Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-47914 (GCVE-0-2025-47914)
Vulnerability from cvelistv5 – Published: 2025-11-19 20:33 – Updated: 2025-11-20 17:15
VLAI
EPSS
Title
Malformed constraint may cause denial of service in golang.org/x/crypto/ssh/agent
Summary
SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| golang.org/x/crypto | golang.org/x/crypto/ssh/agent |
Affected:
0 , < 0.45.0
(semver)
|
Credits
Jakub Ciolek
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-47914",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T20:50:27.263405Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T20:50:30.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "golang.org/x/crypto/ssh/agent",
"product": "golang.org/x/crypto/ssh/agent",
"programRoutines": [
{
"name": "parseConstraints"
},
{
"name": "ForwardToAgent"
},
{
"name": "ServeAgent"
}
],
"vendor": "golang.org/x/crypto",
"versions": [
{
"lessThan": "0.45.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jakub Ciolek"
}
],
"descriptions": [
{
"lang": "en",
"value": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-237",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T17:15:00.344Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"
},
{
"url": "https://go.dev/cl/721960"
},
{
"url": "https://go.dev/issue/76364"
},
{
"url": "https://pkg.go.dev/vuln/GO-2025-4135"
}
],
"title": "Malformed constraint may cause denial of service in golang.org/x/crypto/ssh/agent"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2025-47914",
"datePublished": "2025-11-19T20:33:43.126Z",
"dateReserved": "2025-05-13T23:31:29.597Z",
"dateUpdated": "2025-11-20T17:15:00.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-47914",
"date": "2026-07-06",
"epss": "0.00473",
"percentile": "0.37582"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-47914\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2025-11-19T21:15:50.517\",\"lastModified\":\"2026-06-17T09:28:50.497\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.\"}],\"affected\":[{\"source\":\"security@golang.org\",\"affectedData\":[{\"vendor\":\"golang.org/x/crypto\",\"product\":\"golang.org/x/crypto/ssh/agent\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"golang.org/x/crypto/ssh/agent\",\"programRoutines\":[{\"name\":\"parseConstraints\"},{\"name\":\"ForwardToAgent\"},{\"name\":\"ServeAgent\"}],\"versions\":[{\"version\":\"0\",\"lessThan\":\"0.45.0\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-11-19T20:50:27.263405Z\",\"id\":\"CVE-2025-47914\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:crypto:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"0.45.0\",\"matchCriteriaId\":\"0DB7D01D-5361-40FC-83A9-91A601A0321D\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/721960\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/76364\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2025-4135\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-47914\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-11-19T20:50:27.263405Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125 Out-of-bounds Read\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-11-19T20:50:22.359Z\"}}], \"cna\": {\"title\": \"Malformed constraint may cause denial of service in golang.org/x/crypto/ssh/agent\", \"credits\": [{\"lang\": \"en\", \"value\": \"Jakub Ciolek\"}], \"affected\": [{\"vendor\": \"golang.org/x/crypto\", \"product\": \"golang.org/x/crypto/ssh/agent\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"0.45.0\", \"versionType\": \"semver\"}], \"packageName\": \"golang.org/x/crypto/ssh/agent\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"parseConstraints\"}, {\"name\": \"ForwardToAgent\"}, {\"name\": \"ServeAgent\"}]}], \"references\": [{\"url\": \"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA\"}, {\"url\": \"https://go.dev/cl/721960\"}, {\"url\": \"https://go.dev/issue/76364\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2025-4135\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-237\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2025-11-20T17:15:00.344Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-47914\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-20T17:15:00.344Z\", \"dateReserved\": \"2025-05-13T23:31:29.597Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2025-11-19T20:33:43.126Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2026:20123-1
Vulnerability from csaf_suse - Published: 2026-01-22 13:01 - Updated: 2026-01-22 13:01Summary
Security update for buildah
Severity
Important
Notes
Title of the patch: Security update for buildah
Description of the patch: This update for buildah fixes the following issues:
- CVE-2025-47914: golang.org/x/crypto/ssh/agent: Fixed non validated message size causing a panic due to an out
of bounds read (bsc#1254054)
- CVE-2025-47913: golang.org/x/crypto/ssh/agent: Fixed client process termination when receiving an unexpected
message type in response to a key listing or signing request (bsc#1253598)
- CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Fixed container breakouts by bypassing runc's restrictions for writing to arbitrary /proc
files (bsc#1253096)
Other fixes:
- Updated to version 1.39.5.
