow container-suseconnect to authenticate containers
with registries on registered hosts). bsc#1231348 bsc#1232999
In order to disable these mounts, just do
echo 0 > /etc/docker/suse-secrets-enable
and restart Docker. In order to re-enable them, just do
echo 1 > /etc/docker/suse-secrets-enable
and restart Docker. Docker will output information on startup to tell you
whether the SUSE secrets feature is enabled or not.
Patchnames: SUSE-2024-4391,SUSE-SLE-Module-Containers-15-SP5-2024-4391,SUSE-SLE-Module-Containers-15-SP6-2024-4391,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-4391,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-4391,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-4391,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-4391,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4391,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-4391,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-4391,SUSE-Storage-7.1-2024-4391,openSUSE-SLE-15.5-2024-4391,openSUSE-SLE-15.6-2024-4391
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-stable-24.0.9_ce-150000.1.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-stable-24.0.9_ce-150000.1.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-24.0.9_ce-150000.1.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-24.0.9_ce-150000.1.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-stable-fish-completion-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-stable-rootless-extras-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-stable-zsh-completion-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-stable-fish-completion-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-stable-rootless-extras-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-stable-zsh-completion-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
9.9 (Critical)
Affected products
Recommended
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-stable-24.0.9_ce-150000.1.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-stable-24.0.9_ce-150000.1.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-24.0.9_ce-150000.1.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-24.0.9_ce-150000.1.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-stable-fish-completion-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-stable-rootless-extras-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-stable-zsh-completion-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-stable-fish-completion-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-stable-rootless-extras-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-stable-zsh-completion-24.0.9_ce-150000.1.8.1.noarch | — |
Vendor Fix
|
Threats
Impact
critical
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Recommended update for docker-stable",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for docker-stable fixes the following issues:\n\n- Update docker-buildx to v0.19.2. See upstream changelog online at\n \u003chttps://github.com/docker/buildx/releases/tag/v0.19.2\u003e.\n Some notable changelogs from the last update:\n * \u003chttps://github.com/docker/buildx/releases/tag/v0.19.0\u003e\n\t* \u003chttps://github.com/docker/buildx/releases/tag/v0.18.0\u003e\n\n- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to\n disable the SUSEConnect integration with Docker (which creates special mounts\n in /run/secrets to allow container-suseconnect to authenticate containers\n with registries on registered hosts). bsc#1231348 bsc#1232999\n In order to disable these mounts, just do\n echo 0 \u003e /etc/docker/suse-secrets-enable\n and restart Docker. In order to re-enable them, just do\n echo 1 \u003e /etc/docker/suse-secrets-enable\n and restart Docker. Docker will output information on startup to tell you\n whether the SUSE secrets feature is enabled or not.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-4391,SUSE-SLE-Module-Containers-15-SP5-2024-4391,SUSE-SLE-Module-Containers-15-SP6-2024-4391,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-4391,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-4391,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-4391,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-4391,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4391,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-4391,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-4391,SUSE-Storage-7.1-2024-4391,openSUSE-SLE-15.5-2024-4391,openSUSE-SLE-15.6-2024-4391",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-ru-2024_4391-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-RU-2024:4391-1",
"url": "https://www.suse.com/support/update/announcement//suse-ru-20244391-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-RU-2024:4391-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-December/037926.html"
},
{
"category": "self",
"summary": "SUSE Bug 1231348",
"url": "https://bugzilla.suse.com/1231348"
},
{
"category": "self",
"summary": "SUSE Bug 1232999",
"url": "https://bugzilla.suse.com/1232999"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-23653 page",
"url": "https://www.suse.com/security/cve/CVE-2024-23653/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41110 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41110/"
}
],
"title": "Recommended update for docker-stable",
"tracking": {
"current_release_date": "2024-12-20T09:13:20Z",
"generator": {
"date": "2024-12-20T09:13:20Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-RU-2024:4391-1",
"initial_release_date": "2024-12-20T09:13:20Z",
"revision_history": [
{
"date": "2024-12-20T09:13:20Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"product": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"product_id": "docker-stable-24.0.9_ce-150000.1.8.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-150000.1.8.1.i586",
"product": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.i586",
"product_id": "docker-stable-24.0.9_ce-150000.1.8.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"product": {
"name": "docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"product_id": "docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-stable-fish-completion-24.0.9_ce-150000.1.8.1.noarch",
"product": {
"name": "docker-stable-fish-completion-24.0.9_ce-150000.1.8.1.noarch",
"product_id": "docker-stable-fish-completion-24.0.9_ce-150000.1.8.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-stable-rootless-extras-24.0.9_ce-150000.1.8.1.noarch",
"product": {
"name": "docker-stable-rootless-extras-24.0.9_ce-150000.1.8.1.noarch",
"product_id": "docker-stable-rootless-extras-24.0.9_ce-150000.1.8.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-stable-zsh-completion-24.0.9_ce-150000.1.8.1.noarch",
"product": {
"name": "docker-stable-zsh-completion-24.0.9_ce-150000.1.8.1.noarch",
"product_id": "docker-stable-zsh-completion-24.0.9_ce-150000.1.8.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"product": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"product_id": "docker-stable-24.0.9_ce-150000.1.8.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"product": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"product_id": "docker-stable-24.0.9_ce-150000.1.8.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"product": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"product_id": "docker-stable-24.0.9_ce-150000.1.8.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.aarch64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.s390x"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.aarch64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.s390x"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.s390x"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.s390x"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-24.0.9_ce-150000.1.8.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-24.0.9_ce-150000.1.8.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:docker-stable-24.0.9_ce-150000.1.8.1.aarch64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:docker-stable-24.0.9_ce-150000.1.8.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.aarch64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.s390x"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-fish-completion-24.0.9_ce-150000.1.8.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:docker-stable-fish-completion-24.0.9_ce-150000.1.8.1.noarch"
},
"product_reference": "docker-stable-fish-completion-24.0.9_ce-150000.1.8.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-rootless-extras-24.0.9_ce-150000.1.8.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:docker-stable-rootless-extras-24.0.9_ce-150000.1.8.1.noarch"
},
"product_reference": "docker-stable-rootless-extras-24.0.9_ce-150000.1.8.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-zsh-completion-24.0.9_ce-150000.1.8.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:docker-stable-zsh-completion-24.0.9_ce-150000.1.8.1.noarch"
},
"product_reference": "docker-stable-zsh-completion-24.0.9_ce-150000.1.8.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.aarch64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.s390x"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.8.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-fish-completion-24.0.9_ce-150000.1.8.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:docker-stable-fish-completion-24.0.9_ce-150000.1.8.1.noarch"
},
"product_reference": "docker-stable-fish-completion-24.0.9_ce-150000.1.8.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-rootless-extras-24.0.9_ce-150000.1.8.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:docker-stable-rootless-extras-24.0.9_ce-150000.1.8.1.noarch"
},
"product_reference": "docker-stable-rootless-extras-24.0.9_ce-150000.1.8.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-zsh-completion-24.0.9_ce-150000.1.8.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:docker-stable-zsh-completion-24.0.9_ce-150000.1.8.1.noarch"
},
"product_reference": "docker-stable-zsh-completion-24.0.9_ce-150000.1.8.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-23653",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-23653"
}
],
"notes": [
{
"category": "general",
"text": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if special `security.insecure` entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request. The issue has been fixed in v0.12.5 . Avoid using BuildKit frontends from untrusted sources. \n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"openSUSE Leap 15.5:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.5:docker-stable-fish-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.5:docker-stable-rootless-extras-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.5:docker-stable-zsh-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"openSUSE Leap 15.6:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.6:docker-stable-fish-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.6:docker-stable-rootless-extras-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.6:docker-stable-zsh-completion-24.0.9_ce-150000.1.8.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-23653",
"url": "https://www.suse.com/security/cve/CVE-2024-23653"
},
{
"category": "external",
"summary": "SUSE Bug 1219438 for CVE-2024-23653",