Patchnames: SUSE-SLES-16.0-169
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
25 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for buildah",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for buildah fixes the following issues:\n\n- CVE-2025-47914: golang.org/x/crypto/ssh/agent: Fixed non validated message size causing a panic due to an out\n of bounds read (bsc#1254054)\n- CVE-2025-47913: golang.org/x/crypto/ssh/agent: Fixed client process termination when receiving an unexpected\n message type in response to a key listing or signing request (bsc#1253598)\n- CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Fixed container breakouts by bypassing runc\u0027s restrictions for writing to arbitrary /proc\n files (bsc#1253096)\n\nOther fixes:\n\n- Updated to version 1.39.5.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-169",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20123-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20123-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620123-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20123-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-January/043749.html"
},
{
"category": "self",
"summary": "SUSE Bug 1253096",
"url": "https://bugzilla.suse.com/1253096"
},
{
"category": "self",
"summary": "SUSE Bug 1253598",
"url": "https://bugzilla.suse.com/1253598"
},
{
"category": "self",
"summary": "SUSE Bug 1254054",
"url": "https://bugzilla.suse.com/1254054"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31133 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52565 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52565/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52881/"
}
],
"title": "Security update for buildah",
"tracking": {
"current_release_date": "2026-01-22T13:01:23Z",
"generator": {
"date": "2026-01-22T13:01:23Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20123-1",
"initial_release_date": "2026-01-22T13:01:23Z",
"revision_history": [
{
"date": "2026-01-22T13:01:23Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.39.5-160000.1.1.aarch64",
"product": {
"name": "buildah-1.39.5-160000.1.1.aarch64",
"product_id": "buildah-1.39.5-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.39.5-160000.1.1.ppc64le",
"product": {
"name": "buildah-1.39.5-160000.1.1.ppc64le",
"product_id": "buildah-1.39.5-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.39.5-160000.1.1.s390x",
"product": {
"name": "buildah-1.39.5-160000.1.1.s390x",
"product_id": "buildah-1.39.5-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.39.5-160000.1.1.x86_64",
"product": {
"name": "buildah-1.39.5-160000.1.1.x86_64",
"product_id": "buildah-1.39.5-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.39.5-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64"
},
"product_reference": "buildah-1.39.5-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.39.5-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le"
},
"product_reference": "buildah-1.39.5-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.39.5-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x"
},
"product_reference": "buildah-1.39.5-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.39.5-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64"
},
"product_reference": "buildah-1.39.5-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.39.5-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64"
},
"product_reference": "buildah-1.39.5-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.39.5-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le"
},
"product_reference": "buildah-1.39.5-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.39.5-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x"
},
"product_reference": "buildah-1.39.5-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.39.5-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
},
"product_reference": "buildah-1.39.5-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31133"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container\u0027s /dev/null) was actually a real /dev/null inode when using the container\u0027s /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31133",
"url": "https://www.suse.com/security/cve/CVE-2025-31133"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T13:01:23Z",
"details": "important"
}
],
"title": "CVE-2025-31133"
},
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T13:01:23Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2025-47914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47914"
}
],
"notes": [
{
"category": "general",
"text": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47914",
"url": "https://www.suse.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "SUSE Bug 1253967 for CVE-2025-47914",
"url": "https://bugzilla.suse.com/1253967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T13:01:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-47914"
},
{
"cve": "CVE-2025-52565",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52565"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52565",
"url": "https://www.suse.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T13:01:23Z",
"details": "important"
}
],
"title": "CVE-2025-52565"
},
{
"cve": "CVE-2025-52881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52881"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52881",
"url": "https://www.suse.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T13:01:23Z",
"details": "important"
}
],
"title": "CVE-2025-52881"
}
]
}
SUSE-SU-2026:20176-1
Vulnerability from csaf_suse - Published: 2026-01-29 15:32 - Updated: 2026-01-29 15:32Summary
Security update for elemental-register, elemental-toolkit
Severity
Important
Notes
Title of the patch: Security update for elemental-register, elemental-toolkit
Description of the patch: This update for elemental-register, elemental-toolkit fixes the following issues:
elemental-register was updated to 1.8.1:
Changes on top of v1.8.1:
* Update headers to 2026
* Update questions to include SL Micro 6.2
Update to v1.8.1:
* Install yip config files in before-install step
* Bump github.com/rancher-sandbox/go-tpm and its dependencies
This includes few CVE fixes:
* bsc#1241826 (CVE-2025-22872)
* bsc#1241857 (CVE-2025-22872)
* bsc#1251511 (CVE-2025-47911)
* bsc#1251679 (CVE-2025-58190)
elemental-toolkit was updated to v2.3.2:
* Bump golang.org/x/crypto library
This includes few CVE fixes:
* bsc#1241826 (CVE-2025-22872)
* bsc#1241857 (CVE-2025-22872)
* bsc#1251511 (CVE-2025-47911)
* bsc#1251679 (CVE-2025-58190)
* bsc#1253581 (CVE-2025-47913)
* bsc#1253901 (CVE-2025-58181)
* bsc#1254079 (CVE-2025-47914)
Patchnames: SUSE-SL-Micro-6.2-217
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for elemental-register, elemental-toolkit",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for elemental-register, elemental-toolkit fixes the following issues:\n\nelemental-register was updated to 1.8.1:\n\nChanges on top of v1.8.1:\n\n * Update headers to 2026\n * Update questions to include SL Micro 6.2\n\nUpdate to v1.8.1:\n\n * Install yip config files in before-install step\n * Bump github.com/rancher-sandbox/go-tpm and its dependencies\n This includes few CVE fixes:\n * bsc#1241826 (CVE-2025-22872)\n * bsc#1241857 (CVE-2025-22872)\n * bsc#1251511 (CVE-2025-47911)\n * bsc#1251679 (CVE-2025-58190)\n\nelemental-toolkit was updated to v2.3.2:\n\n * Bump golang.org/x/crypto library\n This includes few CVE fixes:\n * bsc#1241826 (CVE-2025-22872)\n * bsc#1241857 (CVE-2025-22872)\n * bsc#1251511 (CVE-2025-47911)\n * bsc#1251679 (CVE-2025-58190)\n * bsc#1253581 (CVE-2025-47913)\n * bsc#1253901 (CVE-2025-58181)\n * bsc#1254079 (CVE-2025-47914)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SL-Micro-6.2-217",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20176-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20176-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620176-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20176-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024007.html"