"url": "https://bugzilla.suse.com/1219438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"openSUSE Leap 15.5:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.5:docker-stable-fish-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.5:docker-stable-rootless-extras-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.5:docker-stable-zsh-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"openSUSE Leap 15.6:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.6:docker-stable-fish-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.6:docker-stable-rootless-extras-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.6:docker-stable-zsh-completion-24.0.9_ce-150000.1.8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"openSUSE Leap 15.5:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.5:docker-stable-fish-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.5:docker-stable-rootless-extras-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.5:docker-stable-zsh-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"openSUSE Leap 15.6:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.6:docker-stable-fish-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.6:docker-stable-rootless-extras-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.6:docker-stable-zsh-completion-24.0.9_ce-150000.1.8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-20T09:13:20Z",
"details": "important"
}
],
"title": "CVE-2024-23653"
},
{
"cve": "CVE-2024-41110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41110"
}
],
"notes": [
{
"category": "general",
"text": "Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low.\n\nUsing a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.\n\nA security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.\n\nDocker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable.\n\ndocker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"openSUSE Leap 15.5:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.5:docker-stable-fish-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.5:docker-stable-rootless-extras-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.5:docker-stable-zsh-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"openSUSE Leap 15.6:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.6:docker-stable-fish-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.6:docker-stable-rootless-extras-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.6:docker-stable-zsh-completion-24.0.9_ce-150000.1.8.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41110",
"url": "https://www.suse.com/security/cve/CVE-2024-41110"
},
{
"category": "external",
"summary": "SUSE Bug 1228324 for CVE-2024-41110",
"url": "https://bugzilla.suse.com/1228324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"openSUSE Leap 15.5:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.5:docker-stable-fish-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.5:docker-stable-rootless-extras-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.5:docker-stable-zsh-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"openSUSE Leap 15.6:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.6:docker-stable-fish-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.6:docker-stable-rootless-extras-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.6:docker-stable-zsh-completion-24.0.9_ce-150000.1.8.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"openSUSE Leap 15.5:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.5:docker-stable-fish-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.5:docker-stable-rootless-extras-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.5:docker-stable-zsh-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.aarch64",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.ppc64le",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.s390x",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.8.1.x86_64",
"openSUSE Leap 15.6:docker-stable-bash-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.6:docker-stable-fish-completion-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.6:docker-stable-rootless-extras-24.0.9_ce-150000.1.8.1.noarch",
"openSUSE Leap 15.6:docker-stable-zsh-completion-24.0.9_ce-150000.1.8.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-20T09:13:20Z",
"details": "critical"
}
],
"title": "CVE-2024-41110"
}
]
}
SUSE-SU-2024:2709-1
Vulnerability from csaf_suse - Published: 2024-08-02 08:26 - Updated: 2024-08-02 08:26Summary
Security update for docker
Severity
Critical
Notes
Title of the patch: Security update for docker
Description of the patch: This update for docker fixes the following issues:
- Update to Docker 25.0.6-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/25.0/#2506>
- CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324)
- Fix BuildKit's symlink resolution logic to correctly handle non-lexical
symlinks. (bsc#1221916)
- Write volume options atomically so sudden system crashes won't result in
future Docker starts failing due to empty files. (bsc#1214855)
Patchnames: SUSE-2024-2709,SUSE-SLE-Module-Containers-12-2024-2709
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.9 (Critical)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 12:docker-25.0.6_ce-98.115.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 12:docker-25.0.6_ce-98.115.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 12:docker-25.0.6_ce-98.115.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for docker",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for docker fixes the following issues:\n\n- Update to Docker 25.0.6-ce. See upstream changelog online at\n \u003chttps://docs.docker.com/engine/release-notes/25.0/#2506\u003e\n\n- CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324)\n\n- Fix BuildKit\u0027s symlink resolution logic to correctly handle non-lexical\n symlinks. (bsc#1221916)\n- Write volume options atomically so sudden system crashes won\u0027t result in\n future Docker starts failing due to empty files. (bsc#1214855)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-2709,SUSE-SLE-Module-Containers-12-2024-2709",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_2709-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:2709-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20242709-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:2709-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019086.html"
},
{
"category": "self",
"summary": "SUSE Bug 1214855",
"url": "https://bugzilla.suse.com/1214855"
},
{
"category": "self",
"summary": "SUSE Bug 1221916",
"url": "https://bugzilla.suse.com/1221916"
},
{
"category": "self",
"summary": "SUSE Bug 1228324",
"url": "https://bugzilla.suse.com/1228324"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41110 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41110/"
}
],
"title": "Security update for docker",
"tracking": {
"current_release_date": "2024-08-02T08:26:40Z",
"generator": {
"date": "2024-08-02T08:26:40Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:2709-1",
"initial_release_date": "2024-08-02T08:26:40Z",
"revision_history": [
{
"date": "2024-08-02T08:26:40Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-25.0.6_ce-98.115.1.aarch64",
"product": {
"name": "docker-25.0.6_ce-98.115.1.aarch64",
"product_id": "docker-25.0.6_ce-98.115.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-25.0.6_ce-98.115.1.i586",
"product": {
"name": "docker-25.0.6_ce-98.115.1.i586",
"product_id": "docker-25.0.6_ce-98.115.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-bash-completion-25.0.6_ce-98.115.1.noarch",
"product": {
"name": "docker-bash-completion-25.0.6_ce-98.115.1.noarch",
"product_id": "docker-bash-completion-25.0.6_ce-98.115.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-fish-completion-25.0.6_ce-98.115.1.noarch",
"product": {
"name": "docker-fish-completion-25.0.6_ce-98.115.1.noarch",
"product_id": "docker-fish-completion-25.0.6_ce-98.115.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-rootless-extras-25.0.6_ce-98.115.1.noarch",
"product": {
"name": "docker-rootless-extras-25.0.6_ce-98.115.1.noarch",
"product_id": "docker-rootless-extras-25.0.6_ce-98.115.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-25.0.6_ce-98.115.1.noarch",
"product": {
"name": "docker-zsh-completion-25.0.6_ce-98.115.1.noarch",
"product_id": "docker-zsh-completion-25.0.6_ce-98.115.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-25.0.6_ce-98.115.1.ppc64le",
"product": {
"name": "docker-25.0.6_ce-98.115.1.ppc64le",
"product_id": "docker-25.0.6_ce-98.115.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-25.0.6_ce-98.115.1.s390x",
"product": {
"name": "docker-25.0.6_ce-98.115.1.s390x",
"product_id": "docker-25.0.6_ce-98.115.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-25.0.6_ce-98.115.1.x86_64",
"product": {
"name": "docker-25.0.6_ce-98.115.1.x86_64",
"product_id": "docker-25.0.6_ce-98.115.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 12",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-98.115.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:docker-25.0.6_ce-98.115.1.ppc64le"
},
"product_reference": "docker-25.0.6_ce-98.115.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-98.115.1.s390x as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:docker-25.0.6_ce-98.115.1.s390x"
},
"product_reference": "docker-25.0.6_ce-98.115.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-98.115.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:docker-25.0.6_ce-98.115.1.x86_64"
},
"product_reference": "docker-25.0.6_ce-98.115.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-41110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41110"
}
],
"notes": [
{
"category": "general",
"text": "Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low.\n\nUsing a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.\n\nA security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.\n\nDocker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable.\n\ndocker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:docker-25.0.6_ce-98.115.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-25.0.6_ce-98.115.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-25.0.6_ce-98.115.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41110",
"url": "https://www.suse.com/security/cve/CVE-2024-41110"
},
{
"category": "external",
"summary": "SUSE Bug 1228324 for CVE-2024-41110",
"url": "https://bugzilla.suse.com/1228324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:docker-25.0.6_ce-98.115.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-25.0.6_ce-98.115.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-25.0.6_ce-98.115.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:docker-25.0.6_ce-98.115.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-25.0.6_ce-98.115.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-25.0.6_ce-98.115.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-02T08:26:40Z",
"details": "critical"
}
],
"title": "CVE-2024-41110"
}
]
}
SUSE-SU-2024:3120-1
Vulnerability from csaf_suse - Published: 2024-09-03 15:13 - Updated: 2024-09-03 15:13Summary
Security update for buildah, docker
Severity
Critical
Notes
Title of the patch: Security update for buildah, docker
Description of the patch: This update for buildah, docker fixes the following issues:
Changes in docker:
- CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267)
- CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268)
- CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438)
- CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324)
Other fixes:
- Update to Docker 25.0.6-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/25.0/#2506>
- Update to Docker 25.0.5-ce (bsc#1223409)
- Fix BuildKit's symlink resolution logic to correctly handle non-lexical
symlinks. (bsc#1221916)
- Write volume options atomically so sudden system crashes won't result in
future Docker starts failing due to empty files. (bsc#1214855)
Changes in buildah:
- Update to version 1.35.4:
* [release-1.35] Bump to Buildah v1.35.4
* [release-1.35] CVE-2024-3727 updates (bsc#1224117)
* integration test: handle new labels in 'bud and test --unsetlabel'
* [release-1.35] Bump go-jose CVE-2024-28180
* [release-1.35] Bump ocicrypt and go-jose CVE-2024-28180
- Update to version 1.35.3:
* [release-1.35] Bump to Buildah v1.35.3
* [release-1.35] correctly configure /etc/hosts and resolv.conf
* [release-1.35] buildah: refactor resolv/hosts setup.