},
{
"category": "self",
"summary": "SUSE Bug 1241826",
"url": "https://bugzilla.suse.com/1241826"
},
{
"category": "self",
"summary": "SUSE Bug 1241857",
"url": "https://bugzilla.suse.com/1241857"
},
{
"category": "self",
"summary": "SUSE Bug 1251511",
"url": "https://bugzilla.suse.com/1251511"
},
{
"category": "self",
"summary": "SUSE Bug 1251679",
"url": "https://bugzilla.suse.com/1251679"
},
{
"category": "self",
"summary": "SUSE Bug 1253581",
"url": "https://bugzilla.suse.com/1253581"
},
{
"category": "self",
"summary": "SUSE Bug 1253901",
"url": "https://bugzilla.suse.com/1253901"
},
{
"category": "self",
"summary": "SUSE Bug 1254079",
"url": "https://bugzilla.suse.com/1254079"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22872 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58190 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58190/"
}
],
"title": "Security update for elemental-register, elemental-toolkit",
"tracking": {
"current_release_date": "2026-01-29T15:32:26Z",
"generator": {
"date": "2026-01-29T15:32:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20176-1",
"initial_release_date": "2026-01-29T15:32:26Z",
"revision_history": [
{
"date": "2026-01-29T15:32:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "elemental-register-1.8.1-160000.1.1.aarch64",
"product": {
"name": "elemental-register-1.8.1-160000.1.1.aarch64",
"product_id": "elemental-register-1.8.1-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "elemental-support-1.8.1-160000.1.1.aarch64",
"product": {
"name": "elemental-support-1.8.1-160000.1.1.aarch64",
"product_id": "elemental-support-1.8.1-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "elemental-toolkit-2.3.2-160000.1.1.aarch64",
"product": {
"name": "elemental-toolkit-2.3.2-160000.1.1.aarch64",
"product_id": "elemental-toolkit-2.3.2-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "elemental-register-1.8.1-160000.1.1.x86_64",
"product": {
"name": "elemental-register-1.8.1-160000.1.1.x86_64",
"product_id": "elemental-register-1.8.1-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "elemental-support-1.8.1-160000.1.1.x86_64",
"product": {
"name": "elemental-support-1.8.1-160000.1.1.x86_64",
"product_id": "elemental-support-1.8.1-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "elemental-toolkit-2.3.2-160000.1.1.x86_64",
"product": {
"name": "elemental-toolkit-2.3.2-160000.1.1.x86_64",
"product_id": "elemental-toolkit-2.3.2-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.2",
"product": {
"name": "SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:transactional"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-register-1.8.1-160000.1.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64"
},
"product_reference": "elemental-register-1.8.1-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-register-1.8.1-160000.1.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64"
},
"product_reference": "elemental-register-1.8.1-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-support-1.8.1-160000.1.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64"
},
"product_reference": "elemental-support-1.8.1-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-support-1.8.1-160000.1.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64"
},
"product_reference": "elemental-support-1.8.1-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-toolkit-2.3.2-160000.1.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64"
},
"product_reference": "elemental-toolkit-2.3.2-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-toolkit-2.3.2-160000.1.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
},
"product_reference": "elemental-toolkit-2.3.2-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22872"
}
],
"notes": [
{
"category": "general",
"text": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22872",
"url": "https://www.suse.com/security/cve/CVE-2025-22872"
},
{
"category": "external",
"summary": "SUSE Bug 1241710 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1241710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-29T15:32:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-22872"
},
{
"cve": "CVE-2025-47911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47911"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47911",
"url": "https://www.suse.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "SUSE Bug 1251308 for CVE-2025-47911",
"url": "https://bugzilla.suse.com/1251308"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-29T15:32:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-47911"
},
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-29T15:32:26Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2025-47914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47914"
}
],
"notes": [
{
"category": "general",
"text": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47914",
"url": "https://www.suse.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "SUSE Bug 1253967 for CVE-2025-47914",
"url": "https://bugzilla.suse.com/1253967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-29T15:32:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-47914"
},
{
"cve": "CVE-2025-58181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58181"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58181",
"url": "https://www.suse.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "SUSE Bug 1253784 for CVE-2025-58181",
"url": "https://bugzilla.suse.com/1253784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-29T15:32:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-58181"
},
{
"cve": "CVE-2025-58190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58190"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58190",
"url": "https://www.suse.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "SUSE Bug 1251309 for CVE-2025-58190",
"url": "https://bugzilla.suse.com/1251309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-29T15:32:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-58190"
}
]
}
SUSE-SU-2026:20244-1
Vulnerability from csaf_suse - Published: 2026-01-15 11:08 - Updated: 2026-01-15 11:08Summary
Security update for elemental-toolkit, elemental-operator
Severity
Important
Notes
Title of the patch: Security update for elemental-toolkit, elemental-operator
Description of the patch: This update for elemental-toolkit, elemental-operator fixes the following issues:
elemental-operator:
- Update to version 1.6.10:
* Remove 'latest' tag as this overlaps with the latest branch
* Bump github.com/rancher-sandbox/go-tpm and its dependencies
This bump includes fixes to some CVEs:
* bsc#1241826 (CVE-2025-22872)
* bsc#1241857 (CVE-2025-22872)
* bsc#1251511 (CVE-2025-47911)
* bsc#1251679 (CVE-2025-58190)
elemental-toolkit:
- Update to version 2.1.5:
* Update headers for new year 2026
* Disable selinux in installer media
- Update to version 2.1.4:
* Remove leftovers in installer integration test
* Bump to build against go 1.24
* Bump golang.org/x/crypto library
This bump includes fixes to some CVEs:
* bsc#1241826 (CVE-2025-22872)
* bsc#1241857 (CVE-2025-22872)
* bsc#1251511 (CVE-2025-47911)
* bsc#1251679 (CVE-2025-58190)
* bsc#1253581 (CVE-2025-47913)
* bsc#1253901 (CVE-2025-58181)
* bsc#1254079 (CVE-2025-47914)
Patchnames: SUSE-SLE-Micro-6.0-561