* [release-1.35] rename the hostFile var to reflect
* [release-1.35] Bump c/common to v0.58.1
* [release-1.35] Bump Buildah to v1.35.2
* [release-1.35] CVE-2024-24786 protobuf to 1.33
* [release-1.35] Bump to v1.35.2-dev
- Update to version 1.35.1:
* [release-1.35] Bump to v1.35.1
* [release-1.35] CVE-2024-1753 container escape fix (bsc#1221677)
- Buildah dropped cni support, require netavark instead (bsc#1221243)
- Remove obsolete requires libcontainers-image & libcontainers-storage
- Require passt for rootless networking (poo#156955)
Buildah moved to passt/pasta for rootless networking from slirp4netns
(https://github.com/containers/common/pull/1846)
- Update to version 1.35.0:
* Bump v1.35.0
* Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0
* conformance tests: don't break on trailing zeroes in layer blobs
* Add a conformance test for copying to a mounted prior stage
* fix(deps): update module github.com/stretchr/testify to v1.9.0
* cgroups: reuse version check from c/common
* Update vendor of containers/(common,image)
* fix(deps): update github.com/containers/storage digest to eadc620
* fix(deps): update github.com/containers/luksy digest to ceb12d4
* fix(deps): update github.com/containers/image/v5 digest to cdc6802
* manifest add: complain if we get artifact flags without --artifact
* Use retry logic from containers/common
* Vendor in containers/(storage,image,common)
* Update module golang.org/x/crypto to v0.20.0
* Add comment re: Total Success task name
* tests: skip_if_no_unshare(): check for --setuid
* Properly handle build --pull=false
* [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1
* Update module go.etcd.io/bbolt to v1.3.9
* Revert 'Reduce official image size'
* Update module github.com/opencontainers/image-spec to v1.1.0
* Reduce official image size
* Build with CNI support on FreeBSD
* build --all-platforms: skip some base 'image' platforms
* Bump main to v1.35.0-dev
* Vendor in latest containers/(storage,image,common)
* Split up error messages for missing --sbom related flags
* `buildah manifest`: add artifact-related options
* cmd/buildah/manifest.go: lock lists before adding/annotating/pushing
* cmd/buildah/manifest.go: don't make struct declarations aliases
* Use golang.org/x/exp/slices.Contains
* Disable loong64 again
* Fix a couple of typos in one-line comments
* egrep is obsolescent; use grep -E
* Try Cirrus with a newer VM version
* Set CONTAINERS_CONF in the chroot-mount-flags integration test
* Update to match dependency API update
* Update github.com/openshift/imagebuilder and containers/common
* docs: correct default authfile path
* fix(deps): update module github.com/containerd/containerd to v1.7.13
* tests: retrofit test for heredoc summary
* build, heredoc: show heredoc summary in build output
* manifest, push: add support for --retry and --retry-delay
* fix(deps): update github.com/openshift/imagebuilder digest to b767bc3
* imagebuildah: fix crash with empty RUN
* fix(deps): update github.com/containers/luksy digest to b62d551
* fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security]
* fix(deps): update module github.com/moby/buildkit to v0.12.5 [security]
* Make buildah match podman for handling of ulimits
* docs: move footnotes to where they're applicable
* Allow users to specify no-dereference
* Run codespell on code
* Fix FreeBSD version parsing
* Fix a build break on FreeBSD
* Remove a bad FROM line
* fix(deps): update module github.com/onsi/gomega to v1.31.1
* fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc6
* docs: use reversed logo for dark theme in README
* build,commit: add --sbom to scan and produce SBOMs when committing
* commit: force omitHistory if the parent has layers but no history
* docs: fix a couple of typos
* internal/mkcw.Archive(): handle extra image content
* stage_executor,heredoc: honor interpreter in heredoc
* stage_executor,layers: burst cache if heredoc content is changed
* fix(deps): update module golang.org/x/crypto to v0.18.0
* Replace map[K]bool with map[K]struct{} where it makes sense
* fix(deps): update module golang.org/x/sync to v0.6.0
* fix(deps): update module golang.org/x/term to v0.16.0
* Bump CI VMs
* Replace strings.SplitN with strings.Cut
* fix(deps): update github.com/containers/storage digest to ef81e9b
* fix(deps): update github.com/containers/image/v5 digest to 1b221d4
* fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.1
* Document use of containers-transports values in buildah
* fix(deps): update module golang.org/x/crypto to v0.17.0 [security]
* chore(deps): update dependency containers/automation_images to v20231208
* manifest: addCompression use default from containers.conf
* commit: add a --add-file flag
* mkcw: populate the rootfs using an overlay
* chore(deps): update dependency containers/automation_images to v20230517
* [skip-ci] Update actions/stale action to v9
* fix(deps): update module github.com/containernetworking/plugins to v1.4.0
* fix(deps): update github.com/containers/image/v5 digest to 7a40fee
* Bump to v1.34.1-dev
* Ignore errors if label.Relabel returns ENOSUP
Patchnames: SUSE-2024-3120,SUSE-SLE-Micro-5.3-2024-3120,SUSE-SLE-Micro-5.4-2024-3120,SUSE-SLE-Micro-5.5-2024-3120,SUSE-SLE-Module-Containers-15-SP5-2024-3120,SUSE-SLE-Module-Containers-15-SP6-2024-3120,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-3120,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-3120,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3120,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3120,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-3120,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-3120,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3120,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-3120,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-3120,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3120,SUSE-SUSE-MicroOS-5.1-2024-3120,SUSE-SUSE-MicroOS-5.2-2024-3120,SUSE-Storage-7.1-2024-3120,openSUSE-Leap-Micro-5.5-2024-3120,openSUSE-SLE-15.5-2024-3120,openSUSE-SLE-15.6-2024-3120
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.6 (High)
Affected products
Recommended
104 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
104 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.7 (Medium)
Affected products
Recommended
104 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
104 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
104 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
104 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.3 (High)
Affected products
Recommended
104 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.9 (Critical)
Affected products
Recommended
104 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-fish-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
38 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for buildah, docker",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for buildah, docker fixes the following issues:\n\nChanges in docker:\n- CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267)\n- CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268)\n- CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438)\n- CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324)\n\nOther fixes:\n\n- Update to Docker 25.0.6-ce. See upstream changelog online at\n \u003chttps://docs.docker.com/engine/release-notes/25.0/#2506\u003e\n- Update to Docker 25.0.5-ce (bsc#1223409)\n\n- Fix BuildKit\u0027s symlink resolution logic to correctly handle non-lexical\n symlinks. (bsc#1221916)\n- Write volume options atomically so sudden system crashes won\u0027t result in\n future Docker starts failing due to empty files. (bsc#1214855)\n\nChanges in buildah:\n- Update to version 1.35.4:\n * [release-1.35] Bump to Buildah v1.35.4\n * [release-1.35] CVE-2024-3727 updates (bsc#1224117)\n * integration test: handle new labels in \u0027bud and test --unsetlabel\u0027\n * [release-1.35] Bump go-jose CVE-2024-28180\n * [release-1.35] Bump ocicrypt and go-jose CVE-2024-28180\n\n- Update to version 1.35.3:\n * [release-1.35] Bump to Buildah v1.35.3\n * [release-1.35] correctly configure /etc/hosts and resolv.conf\n * [release-1.35] buildah: refactor resolv/hosts setup.\n * [release-1.35] rename the hostFile var to reflect\n * [release-1.35] Bump c/common to v0.58.1\n * [release-1.35] Bump Buildah to v1.35.2\n * [release-1.35] CVE-2024-24786 protobuf to 1.33\n * [release-1.35] Bump to v1.35.2-dev\n\n- Update to version 1.35.1:\n * [release-1.35] Bump to v1.35.1\n * [release-1.35] CVE-2024-1753 container escape fix (bsc#1221677)\n\n- Buildah dropped cni support, require netavark instead (bsc#1221243)\n\n- Remove obsolete requires libcontainers-image \u0026 libcontainers-storage\n\n- Require passt for rootless networking (poo#156955)\n Buildah moved to passt/pasta for rootless networking from slirp4netns\n (https://github.com/containers/common/pull/1846)\n\n- Update to version 1.35.0:\n * Bump v1.35.0\n * Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0\n * conformance tests: don\u0027t break on trailing zeroes in layer blobs\n * Add a conformance test for copying to a mounted prior stage\n * fix(deps): update module github.com/stretchr/testify to v1.9.0\n * cgroups: reuse version check from c/common\n * Update vendor of containers/(common,image)\n * fix(deps): update github.com/containers/storage digest to eadc620\n * fix(deps): update github.com/containers/luksy digest to ceb12d4\n * fix(deps): update github.com/containers/image/v5 digest to cdc6802\n * manifest add: complain if we get artifact flags without --artifact\n * Use retry logic from containers/common\n * Vendor in containers/(storage,image,common)\n * Update module golang.org/x/crypto to v0.20.0\n * Add comment re: Total Success task name\n * tests: skip_if_no_unshare(): check for --setuid\n * Properly handle build --pull=false\n * [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1\n * Update module go.etcd.io/bbolt to v1.3.9\n * Revert \u0027Reduce official image size\u0027\n * Update module github.com/opencontainers/image-spec to v1.1.0\n * Reduce official image size\n * Build with CNI support on FreeBSD\n * build --all-platforms: skip some base \u0027image\u0027 platforms\n * Bump main to v1.35.0-dev\n * Vendor in latest containers/(storage,image,common)\n * Split up error messages for missing --sbom related flags\n * `buildah manifest`: add artifact-related options\n * cmd/buildah/manifest.go: lock lists before adding/annotating/pushing\n * cmd/buildah/manifest.go: don\u0027t make struct declarations aliases\n * Use golang.org/x/exp/slices.Contains\n * Disable loong64 again\n * Fix a couple of typos in one-line comments\n * egrep is obsolescent; use grep -E\n * Try Cirrus with a newer VM version\n * Set CONTAINERS_CONF in the chroot-mount-flags integration test\n * Update to match dependency API update\n * Update github.com/openshift/imagebuilder and containers/common\n * docs: correct default authfile path\n * fix(deps): update module github.com/containerd/containerd to v1.7.13\n * tests: retrofit test for heredoc summary\n * build, heredoc: show heredoc summary in build output\n * manifest, push: add support for --retry and --retry-delay\n * fix(deps): update github.com/openshift/imagebuilder digest to b767bc3\n * imagebuildah: fix crash with empty RUN\n * fix(deps): update github.com/containers/luksy digest to b62d551\n * fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security]\n * fix(deps): update module github.com/moby/buildkit to v0.12.5 [security]\n * Make buildah match podman for handling of ulimits\n * docs: move footnotes to where they\u0027re applicable\n * Allow users to specify no-dereference\n * Run codespell on code\n * Fix FreeBSD version parsing\n * Fix a build break on FreeBSD\n * Remove a bad FROM line\n * fix(deps): update module github.com/onsi/gomega to v1.31.1\n * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc6\n * docs: use reversed logo for dark theme in README\n * build,commit: add --sbom to scan and produce SBOMs when committing\n * commit: force omitHistory if the parent has layers but no history\n * docs: fix a couple of typos\n * internal/mkcw.Archive(): handle extra image content\n * stage_executor,heredoc: honor interpreter in heredoc\n * stage_executor,layers: burst cache if heredoc content is changed\n * fix(deps): update module golang.org/x/crypto to v0.18.0\n * Replace map[K]bool with map[K]struct{} where it makes sense\n * fix(deps): update module golang.org/x/sync to v0.6.0\n * fix(deps): update module golang.org/x/term to v0.16.0\n * Bump CI VMs\n * Replace strings.SplitN with strings.Cut\n * fix(deps): update github.com/containers/storage digest to ef81e9b\n * fix(deps): update github.com/containers/image/v5 digest to 1b221d4\n * fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.1\n * Document use of containers-transports values in buildah\n * fix(deps): update module golang.org/x/crypto to v0.17.0 [security]\n * chore(deps): update dependency containers/automation_images to v20231208\n * manifest: addCompression use default from containers.conf\n * commit: add a --add-file flag\n * mkcw: populate the rootfs using an overlay\n * chore(deps): update dependency containers/automation_images to v20230517\n * [skip-ci] Update actions/stale action to v9\n * fix(deps): update module github.com/containernetworking/plugins to v1.4.0\n * fix(deps): update github.com/containers/image/v5 digest to 7a40fee\n * Bump to v1.34.1-dev\n * Ignore errors if label.Relabel returns ENOSUP\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-3120,SUSE-SLE-Micro-5.3-2024-3120,SUSE-SLE-Micro-5.4-2024-3120,SUSE-SLE-Micro-5.5-2024-3120,SUSE-SLE-Module-Containers-15-SP5-2024-3120,SUSE-SLE-Module-Containers-15-SP6-2024-3120,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-3120,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-3120,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3120,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3120,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-3120,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-3120,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3120,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-3120,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-3120,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3120,SUSE-SUSE-MicroOS-5.1-2024-3120,SUSE-SUSE-MicroOS-5.2-2024-3120,SUSE-Storage-7.1-2024-3120,openSUSE-Leap-Micro-5.5-2024-3120,openSUSE-SLE-15.5-2024-3120,openSUSE-SLE-15.6-2024-3120",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_3120-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:3120-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243120-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:3120-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-September/036751.html"
},
{
"category": "self",
"summary": "SUSE Bug 1214855",
"url": "https://bugzilla.suse.com/1214855"
},
{
"category": "self",
"summary": "SUSE Bug 1219267",
"url": "https://bugzilla.suse.com/1219267"
},
{
"category": "self",
"summary": "SUSE Bug 1219268",
"url": "https://bugzilla.suse.com/1219268"
},
{
"category": "self",
"summary": "SUSE Bug 1219438",
"url": "https://bugzilla.suse.com/1219438"
},
{
"category": "self",
"summary": "SUSE Bug 1221243",
"url": "https://bugzilla.suse.com/1221243"
},
{
"category": "self",
"summary": "SUSE Bug 1221677",
"url": "https://bugzilla.suse.com/1221677"
},
{
"category": "self",
"summary": "SUSE Bug 1221916",
"url": "https://bugzilla.suse.com/1221916"
},
{
"category": "self",
"summary": "SUSE Bug 1223409",
"url": "https://bugzilla.suse.com/1223409"
},
{
"category": "self",
"summary": "SUSE Bug 1224117",
"url": "https://bugzilla.suse.com/1224117"
},
{
"category": "self",
"summary": "SUSE Bug 1228324",
"url": "https://bugzilla.suse.com/1228324"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-1753 page",
"url": "https://www.suse.com/security/cve/CVE-2024-1753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-23651 page",
"url": "https://www.suse.com/security/cve/CVE-2024-23651/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-23652 page",
"url": "https://www.suse.com/security/cve/CVE-2024-23652/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-23653 page",
"url": "https://www.suse.com/security/cve/CVE-2024-23653/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-24786 page",
"url": "https://www.suse.com/security/cve/CVE-2024-24786/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-28180 page",
"url": "https://www.suse.com/security/cve/CVE-2024-28180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-3727 page",
"url": "https://www.suse.com/security/cve/CVE-2024-3727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41110 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41110/"
}
],
"title": "Security update for buildah, docker",
"tracking": {
"current_release_date": "2024-09-03T15:13:23Z",
"generator": {
"date": "2024-09-03T15:13:23Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:3120-1",
"initial_release_date": "2024-09-03T15:13:23Z",
"revision_history": [
{
"date": "2024-09-03T15:13:23Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.35.4-150300.8.25.1.aarch64",
"product": {
"name": "buildah-1.35.4-150300.8.25.1.aarch64",
"product_id": "buildah-1.35.4-150300.8.25.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-25.0.6_ce-150000.207.1.aarch64",
"product": {
"name": "docker-25.0.6_ce-150000.207.1.aarch64",
"product_id": "docker-25.0.6_ce-150000.207.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.35.4-150300.8.25.1.i586",
"product": {
"name": "buildah-1.35.4-150300.8.25.1.i586",
"product_id": "buildah-1.35.4-150300.8.25.1.i586"
}
},
{
"category": "product_version",
"name": "docker-25.0.6_ce-150000.207.1.i586",
"product": {
"name": "docker-25.0.6_ce-150000.207.1.i586",
"product_id": "docker-25.0.6_ce-150000.207.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"product": {
"name": "docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"product_id": "docker-bash-completion-25.0.6_ce-150000.207.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"product": {
"name": "docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"product_id": "docker-fish-completion-25.0.6_ce-150000.207.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"product": {
"name": "docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"product_id": "docker-rootless-extras-25.0.6_ce-150000.207.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"product": {
"name": "docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"product_id": "docker-zsh-completion-25.0.6_ce-150000.207.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.35.4-150300.8.25.1.ppc64le",
"product": {
"name": "buildah-1.35.4-150300.8.25.1.ppc64le",
"product_id": "buildah-1.35.4-150300.8.25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-25.0.6_ce-150000.207.1.ppc64le",
"product": {
"name": "docker-25.0.6_ce-150000.207.1.ppc64le",
"product_id": "docker-25.0.6_ce-150000.207.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.35.4-150300.8.25.1.s390x",
"product": {
"name": "buildah-1.35.4-150300.8.25.1.s390x",
"product_id": "buildah-1.35.4-150300.8.25.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-25.0.6_ce-150000.207.1.s390x",
"product": {
"name": "docker-25.0.6_ce-150000.207.1.s390x",
"product_id": "docker-25.0.6_ce-150000.207.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.35.4-150300.8.25.1.x86_64",
"product": {
"name": "buildah-1.35.4-150300.8.25.1.x86_64",
"product_id": "buildah-1.35.4-150300.8.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-25.0.6_ce-150000.207.1.x86_64",
"product": {
"name": "docker-25.0.6_ce-150000.207.1.x86_64",