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for elemental-toolkit, elemental-operator",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for elemental-toolkit, elemental-operator fixes the following issues:\n\nelemental-operator:\n\n - Update to version 1.6.10:\n\n * Remove \u0027latest\u0027 tag as this overlaps with the latest branch\n * Bump github.com/rancher-sandbox/go-tpm and its dependencies\n This bump includes fixes to some CVEs:\n * bsc#1241826 (CVE-2025-22872)\n * bsc#1241857 (CVE-2025-22872)\n * bsc#1251511 (CVE-2025-47911)\n * bsc#1251679 (CVE-2025-58190)\n\nelemental-toolkit:\n\n - Update to version 2.1.5:\n\n * Update headers for new year 2026\n * Disable selinux in installer media\n\n - Update to version 2.1.4:\n\n * Remove leftovers in installer integration test\n * Bump to build against go 1.24\n * Bump golang.org/x/crypto library\n This bump includes fixes to some CVEs:\n\n * bsc#1241826 (CVE-2025-22872)\n * bsc#1241857 (CVE-2025-22872)\n * bsc#1251511 (CVE-2025-47911)\n * bsc#1251679 (CVE-2025-58190)\n * bsc#1253581 (CVE-2025-47913)\n * bsc#1253901 (CVE-2025-58181)\n * bsc#1254079 (CVE-2025-47914)\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-561",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20244-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20244-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620244-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20244-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024237.html"
},
{
"category": "self",
"summary": "SUSE Bug 1241826",
"url": "https://bugzilla.suse.com/1241826"
},
{
"category": "self",
"summary": "SUSE Bug 1241857",
"url": "https://bugzilla.suse.com/1241857"
},
{
"category": "self",
"summary": "SUSE Bug 1251511",
"url": "https://bugzilla.suse.com/1251511"
},
{
"category": "self",
"summary": "SUSE Bug 1251679",
"url": "https://bugzilla.suse.com/1251679"
},
{
"category": "self",
"summary": "SUSE Bug 1253581",
"url": "https://bugzilla.suse.com/1253581"
},
{
"category": "self",
"summary": "SUSE Bug 1253901",
"url": "https://bugzilla.suse.com/1253901"
},
{
"category": "self",
"summary": "SUSE Bug 1254079",
"url": "https://bugzilla.suse.com/1254079"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22872 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58190 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58190/"
}
],
"title": "Security update for elemental-toolkit, elemental-operator",
"tracking": {
"current_release_date": "2026-01-15T11:08:38Z",
"generator": {
"date": "2026-01-15T11:08:38Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20244-1",
"initial_release_date": "2026-01-15T11:08:38Z",
"revision_history": [
{
"date": "2026-01-15T11:08:38Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "elemental-register-1.6.10-1.1.aarch64",
"product": {
"name": "elemental-register-1.6.10-1.1.aarch64",
"product_id": "elemental-register-1.6.10-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "elemental-support-1.6.10-1.1.aarch64",
"product": {
"name": "elemental-support-1.6.10-1.1.aarch64",
"product_id": "elemental-support-1.6.10-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "elemental-toolkit-2.1.5-1.1.aarch64",
"product": {
"name": "elemental-toolkit-2.1.5-1.1.aarch64",
"product_id": "elemental-toolkit-2.1.5-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "elemental-register-1.6.10-1.1.x86_64",
"product": {
"name": "elemental-register-1.6.10-1.1.x86_64",
"product_id": "elemental-register-1.6.10-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "elemental-support-1.6.10-1.1.x86_64",
"product": {
"name": "elemental-support-1.6.10-1.1.x86_64",
"product_id": "elemental-support-1.6.10-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "elemental-toolkit-2.1.5-1.1.x86_64",
"product": {
"name": "elemental-toolkit-2.1.5-1.1.x86_64",
"product_id": "elemental-toolkit-2.1.5-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-register-1.6.10-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64"
},
"product_reference": "elemental-register-1.6.10-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-register-1.6.10-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64"
},
"product_reference": "elemental-register-1.6.10-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-support-1.6.10-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64"
},
"product_reference": "elemental-support-1.6.10-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-support-1.6.10-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64"
},
"product_reference": "elemental-support-1.6.10-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-toolkit-2.1.5-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64"
},
"product_reference": "elemental-toolkit-2.1.5-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-toolkit-2.1.5-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
},
"product_reference": "elemental-toolkit-2.1.5-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22872"
}
],
"notes": [
{
"category": "general",
"text": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22872",
"url": "https://www.suse.com/security/cve/CVE-2025-22872"
},
{
"category": "external",
"summary": "SUSE Bug 1241710 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1241710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-15T11:08:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-22872"
},
{
"cve": "CVE-2025-47911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47911"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47911",
"url": "https://www.suse.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "SUSE Bug 1251308 for CVE-2025-47911",
"url": "https://bugzilla.suse.com/1251308"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-15T11:08:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-47911"
},
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-15T11:08:38Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2025-47914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47914"
}
],
"notes": [
{
"category": "general",
"text": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47914",
"url": "https://www.suse.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "SUSE Bug 1253967 for CVE-2025-47914",
"url": "https://bugzilla.suse.com/1253967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-15T11:08:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-47914"
},
{
"cve": "CVE-2025-58181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58181"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58181",
"url": "https://www.suse.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "SUSE Bug 1253784 for CVE-2025-58181",
"url": "https://bugzilla.suse.com/1253784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-15T11:08:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-58181"
},
{
"cve": "CVE-2025-58190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58190"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58190",
"url": "https://www.suse.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "SUSE Bug 1251309 for CVE-2025-58190",
"url": "https://bugzilla.suse.com/1251309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-15T11:08:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-58190"
}
]
}
SUSE-SU-2026:20357-1
Vulnerability from csaf_suse - Published: 2026-01-15 09:23 - Updated: 2026-01-15 09:23Summary
Security update for elemental-toolkit, elemental-operator
Severity
Important
Notes
Title of the patch: Security update for elemental-toolkit, elemental-operator
Description of the patch: This update for elemental-toolkit, elemental-operator fixes the following issues:
elemental-operator:
- Update to v1.7.4:
* Bump github.com/rancher-sandbox/go-tpm and its dependencies
This bump includes few CVE fixes:
* bsc#1241826 (CVE-2025-22872)
* bsc#1241857 (CVE-2025-22872)
* bsc#1251511 (CVE-2025-47911)
* bsc#1251679 (CVE-2025-58190)
* Install yip config files in before-install step
* Revert "Do not delete ManagedOSVersions by default"
* Set default channel variable names consistent with OS version
* Do not delete ManagedOSVersions by default
* Include -channel suffix to channel names
* OS channel: enable baremetal channel by default
elemental-toolkit:
- Update to v2.2.7:
* Bump toolkit build to go 1.24
* Bump golang.org/x/crypto library
This bumg includes few CVE fixes:
* bsc#1241826 (CVE-2025-22872)
* bsc#1241857 (CVE-2025-22872)
* bsc#1251511 (CVE-2025-47911)
* bsc#1251679 (CVE-2025-58190)
* bsc#1253581 (CVE-2025-47913)
* bsc#1253901 (CVE-2025-58181)
* bsc#1254079 (CVE-2025-47914)
- Update to v2.2.5:
* Permissive mode for green selinux