"product_id": "docker-25.0.6_ce-150000.207.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap Micro 5.5",
"product": {
"name": "openSUSE Leap Micro 5.5",
"product_id": "openSUSE Leap Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap-micro:5.5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.aarch64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.s390x"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.x86_64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.aarch64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.s390x as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.s390x"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.x86_64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.ppc64le"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.aarch64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.ppc64le"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.s390x"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.x86_64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-25.0.6_ce-150000.207.1.noarch as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch"
},
"product_reference": "docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-rootless-extras-25.0.6_ce-150000.207.1.noarch as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch"
},
"product_reference": "docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.aarch64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.ppc64le"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.s390x"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.x86_64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-25.0.6_ce-150000.207.1.noarch as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch"
},
"product_reference": "docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-rootless-extras-25.0.6_ce-150000.207.1.noarch as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch"
},
"product_reference": "docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-25.0.6_ce-150000.207.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch"
},
"product_reference": "docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150300.8.25.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64"
},
"product_reference": "buildah-1.35.4-150300.8.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150300.8.25.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64"
},
"product_reference": "buildah-1.35.4-150300.8.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-25.0.6_ce-150000.207.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch"
},
"product_reference": "docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-fish-completion-25.0.6_ce-150000.207.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch"
},
"product_reference": "docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.aarch64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.x86_64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-25.0.6_ce-150000.207.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch"
},
"product_reference": "docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-rootless-extras-25.0.6_ce-150000.207.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch"
},
"product_reference": "docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-25.0.6_ce-150000.207.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch"
},
"product_reference": "docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-rootless-extras-25.0.6_ce-150000.207.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch"
},
"product_reference": "docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.s390x"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-25.0.6_ce-150000.207.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch"
},
"product_reference": "docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150300.8.25.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64"
},
"product_reference": "buildah-1.35.4-150300.8.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150300.8.25.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.ppc64le"
},
"product_reference": "buildah-1.35.4-150300.8.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150300.8.25.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.s390x"
},
"product_reference": "buildah-1.35.4-150300.8.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150300.8.25.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64"
},
"product_reference": "buildah-1.35.4-150300.8.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.s390x"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-25.0.6_ce-150000.207.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch"
},
"product_reference": "docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-fish-completion-25.0.6_ce-150000.207.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch"
},
"product_reference": "docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.s390x"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-25.0.6_ce-150000.207.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch"
},
"product_reference": "docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-rootless-extras-25.0.6_ce-150000.207.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch"
},
"product_reference": "docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.ppc64le"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.x86_64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-25.0.6_ce-150000.207.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-25.0.6_ce-150000.207.1.noarch"
},
"product_reference": "docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150300.8.25.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.ppc64le"
},
"product_reference": "buildah-1.35.4-150300.8.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150300.8.25.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.x86_64"
},
"product_reference": "buildah-1.35.4-150300.8.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.ppc64le"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.x86_64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-25.0.6_ce-150000.207.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-25.0.6_ce-150000.207.1.noarch"
},
"product_reference": "docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-fish-completion-25.0.6_ce-150000.207.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-25.0.6_ce-150000.207.1.noarch"
},
"product_reference": "docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.ppc64le"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.x86_64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-25.0.6_ce-150000.207.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-25.0.6_ce-150000.207.1.noarch"
},
"product_reference": "docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-rootless-extras-25.0.6_ce-150000.207.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch"
},
"product_reference": "docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.aarch64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.s390x"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.x86_64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.aarch64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.s390x"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.x86_64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150300.8.25.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.aarch64"
},
"product_reference": "buildah-1.35.4-150300.8.25.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.35.4-150300.8.25.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.x86_64"
},
"product_reference": "buildah-1.35.4-150300.8.25.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.aarch64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.x86_64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-25.0.6_ce-150000.207.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:docker-bash-completion-25.0.6_ce-150000.207.1.noarch"
},
"product_reference": "docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-fish-completion-25.0.6_ce-150000.207.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:docker-fish-completion-25.0.6_ce-150000.207.1.noarch"
},
"product_reference": "docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.aarch64 as component of openSUSE Leap Micro 5.5",
"product_id": "openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.aarch64",
"relates_to_product_reference": "openSUSE Leap Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.s390x as component of openSUSE Leap Micro 5.5",
"product_id": "openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.s390x",
"relates_to_product_reference": "openSUSE Leap Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.x86_64 as component of openSUSE Leap Micro 5.5",
"product_id": "openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.x86_64",
"relates_to_product_reference": "openSUSE Leap Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.aarch64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.ppc64le"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.s390x"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.x86_64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-25.0.6_ce-150000.207.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch"
},
"product_reference": "docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-fish-completion-25.0.6_ce-150000.207.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:docker-fish-completion-25.0.6_ce-150000.207.1.noarch"
},
"product_reference": "docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-rootless-extras-25.0.6_ce-150000.207.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch"
},
"product_reference": "docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-zsh-completion-25.0.6_ce-150000.207.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch"
},