* Adapt code and unit tests
* Minor change to lookup devices using blkid
Patchnames: SUSE-SLE-Micro-6.1-375
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for elemental-toolkit, elemental-operator",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for elemental-toolkit, elemental-operator fixes the following issues:\n\nelemental-operator:\n\n - Update to v1.7.4:\n\n * Bump github.com/rancher-sandbox/go-tpm and its dependencies\n This bump includes few CVE fixes:\n * bsc#1241826 (CVE-2025-22872)\n * bsc#1241857 (CVE-2025-22872)\n * bsc#1251511 (CVE-2025-47911)\n * bsc#1251679 (CVE-2025-58190)\n * Install yip config files in before-install step\n * Revert \"Do not delete ManagedOSVersions by default\"\n * Set default channel variable names consistent with OS version\n * Do not delete ManagedOSVersions by default\n * Include -channel suffix to channel names\n * OS channel: enable baremetal channel by default\n\nelemental-toolkit:\n\n - Update to v2.2.7:\n\n * Bump toolkit build to go 1.24\n * Bump golang.org/x/crypto library\n This bumg includes few CVE fixes:\n * bsc#1241826 (CVE-2025-22872)\n * bsc#1241857 (CVE-2025-22872)\n * bsc#1251511 (CVE-2025-47911)\n * bsc#1251679 (CVE-2025-58190)\n * bsc#1253581 (CVE-2025-47913)\n * bsc#1253901 (CVE-2025-58181)\n * bsc#1254079 (CVE-2025-47914)\n\n - Update to v2.2.5:\n\n * Permissive mode for green selinux\n * Adapt code and unit tests\n * Minor change to lookup devices using blkid\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-375",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20357-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20357-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620357-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20357-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024326.html"
},
{
"category": "self",
"summary": "SUSE Bug 1241826",
"url": "https://bugzilla.suse.com/1241826"
},
{
"category": "self",
"summary": "SUSE Bug 1241857",
"url": "https://bugzilla.suse.com/1241857"
},
{
"category": "self",
"summary": "SUSE Bug 1251511",
"url": "https://bugzilla.suse.com/1251511"
},
{
"category": "self",
"summary": "SUSE Bug 1251679",
"url": "https://bugzilla.suse.com/1251679"
},
{
"category": "self",
"summary": "SUSE Bug 1253581",
"url": "https://bugzilla.suse.com/1253581"
},
{
"category": "self",
"summary": "SUSE Bug 1253901",
"url": "https://bugzilla.suse.com/1253901"
},
{
"category": "self",
"summary": "SUSE Bug 1254079",
"url": "https://bugzilla.suse.com/1254079"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22872 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58190 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58190/"
}
],
"title": "Security update for elemental-toolkit, elemental-operator",
"tracking": {
"current_release_date": "2026-01-15T09:23:45Z",
"generator": {
"date": "2026-01-15T09:23:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20357-1",
"initial_release_date": "2026-01-15T09:23:45Z",
"revision_history": [
{
"date": "2026-01-15T09:23:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"product": {
"name": "elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"product_id": "elemental-register-1.7.4-slfo.1.1_1.1.aarch64"
}
},
{
"category": "product_version",
"name": "elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"product": {
"name": "elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"product_id": "elemental-support-1.7.4-slfo.1.1_1.1.aarch64"
}
},
{
"category": "product_version",
"name": "elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"product": {
"name": "elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"product_id": "elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"product": {
"name": "elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"product_id": "elemental-register-1.7.4-slfo.1.1_1.1.x86_64"
}
},
{
"category": "product_version",
"name": "elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"product": {
"name": "elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"product_id": "elemental-support-1.7.4-slfo.1.1_1.1.x86_64"
}
},
{
"category": "product_version",
"name": "elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64",
"product": {
"name": "elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64",
"product_id": "elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-register-1.7.4-slfo.1.1_1.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64"
},
"product_reference": "elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-register-1.7.4-slfo.1.1_1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64"
},
"product_reference": "elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-support-1.7.4-slfo.1.1_1.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64"
},
"product_reference": "elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-support-1.7.4-slfo.1.1_1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64"
},
"product_reference": "elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64"
},
"product_reference": "elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
},
"product_reference": "elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22872"
}
],
"notes": [
{
"category": "general",
"text": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22872",
"url": "https://www.suse.com/security/cve/CVE-2025-22872"
},
{
"category": "external",
"summary": "SUSE Bug 1241710 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1241710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-15T09:23:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-22872"
},
{
"cve": "CVE-2025-47911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47911"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47911",
"url": "https://www.suse.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "SUSE Bug 1251308 for CVE-2025-47911",
"url": "https://bugzilla.suse.com/1251308"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-15T09:23:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-47911"
},
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-15T09:23:45Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2025-47914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47914"
}
],
"notes": [
{
"category": "general",
"text": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47914",
"url": "https://www.suse.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "SUSE Bug 1253967 for CVE-2025-47914",
"url": "https://bugzilla.suse.com/1253967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-15T09:23:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-47914"
},
{
"cve": "CVE-2025-58181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58181"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58181",
"url": "https://www.suse.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "SUSE Bug 1253784 for CVE-2025-58181",
"url": "https://bugzilla.suse.com/1253784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-15T09:23:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-58181"
},
{
"cve": "CVE-2025-58190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58190"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58190",
"url": "https://www.suse.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "SUSE Bug 1251309 for CVE-2025-58190",
"url": "https://bugzilla.suse.com/1251309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-15T09:23:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-58190"
}
]
}
SUSE-SU-2026:20451-1
Vulnerability from csaf_suse - Published: 2026-02-17 08:53 - Updated: 2026-02-17 08:53Summary
Security update for docker-compose
Severity
Important
Notes
Title of the patch: Security update for docker-compose
Description of the patch: This update for docker-compose fixes the following issues:
- CVE-2025-47914: non validated message size can cause a panic due to an out of bounds read (bsc#1254041).
- CVE-2025-47913: client process termination when receiving an unexpected message type in response to a key listing or
signing request (bsc#1253584).
Patchnames: SUSE-SLE-Micro-6.0-587
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for docker-compose",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for docker-compose fixes the following issues:\n\n- CVE-2025-47914: non validated message size can cause a panic due to an out of bounds read (bsc#1254041). \n- CVE-2025-47913: client process termination when receiving an unexpected message type in response to a key listing or\n signing request (bsc#1253584).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-587",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20451-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20451-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620451-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20451-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024432.html"
},
{
"category": "self",
"summary": "SUSE Bug 1253584",
"url": "https://bugzilla.suse.com/1253584"
},
{
"category": "self",
"summary": "SUSE Bug 1254041",
"url": "https://bugzilla.suse.com/1254041"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47914/"
}
],
"title": "Security update for docker-compose",
"tracking": {
"current_release_date": "2026-02-17T08:53:14Z",
"generator": {
"date": "2026-02-17T08:53:14Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20451-1",
"initial_release_date": "2026-02-17T08:53:14Z",
"revision_history": [
{
"date": "2026-02-17T08:53:14Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-compose-2.33.1-3.1.aarch64",
"product": {
"name": "docker-compose-2.33.1-3.1.aarch64",
"product_id": "docker-compose-2.33.1-3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-compose-2.33.1-3.1.s390x",
"product": {
"name": "docker-compose-2.33.1-3.1.s390x",
"product_id": "docker-compose-2.33.1-3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-compose-2.33.1-3.1.x86_64",
"product": {
"name": "docker-compose-2.33.1-3.1.x86_64",
"product_id": "docker-compose-2.33.1-3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.33.1-3.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.aarch64"
},
"product_reference": "docker-compose-2.33.1-3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.33.1-3.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.s390x"
},
"product_reference": "docker-compose-2.33.1-3.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.33.1-3.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.x86_64"
},
"product_reference": "docker-compose-2.33.1-3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.aarch64",
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.s390x",
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.aarch64",
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.s390x",
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.aarch64",
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.s390x",
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-17T08:53:14Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2025-47914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47914"
}
],
"notes": [
{
"category": "general",
"text": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.aarch64",
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.s390x",
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47914",
"url": "https://www.suse.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "SUSE Bug 1253967 for CVE-2025-47914",
"url": "https://bugzilla.suse.com/1253967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.aarch64",
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.s390x",
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.aarch64",
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.s390x",
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-17T08:53:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-47914"
}
]
}
SUSE-SU-2026:20626-1
Vulnerability from csaf_suse - Published: 2026-03-03 16:04 - Updated: 2026-03-03 16:04Summary
Security update for podman
Severity
Important
Notes
Title of the patch: Security update for podman
Description of the patch: This update for podman fixes the following issues:
Changes in podman:
- Add symlink to catatonit in /usr/libexec/podman (bsc#1248988)
- CVE-2025-47914: Fixed golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read (bsc#1253993)
- CVE-2025-47913: Fixed golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253542):
- CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Fixed runc: Container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1252376):
- CVE-2025-9566: Fixed that podman kube play command may overwrite host files (bsc#1249154):
Patchnames: SUSE-SLES-16.0-343
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.3 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
36 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for podman",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for podman fixes the following issues:\n\nChanges in podman:\n\n- Add symlink to catatonit in /usr/libexec/podman (bsc#1248988)\n\n- CVE-2025-47914: Fixed golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read (bsc#1253993)\n- CVE-2025-47913: Fixed golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253542):\n\n- CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Fixed runc: Container breakouts by bypassing runc\u0027s restrictions for writing to arbitrary /proc files (bsc#1252376):\n- CVE-2025-9566: Fixed that podman kube play command may overwrite host files (bsc#1249154):\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-343",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20626-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20626-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620626-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20626-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024648.html"
},
{
"category": "self",
"summary": "SUSE Bug 1248988",
"url": "https://bugzilla.suse.com/1248988"
},
{
"category": "self",
"summary": "SUSE Bug 1249154",
"url": "https://bugzilla.suse.com/1249154"
},
{
"category": "self",
"summary": "SUSE Bug 1252376",
"url": "https://bugzilla.suse.com/1252376"
},
{
"category": "self",
"summary": "SUSE Bug 1253542",
"url": "https://bugzilla.suse.com/1253542"
},
{
"category": "self",
"summary": "SUSE Bug 1253993",
"url": "https://bugzilla.suse.com/1253993"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31133 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52565 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52565/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-6032 page",
"url": "https://www.suse.com/security/cve/CVE-2025-6032/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-9566 page",
"url": "https://www.suse.com/security/cve/CVE-2025-9566/"
}
],
"title": "Security update for podman",
"tracking": {
"current_release_date": "2026-03-03T16:04:58Z",
"generator": {
"date": "2026-03-03T16:04:58Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20626-1",
"initial_release_date": "2026-03-03T16:04:58Z",
"revision_history": [
{
"date": "2026-03-03T16:04:58Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.4.1.aarch64",
"product": {
"name": "podman-5.4.2-160000.4.1.aarch64",
"product_id": "podman-5.4.2-160000.4.1.aarch64"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.4.1.aarch64",
"product": {
"name": "podman-remote-5.4.2-160000.4.1.aarch64",
"product_id": "podman-remote-5.4.2-160000.4.1.aarch64"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.4.1.aarch64",
"product": {
"name": "podmansh-5.4.2-160000.4.1.aarch64",
"product_id": "podmansh-5.4.2-160000.4.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-docker-5.4.2-160000.4.1.noarch",
"product": {
"name": "podman-docker-5.4.2-160000.4.1.noarch",
"product_id": "podman-docker-5.4.2-160000.4.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.4.1.ppc64le",
"product": {
"name": "podman-5.4.2-160000.4.1.ppc64le",
"product_id": "podman-5.4.2-160000.4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.4.1.ppc64le",
"product": {
"name": "podman-remote-5.4.2-160000.4.1.ppc64le",
"product_id": "podman-remote-5.4.2-160000.4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.4.1.ppc64le",
"product": {
"name": "podmansh-5.4.2-160000.4.1.ppc64le",
"product_id": "podmansh-5.4.2-160000.4.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.4.1.s390x",
"product": {
"name": "podman-5.4.2-160000.4.1.s390x",
"product_id": "podman-5.4.2-160000.4.1.s390x"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.4.1.s390x",
"product": {
"name": "podman-remote-5.4.2-160000.4.1.s390x",