"product_reference": "docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.aarch64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.ppc64le"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.s390x"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-25.0.6_ce-150000.207.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.x86_64"
},
"product_reference": "docker-25.0.6_ce-150000.207.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-25.0.6_ce-150000.207.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch"
},
"product_reference": "docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-fish-completion-25.0.6_ce-150000.207.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:docker-fish-completion-25.0.6_ce-150000.207.1.noarch"
},
"product_reference": "docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-rootless-extras-25.0.6_ce-150000.207.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch"
},
"product_reference": "docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-zsh-completion-25.0.6_ce-150000.207.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch"
},
"product_reference": "docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-1753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-1753"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Enterprise Storage 7.1:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-1753",
"url": "https://www.suse.com/security/cve/CVE-2024-1753"
},
{
"category": "external",
"summary": "SUSE Bug 1221677 for CVE-2024-1753",
"url": "https://bugzilla.suse.com/1221677"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Enterprise Storage 7.1:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Enterprise Storage 7.1:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-03T15:13:23Z",
"details": "important"
}
],
"title": "CVE-2024-1753"
},
{
"cve": "CVE-2024-23651",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-23651"
}
],
"notes": [
{
"category": "general",
"text": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container. The issue has been fixed in v0.12.5. Workarounds include, avoiding using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with --mount=type=cache,source=... options.\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Enterprise Storage 7.1:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-23651",
"url": "https://www.suse.com/security/cve/CVE-2024-23651"
},
{
"category": "external",
"summary": "SUSE Bug 1219267 for CVE-2024-23651",
"url": "https://bugzilla.suse.com/1219267"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Enterprise Storage 7.1:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Enterprise Storage 7.1:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-03T15:13:23Z",
"details": "important"
}
],
"title": "CVE-2024-23651"
},
{
"cve": "CVE-2024-23652",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-23652"
}
],
"notes": [
{
"category": "general",
"text": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file outside the container, from the host system. The issue has been fixed in v0.12.5. Workarounds include avoiding using BuildKit frontends from an untrusted source or building an untrusted Dockerfile containing RUN --mount feature.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Enterprise Storage 7.1:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-23652",
"url": "https://www.suse.com/security/cve/CVE-2024-23652"
},
{
"category": "external",
"summary": "SUSE Bug 1219268 for CVE-2024-23652",
"url": "https://bugzilla.suse.com/1219268"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Enterprise Storage 7.1:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Enterprise Storage 7.1:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-03T15:13:23Z",
"details": "moderate"
}
],
"title": "CVE-2024-23652"
},
{
"cve": "CVE-2024-23653",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-23653"
}
],
"notes": [
{
"category": "general",
"text": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if special `security.insecure` entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request. The issue has been fixed in v0.12.5 . Avoid using BuildKit frontends from untrusted sources. \n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Enterprise Storage 7.1:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-23653",
"url": "https://www.suse.com/security/cve/CVE-2024-23653"
},
{
"category": "external",
"summary": "SUSE Bug 1219438 for CVE-2024-23653",
"url": "https://bugzilla.suse.com/1219438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Enterprise Storage 7.1:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Enterprise Storage 7.1:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-03T15:13:23Z",
"details": "important"
}
],
"title": "CVE-2024-23653"
},
{
"cve": "CVE-2024-24786",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-24786"
}
],
"notes": [
{
"category": "general",
"text": "The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Enterprise Storage 7.1:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-24786",
"url": "https://www.suse.com/security/cve/CVE-2024-24786"
},
{
"category": "external",
"summary": "SUSE Bug 1226136 for CVE-2024-24786",
"url": "https://bugzilla.suse.com/1226136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Enterprise Storage 7.1:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Enterprise Storage 7.1:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-03T15:13:23Z",
"details": "important"
}
],
"title": "CVE-2024-24786"
},
{
"cve": "CVE-2024-28180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-28180"
}
],
"notes": [
{
"category": "general",
"text": "Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Enterprise Storage 7.1:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-28180",
"url": "https://www.suse.com/security/cve/CVE-2024-28180"
},
{
"category": "external",
"summary": "SUSE Bug 1234984 for CVE-2024-28180",
"url": "https://bugzilla.suse.com/1234984"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Enterprise Storage 7.1:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Enterprise Storage 7.1:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-03T15:13:23Z",
"details": "moderate"
}
],
"title": "CVE-2024-28180"
},
{
"cve": "CVE-2024-3727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-3727"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Enterprise Storage 7.1:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-3727",
"url": "https://www.suse.com/security/cve/CVE-2024-3727"
},
{
"category": "external",
"summary": "SUSE Bug 1224112 for CVE-2024-3727",
"url": "https://bugzilla.suse.com/1224112"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Enterprise Storage 7.1:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Enterprise Storage 7.1:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-03T15:13:23Z",
"details": "important"
}
],
"title": "CVE-2024-3727"
},
{
"cve": "CVE-2024-41110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41110"
}
],
"notes": [
{
"category": "general",
"text": "Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low.\n\nUsing a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.\n\nA security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.\n\nDocker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable.\n\ndocker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Enterprise Storage 7.1:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41110",
"url": "https://www.suse.com/security/cve/CVE-2024-41110"
},
{
"category": "external",
"summary": "SUSE Bug 1228324 for CVE-2024-41110",
"url": "https://bugzilla.suse.com/1228324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Enterprise Storage 7.1:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Enterprise Storage 7.1:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Enterprise Storage 7.1:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.1:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:buildah-1.35.4-150300.8.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-25.0.6_ce-150000.207.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.5:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.5:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.5:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.ppc64le",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap 15.6:docker-25.0.6_ce-150000.207.1.x86_64",
"openSUSE Leap 15.6:docker-bash-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-fish-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-rootless-extras-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap 15.6:docker-zsh-completion-25.0.6_ce-150000.207.1.noarch",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.aarch64",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.s390x",
"openSUSE Leap Micro 5.5:docker-25.0.6_ce-150000.207.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-03T15:13:23Z",
"details": "critical"
}
],
"title": "CVE-2024-41110"
}
]
}
SUSE-SU-2024:4204-1
Vulnerability from csaf_suse - Published: 2024-12-05 14:57 - Updated: 2024-12-05 14:57Summary
Security update for docker-stable
Severity
Important
Notes
Title of the patch: Security update for docker-stable
Description of the patch: This update for docker-stable fixes the following issues:
- CVE-2024-41110: Fixed Authz zero length regression (bsc#1228324).
Bug fixes:
- Allow users to disable SUSE secrets support by setting DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker (bsc#1231348).
- Import specfile changes for docker-buildx as well as the changes to help reduce specfile differences between docker-stable and docker (bsc#1230331, bsc#1230333).
- Fix BuildKit's symlink resolution logic to correctly handle non-lexical symlinks (bsc#1221916).
- Write volume options atomically so sudden system crashes won't result in future Docker starts failing due to empty files (bsc#1214855).
Patchnames: SUSE-2024-4204,SUSE-SLE-Module-Containers-15-SP5-2024-4204,SUSE-SLE-Module-Containers-15-SP6-2024-4204,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-4204,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-4204,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-4204,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-4204,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4204,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-4204,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-4204,SUSE-Storage-7.1-2024-4204,openSUSE-SLE-15.5-2024-4204,openSUSE-SLE-15.6-2024-4204
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.9 (Critical)
Affected products
Recommended
54 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-stable-24.0.9_ce-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-stable-24.0.9_ce-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-24.0.9_ce-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-24.0.9_ce-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-24.0.9_ce-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-24.0.9_ce-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-stable-fish-completion-24.0.9_ce-150000.1.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-stable-rootless-extras-24.0.9_ce-150000.1.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:docker-stable-zsh-completion-24.0.9_ce-150000.1.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-stable-fish-completion-24.0.9_ce-150000.1.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-stable-rootless-extras-24.0.9_ce-150000.1.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:docker-stable-zsh-completion-24.0.9_ce-150000.1.5.1.noarch | — |
Vendor Fix
|
Threats
Impact
critical
References
13 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for docker-stable",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for docker-stable fixes the following issues:\n\n- CVE-2024-41110: Fixed Authz zero length regression (bsc#1228324).\n\nBug fixes:\n\n- Allow users to disable SUSE secrets support by setting DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker (bsc#1231348).\n- Import specfile changes for docker-buildx as well as the changes to help reduce specfile differences between docker-stable and docker (bsc#1230331, bsc#1230333).\n- Fix BuildKit\u0027s symlink resolution logic to correctly handle non-lexical symlinks (bsc#1221916).\n- Write volume options atomically so sudden system crashes won\u0027t result in future Docker starts failing due to empty files (bsc#1214855).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-4204,SUSE-SLE-Module-Containers-15-SP5-2024-4204,SUSE-SLE-Module-Containers-15-SP6-2024-4204,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-4204,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-4204,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-4204,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-4204,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4204,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-4204,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-4204,SUSE-Storage-7.1-2024-4204,openSUSE-SLE-15.5-2024-4204,openSUSE-SLE-15.6-2024-4204",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_4204-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:4204-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244204-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:4204-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/019930.html"
},
{
"category": "self",
"summary": "SUSE Bug 1214855",
"url": "https://bugzilla.suse.com/1214855"
},
{
"category": "self",
"summary": "SUSE Bug 1221916",
"url": "https://bugzilla.suse.com/1221916"
},
{
"category": "self",
"summary": "SUSE Bug 1228324",
"url": "https://bugzilla.suse.com/1228324"
},
{
"category": "self",
"summary": "SUSE Bug 1230331",
"url": "https://bugzilla.suse.com/1230331"
},
{
"category": "self",
"summary": "SUSE Bug 1230333",
"url": "https://bugzilla.suse.com/1230333"
},
{
"category": "self",
"summary": "SUSE Bug 1231348",
"url": "https://bugzilla.suse.com/1231348"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41110 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41110/"
}
],
"title": "Security update for docker-stable",
"tracking": {
"current_release_date": "2024-12-05T14:57:37Z",
"generator": {
"date": "2024-12-05T14:57:37Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:4204-1",
"initial_release_date": "2024-12-05T14:57:37Z",
"revision_history": [
{
"date": "2024-12-05T14:57:37Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"product": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"product_id": "docker-stable-24.0.9_ce-150000.1.5.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-150000.1.5.1.i586",
"product": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.i586",
"product_id": "docker-stable-24.0.9_ce-150000.1.5.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"product": {
"name": "docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"product_id": "docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-stable-fish-completion-24.0.9_ce-150000.1.5.1.noarch",
"product": {
"name": "docker-stable-fish-completion-24.0.9_ce-150000.1.5.1.noarch",
"product_id": "docker-stable-fish-completion-24.0.9_ce-150000.1.5.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-stable-rootless-extras-24.0.9_ce-150000.1.5.1.noarch",
"product": {
"name": "docker-stable-rootless-extras-24.0.9_ce-150000.1.5.1.noarch",
"product_id": "docker-stable-rootless-extras-24.0.9_ce-150000.1.5.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-stable-zsh-completion-24.0.9_ce-150000.1.5.1.noarch",
"product": {
"name": "docker-stable-zsh-completion-24.0.9_ce-150000.1.5.1.noarch",
"product_id": "docker-stable-zsh-completion-24.0.9_ce-150000.1.5.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-150000.1.5.1.ppc64le",
"product": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.ppc64le",
"product_id": "docker-stable-24.0.9_ce-150000.1.5.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-150000.1.5.1.s390x",
"product": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.s390x",
"product_id": "docker-stable-24.0.9_ce-150000.1.5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"product": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"product_id": "docker-stable-24.0.9_ce-150000.1.5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.5.1.aarch64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.5.1.s390x"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.5.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch as component of SUSE Linux Enterprise Module for Containers 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.5.1.aarch64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.5.1.s390x"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.5.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.aarch64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-24.0.9_ce-150000.1.5.1.aarch64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-24.0.9_ce-150000.1.5.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.aarch64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.aarch64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.s390x"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.aarch64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.s390x"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-24.0.9_ce-150000.1.5.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-24.0.9_ce-150000.1.5.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:docker-stable-24.0.9_ce-150000.1.5.1.aarch64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:docker-stable-24.0.9_ce-150000.1.5.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.5.1.aarch64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.5.1.s390x"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.5.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-fish-completion-24.0.9_ce-150000.1.5.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:docker-stable-fish-completion-24.0.9_ce-150000.1.5.1.noarch"
},
"product_reference": "docker-stable-fish-completion-24.0.9_ce-150000.1.5.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-rootless-extras-24.0.9_ce-150000.1.5.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:docker-stable-rootless-extras-24.0.9_ce-150000.1.5.1.noarch"
},
"product_reference": "docker-stable-rootless-extras-24.0.9_ce-150000.1.5.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-zsh-completion-24.0.9_ce-150000.1.5.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:docker-stable-zsh-completion-24.0.9_ce-150000.1.5.1.noarch"
},
"product_reference": "docker-stable-zsh-completion-24.0.9_ce-150000.1.5.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.5.1.aarch64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.5.1.s390x"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-150000.1.5.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.5.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-fish-completion-24.0.9_ce-150000.1.5.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:docker-stable-fish-completion-24.0.9_ce-150000.1.5.1.noarch"
},
"product_reference": "docker-stable-fish-completion-24.0.9_ce-150000.1.5.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-rootless-extras-24.0.9_ce-150000.1.5.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:docker-stable-rootless-extras-24.0.9_ce-150000.1.5.1.noarch"
},
"product_reference": "docker-stable-rootless-extras-24.0.9_ce-150000.1.5.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-zsh-completion-24.0.9_ce-150000.1.5.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:docker-stable-zsh-completion-24.0.9_ce-150000.1.5.1.noarch"
},
"product_reference": "docker-stable-zsh-completion-24.0.9_ce-150000.1.5.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-41110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41110"
}
],
"notes": [
{
"category": "general",
"text": "Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low.\n\nUsing a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.\n\nA security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.\n\nDocker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable.\n\ndocker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.5.1.s390x",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"openSUSE Leap 15.5:docker-stable-fish-completion-24.0.9_ce-150000.1.5.1.noarch",
"openSUSE Leap 15.5:docker-stable-rootless-extras-24.0.9_ce-150000.1.5.1.noarch",
"openSUSE Leap 15.5:docker-stable-zsh-completion-24.0.9_ce-150000.1.5.1.noarch",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.5.1.s390x",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"openSUSE Leap 15.6:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"openSUSE Leap 15.6:docker-stable-fish-completion-24.0.9_ce-150000.1.5.1.noarch",
"openSUSE Leap 15.6:docker-stable-rootless-extras-24.0.9_ce-150000.1.5.1.noarch",
"openSUSE Leap 15.6:docker-stable-zsh-completion-24.0.9_ce-150000.1.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41110",
"url": "https://www.suse.com/security/cve/CVE-2024-41110"
},
{
"category": "external",
"summary": "SUSE Bug 1228324 for CVE-2024-41110",
"url": "https://bugzilla.suse.com/1228324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.5.1.s390x",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"openSUSE Leap 15.5:docker-stable-fish-completion-24.0.9_ce-150000.1.5.1.noarch",
"openSUSE Leap 15.5:docker-stable-rootless-extras-24.0.9_ce-150000.1.5.1.noarch",
"openSUSE Leap 15.5:docker-stable-zsh-completion-24.0.9_ce-150000.1.5.1.noarch",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.5.1.s390x",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"openSUSE Leap 15.6:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"openSUSE Leap 15.6:docker-stable-fish-completion-24.0.9_ce-150000.1.5.1.noarch",
"openSUSE Leap 15.6:docker-stable-rootless-extras-24.0.9_ce-150000.1.5.1.noarch",
"openSUSE Leap 15.6:docker-stable-zsh-completion-24.0.9_ce-150000.1.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"SUSE Enterprise Storage 7.1:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"SUSE Enterprise Storage 7.1:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP5:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.5.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.5.1.s390x",
"openSUSE Leap 15.5:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"openSUSE Leap 15.5:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"openSUSE Leap 15.5:docker-stable-fish-completion-24.0.9_ce-150000.1.5.1.noarch",
"openSUSE Leap 15.5:docker-stable-rootless-extras-24.0.9_ce-150000.1.5.1.noarch",
"openSUSE Leap 15.5:docker-stable-zsh-completion-24.0.9_ce-150000.1.5.1.noarch",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.5.1.aarch64",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.5.1.ppc64le",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.5.1.s390x",
"openSUSE Leap 15.6:docker-stable-24.0.9_ce-150000.1.5.1.x86_64",
"openSUSE Leap 15.6:docker-stable-bash-completion-24.0.9_ce-150000.1.5.1.noarch",
"openSUSE Leap 15.6:docker-stable-fish-completion-24.0.9_ce-150000.1.5.1.noarch",
"openSUSE Leap 15.6:docker-stable-rootless-extras-24.0.9_ce-150000.1.5.1.noarch",
"openSUSE Leap 15.6:docker-stable-zsh-completion-24.0.9_ce-150000.1.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-05T14:57:37Z",
"details": "critical"
}
],
"title": "CVE-2024-41110"
}
]
}
SUSE-SU-2024:4205-1
Vulnerability from csaf_suse - Published: 2024-12-05 14:58 - Updated: 2024-12-05 14:58Summary
Security update for docker-stable
Severity
Moderate
Notes
Title of the patch: Security update for docker-stable
Description of the patch: This update for docker-stable fixes the following issues:
- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from
sysconfig a long time ago, and apparently this causes issues with systemd in
some cases.