"product_id": "podman-remote-5.4.2-160000.4.1.s390x"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.4.1.s390x",
"product": {
"name": "podmansh-5.4.2-160000.4.1.s390x",
"product_id": "podmansh-5.4.2-160000.4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.4.1.x86_64",
"product": {
"name": "podman-5.4.2-160000.4.1.x86_64",
"product_id": "podman-5.4.2-160000.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.4.1.x86_64",
"product": {
"name": "podman-remote-5.4.2-160000.4.1.x86_64",
"product_id": "podman-remote-5.4.2-160000.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.4.1.x86_64",
"product": {
"name": "podmansh-5.4.2-160000.4.1.x86_64",
"product_id": "podmansh-5.4.2-160000.4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podman-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podman-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x"
},
"product_reference": "podman-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podman-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-5.4.2-160000.4.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch"
},
"product_reference": "podman-docker-5.4.2-160000.4.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podmansh-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podmansh-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x"
},
"product_reference": "podmansh-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podmansh-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podman-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podman-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x"
},
"product_reference": "podman-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podman-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-5.4.2-160000.4.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch"
},
"product_reference": "podman-docker-5.4.2-160000.4.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podmansh-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podmansh-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x"
},
"product_reference": "podmansh-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podmansh-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22869"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22869",
"url": "https://www.suse.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "SUSE Bug 1239322 for CVE-2025-22869",
"url": "https://bugzilla.suse.com/1239322"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-22869"
},
{
"cve": "CVE-2025-31133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31133"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container\u0027s /dev/null) was actually a real /dev/null inode when using the container\u0027s /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31133",
"url": "https://www.suse.com/security/cve/CVE-2025-31133"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-31133"
},
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2025-47914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47914"
}
],
"notes": [
{
"category": "general",
"text": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47914",
"url": "https://www.suse.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "SUSE Bug 1253967 for CVE-2025-47914",
"url": "https://bugzilla.suse.com/1253967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-47914"
},
{
"cve": "CVE-2025-52565",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52565"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52565",
"url": "https://www.suse.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-52565"
},
{
"cve": "CVE-2025-52881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52881"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52881",
"url": "https://www.suse.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-52881"
},
{
"cve": "CVE-2025-6032",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-6032"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-6032",
"url": "https://www.suse.com/security/cve/CVE-2025-6032"
},
{
"category": "external",
"summary": "SUSE Bug 1245320 for CVE-2025-6032",
"url": "https://bugzilla.suse.com/1245320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-6032"
},
{
"cve": "CVE-2025-9566",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-9566"
}
],
"notes": [
{
"category": "general",
"text": "There\u0027s a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file.\n\nBinary-Affected: podman\nUpstream-version-introduced: v4.0.0\nUpstream-version-fixed: v5.6.1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-9566",
"url": "https://www.suse.com/security/cve/CVE-2025-9566"
},
{
"category": "external",
"summary": "SUSE Bug 1249154 for CVE-2025-9566",
"url": "https://bugzilla.suse.com/1249154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-9566"
}
]
}
SUSE-SU-2026:20641-1
Vulnerability from csaf_suse - Published: 2026-03-03 16:04 - Updated: 2026-03-03 16:04Summary
Security update for podman
Severity
Important
Notes
Title of the patch: Security update for podman
Description of the patch: This update for podman fixes the following issues:
Changes in podman:
- Add symlink to catatonit in /usr/libexec/podman (bsc#1248988)
- CVE-2025-47914: Fixed golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read (bsc#1253993)
- CVE-2025-47913: Fixed golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253542):
- CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Fixed runc: Container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1252376):
- CVE-2025-9566: Fixed that podman kube play command may overwrite host files (bsc#1249154):
Patchnames: SUSE-SL-Micro-6.2-343
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.3 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
36 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for podman",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for podman fixes the following issues:\n\nChanges in podman:\n\n- Add symlink to catatonit in /usr/libexec/podman (bsc#1248988)\n\n- CVE-2025-47914: Fixed golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read (bsc#1253993)\n- CVE-2025-47913: Fixed golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253542):\n\n- CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Fixed runc: Container breakouts by bypassing runc\u0027s restrictions for writing to arbitrary /proc files (bsc#1252376):\n- CVE-2025-9566: Fixed that podman kube play command may overwrite host files (bsc#1249154):\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SL-Micro-6.2-343",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20641-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20641-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620641-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20641-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024659.html"
},
{
"category": "self",
"summary": "SUSE Bug 1248988",
"url": "https://bugzilla.suse.com/1248988"
},
{
"category": "self",
"summary": "SUSE Bug 1249154",
"url": "https://bugzilla.suse.com/1249154"
},
{
"category": "self",
"summary": "SUSE Bug 1252376",
"url": "https://bugzilla.suse.com/1252376"
},
{
"category": "self",
"summary": "SUSE Bug 1253542",
"url": "https://bugzilla.suse.com/1253542"
},
{
"category": "self",
"summary": "SUSE Bug 1253993",
"url": "https://bugzilla.suse.com/1253993"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31133 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52565 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52565/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-6032 page",
"url": "https://www.suse.com/security/cve/CVE-2025-6032/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-9566 page",
"url": "https://www.suse.com/security/cve/CVE-2025-9566/"
}
],
"title": "Security update for podman",
"tracking": {
"current_release_date": "2026-03-03T16:04:58Z",
"generator": {
"date": "2026-03-03T16:04:58Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20641-1",
"initial_release_date": "2026-03-03T16:04:58Z",
"revision_history": [
{
"date": "2026-03-03T16:04:58Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.4.1.aarch64",
"product": {
"name": "podman-5.4.2-160000.4.1.aarch64",
"product_id": "podman-5.4.2-160000.4.1.aarch64"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.4.1.aarch64",
"product": {
"name": "podman-remote-5.4.2-160000.4.1.aarch64",
"product_id": "podman-remote-5.4.2-160000.4.1.aarch64"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.4.1.aarch64",
"product": {
"name": "podmansh-5.4.2-160000.4.1.aarch64",
"product_id": "podmansh-5.4.2-160000.4.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-docker-5.4.2-160000.4.1.noarch",