- Update --add-runtime to point to correct binary path.
- Further merge docker and docker-stable specfiles to minimise the differences.
The main thing is that we now include both halves of the
Conflicts/Provides/Obsoletes dance in both specfiles.
- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we
are replacing. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.17.1>
- Allow users to disable SUSE secrets support by setting
DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. bsc#1231348
- Import specfile changes for docker-buildx as well as the changes to help
reduce specfile differences between docker-stable and docker. bsc#1230331
bsc#1230333
- Backport patch for CVE-2024-41110. bsc#1228324
- Initial docker-stable release, forked from Docker 24.0.6-ce release
(packaged on 2023-10-11).
- Update to Docker 24.0.9-ce, which is the latest version of the 24.0.x branch.
It seems likely this will be the last upstream version of the 24.0.x branch
(it seems Mirantis is going to do LTS for 23.0.x, not 24.0.x).
<https://docs.docker.com/engine/release-notes/24.0/#2409>
- Fix BuildKit's symlink resolution logic to correctly handle non-lexical
symlinks. Backport of <https://github.com/moby/buildkit/pull/4896> and
<https://github.com/moby/buildkit/pull/5060>. bsc#1221916
- Write volume options atomically so sudden system crashes won't result in
future Docker starts failing due to empty files. Backport of
<https://github.com/moby/moby/pull/48034>. bsc#1214855
Patchnames: SUSE-2024-4205,SUSE-SLE-SERVER-12-SP5-LTSS-2024-4205,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2024-4205
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.9 (Critical)
Affected products
Recommended
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.5.1.noarch | — |
Vendor Fix
|
Threats
Impact
critical
References
13 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for docker-stable",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for docker-stable fixes the following issues:\n\n- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from\n sysconfig a long time ago, and apparently this causes issues with systemd in\n some cases.\n- Update --add-runtime to point to correct binary path.\n\n- Further merge docker and docker-stable specfiles to minimise the differences.\n The main thing is that we now include both halves of the\n Conflicts/Provides/Obsoletes dance in both specfiles.\n\n- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we\n are replacing. See upstream changelog online at\n \u003chttps://github.com/docker/buildx/releases/tag/v0.17.1\u003e\n\n- Allow users to disable SUSE secrets support by setting\n DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. bsc#1231348\n\n- Import specfile changes for docker-buildx as well as the changes to help\n reduce specfile differences between docker-stable and docker. bsc#1230331\n bsc#1230333\n\n- Backport patch for CVE-2024-41110. bsc#1228324\n\n- Initial docker-stable release, forked from Docker 24.0.6-ce release\n (packaged on 2023-10-11).\n\n- Update to Docker 24.0.9-ce, which is the latest version of the 24.0.x branch.\n It seems likely this will be the last upstream version of the 24.0.x branch\n (it seems Mirantis is going to do LTS for 23.0.x, not 24.0.x).\n \u003chttps://docs.docker.com/engine/release-notes/24.0/#2409\u003e\n- Fix BuildKit\u0027s symlink resolution logic to correctly handle non-lexical\n symlinks. Backport of \u003chttps://github.com/moby/buildkit/pull/4896\u003e and\n \u003chttps://github.com/moby/buildkit/pull/5060\u003e. bsc#1221916\n- Write volume options atomically so sudden system crashes won\u0027t result in\n future Docker starts failing due to empty files. Backport of\n \u003chttps://github.com/moby/moby/pull/48034\u003e. bsc#1214855\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-4205,SUSE-SLE-SERVER-12-SP5-LTSS-2024-4205,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2024-4205",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_4205-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:4205-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244205-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:4205-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/019929.html"
},
{
"category": "self",
"summary": "SUSE Bug 1214855",
"url": "https://bugzilla.suse.com/1214855"
},
{
"category": "self",
"summary": "SUSE Bug 1221916",
"url": "https://bugzilla.suse.com/1221916"
},
{
"category": "self",
"summary": "SUSE Bug 1228324",
"url": "https://bugzilla.suse.com/1228324"
},
{
"category": "self",
"summary": "SUSE Bug 1230331",
"url": "https://bugzilla.suse.com/1230331"
},
{
"category": "self",
"summary": "SUSE Bug 1230333",
"url": "https://bugzilla.suse.com/1230333"
},
{
"category": "self",
"summary": "SUSE Bug 1231348",
"url": "https://bugzilla.suse.com/1231348"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-41110 page",
"url": "https://www.suse.com/security/cve/CVE-2024-41110/"
}
],
"title": "Security update for docker-stable",
"tracking": {
"current_release_date": "2024-12-05T14:58:02Z",
"generator": {
"date": "2024-12-05T14:58:02Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:4205-1",
"initial_release_date": "2024-12-05T14:58:02Z",
"revision_history": [
{
"date": "2024-12-05T14:58:02Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-1.5.1.aarch64",
"product": {
"name": "docker-stable-24.0.9_ce-1.5.1.aarch64",
"product_id": "docker-stable-24.0.9_ce-1.5.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-1.5.1.i586",
"product": {
"name": "docker-stable-24.0.9_ce-1.5.1.i586",
"product_id": "docker-stable-24.0.9_ce-1.5.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-bash-completion-24.0.9_ce-1.5.1.noarch",
"product": {
"name": "docker-stable-bash-completion-24.0.9_ce-1.5.1.noarch",
"product_id": "docker-stable-bash-completion-24.0.9_ce-1.5.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-stable-fish-completion-24.0.9_ce-1.5.1.noarch",
"product": {
"name": "docker-stable-fish-completion-24.0.9_ce-1.5.1.noarch",
"product_id": "docker-stable-fish-completion-24.0.9_ce-1.5.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-stable-rootless-extras-24.0.9_ce-1.5.1.noarch",
"product": {
"name": "docker-stable-rootless-extras-24.0.9_ce-1.5.1.noarch",
"product_id": "docker-stable-rootless-extras-24.0.9_ce-1.5.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-stable-zsh-completion-24.0.9_ce-1.5.1.noarch",
"product": {
"name": "docker-stable-zsh-completion-24.0.9_ce-1.5.1.noarch",
"product_id": "docker-stable-zsh-completion-24.0.9_ce-1.5.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-1.5.1.ppc64le",
"product": {
"name": "docker-stable-24.0.9_ce-1.5.1.ppc64le",
"product_id": "docker-stable-24.0.9_ce-1.5.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-1.5.1.s390x",
"product": {
"name": "docker-stable-24.0.9_ce-1.5.1.s390x",
"product_id": "docker-stable-24.0.9_ce-1.5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-1.5.1.x86_64",
"product": {
"name": "docker-stable-24.0.9_ce-1.5.1.x86_64",
"product_id": "docker-stable-24.0.9_ce-1.5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-1.5.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.5.1.aarch64"
},
"product_reference": "docker-stable-24.0.9_ce-1.5.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-1.5.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.5.1.ppc64le"
},
"product_reference": "docker-stable-24.0.9_ce-1.5.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-1.5.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.5.1.s390x"
},
"product_reference": "docker-stable-24.0.9_ce-1.5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-1.5.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.5.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-1.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-1.5.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.5.1.noarch"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-1.5.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-1.5.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.5.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-1.5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-1.5.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.5.1.noarch"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-1.5.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-41110",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-41110"
}
],
"notes": [
{
"category": "general",
"text": "Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low.\n\nUsing a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.\n\nA security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.\n\nDocker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable.\n\ndocker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.5.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.5.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-41110",
"url": "https://www.suse.com/security/cve/CVE-2024-41110"
},
{
"category": "external",
"summary": "SUSE Bug 1228324 for CVE-2024-41110",
"url": "https://bugzilla.suse.com/1228324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.5.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.5.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.5.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.5.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.5.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.5.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.5.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.5.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-05T14:58:02Z",
"details": "critical"
}
],
"title": "CVE-2024-41110"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…