"product": {
"name": "podman-docker-5.4.2-160000.4.1.noarch",
"product_id": "podman-docker-5.4.2-160000.4.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.4.1.ppc64le",
"product": {
"name": "podman-5.4.2-160000.4.1.ppc64le",
"product_id": "podman-5.4.2-160000.4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.4.1.ppc64le",
"product": {
"name": "podman-remote-5.4.2-160000.4.1.ppc64le",
"product_id": "podman-remote-5.4.2-160000.4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.4.1.ppc64le",
"product": {
"name": "podmansh-5.4.2-160000.4.1.ppc64le",
"product_id": "podmansh-5.4.2-160000.4.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.4.1.s390x",
"product": {
"name": "podman-5.4.2-160000.4.1.s390x",
"product_id": "podman-5.4.2-160000.4.1.s390x"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.4.1.s390x",
"product": {
"name": "podman-remote-5.4.2-160000.4.1.s390x",
"product_id": "podman-remote-5.4.2-160000.4.1.s390x"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.4.1.s390x",
"product": {
"name": "podmansh-5.4.2-160000.4.1.s390x",
"product_id": "podmansh-5.4.2-160000.4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.4.1.x86_64",
"product": {
"name": "podman-5.4.2-160000.4.1.x86_64",
"product_id": "podman-5.4.2-160000.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.4.1.x86_64",
"product": {
"name": "podman-remote-5.4.2-160000.4.1.x86_64",
"product_id": "podman-remote-5.4.2-160000.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.4.1.x86_64",
"product": {
"name": "podmansh-5.4.2-160000.4.1.x86_64",
"product_id": "podmansh-5.4.2-160000.4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.2",
"product": {
"name": "SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:transactional"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podman-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podman-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x"
},
"product_reference": "podman-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podman-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-5.4.2-160000.4.1.noarch as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch"
},
"product_reference": "podman-docker-5.4.2-160000.4.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podmansh-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podmansh-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x"
},
"product_reference": "podmansh-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podmansh-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22869"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22869",
"url": "https://www.suse.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "SUSE Bug 1239322 for CVE-2025-22869",
"url": "https://bugzilla.suse.com/1239322"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-22869"
},
{
"cve": "CVE-2025-31133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31133"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container\u0027s /dev/null) was actually a real /dev/null inode when using the container\u0027s /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31133",
"url": "https://www.suse.com/security/cve/CVE-2025-31133"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-31133"
},
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2025-47914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47914"
}
],
"notes": [
{
"category": "general",
"text": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47914",
"url": "https://www.suse.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "SUSE Bug 1253967 for CVE-2025-47914",
"url": "https://bugzilla.suse.com/1253967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-47914"
},
{
"cve": "CVE-2025-52565",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52565"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52565",
"url": "https://www.suse.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-52565"
},
{
"cve": "CVE-2025-52881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52881"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52881",
"url": "https://www.suse.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-52881"
},
{
"cve": "CVE-2025-6032",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-6032"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-6032",
"url": "https://www.suse.com/security/cve/CVE-2025-6032"
},
{
"category": "external",
"summary": "SUSE Bug 1245320 for CVE-2025-6032",
"url": "https://bugzilla.suse.com/1245320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-6032"
},
{
"cve": "CVE-2025-9566",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-9566"
}
],
"notes": [
{
"category": "general",
"text": "There\u0027s a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file.\n\nBinary-Affected: podman\nUpstream-version-introduced: v4.0.0\nUpstream-version-fixed: v5.6.1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-9566",
"url": "https://www.suse.com/security/cve/CVE-2025-9566"
},
{
"category": "external",
"summary": "SUSE Bug 1249154 for CVE-2025-9566",
"url": "https://bugzilla.suse.com/1249154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-9566"
}
]
}
SUSE-SU-2026:20656-1
Vulnerability from csaf_suse - Published: 2026-03-06 11:34 - Updated: 2026-03-06 11:34Summary
Security update for docker-compose
Severity
Important
Notes
Title of the patch: Security update for docker-compose
Description of the patch: This update for docker-compose fixes the following issues:
- CVE-2025-47914: non validated message size can cause a panic due to an out of bounds read (bsc#1254041).
- CVE-2025-47913: client process termination when receiving an unexpected message type in response to a key listing or
signing request (bsc#1253584).
- CVE-2025-62725: OCI compose artifacts can be used to escape the cache directory and overwrite arbitrary files
(bsc#1252752).
Patchnames: SUSE-SLE-Micro-6.1-428
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.3 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for docker-compose",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for docker-compose fixes the following issues:\n\n- CVE-2025-47914: non validated message size can cause a panic due to an out of bounds read (bsc#1254041). \n- CVE-2025-47913: client process termination when receiving an unexpected message type in response to a key listing or\n signing request (bsc#1253584).\n- CVE-2025-62725: OCI compose artifacts can be used to escape the cache directory and overwrite arbitrary files\n (bsc#1252752).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-428",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20656-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20656-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620656-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20656-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024754.html"
},
{
"category": "self",
"summary": "SUSE Bug 1252752",
"url": "https://bugzilla.suse.com/1252752"
},
{
"category": "self",
"summary": "SUSE Bug 1253584",
"url": "https://bugzilla.suse.com/1253584"
},
{
"category": "self",
"summary": "SUSE Bug 1254041",
"url": "https://bugzilla.suse.com/1254041"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-62725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-62725/"
}
],
"title": "Security update for docker-compose",
"tracking": {
"current_release_date": "2026-03-06T11:34:20Z",
"generator": {
"date": "2026-03-06T11:34:20Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20656-1",
"initial_release_date": "2026-03-06T11:34:20Z",
"revision_history": [
{
"date": "2026-03-06T11:34:20Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-compose-2.33.1-slfo.1.1_2.1.aarch64",
"product": {
"name": "docker-compose-2.33.1-slfo.1.1_2.1.aarch64",
"product_id": "docker-compose-2.33.1-slfo.1.1_2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-compose-2.33.1-slfo.1.1_2.1.ppc64le",
"product": {
"name": "docker-compose-2.33.1-slfo.1.1_2.1.ppc64le",
"product_id": "docker-compose-2.33.1-slfo.1.1_2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-compose-2.33.1-slfo.1.1_2.1.s390x",
"product": {
"name": "docker-compose-2.33.1-slfo.1.1_2.1.s390x",
"product_id": "docker-compose-2.33.1-slfo.1.1_2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-compose-2.33.1-slfo.1.1_2.1.x86_64",
"product": {
"name": "docker-compose-2.33.1-slfo.1.1_2.1.x86_64",
"product_id": "docker-compose-2.33.1-slfo.1.1_2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.33.1-slfo.1.1_2.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.aarch64"
},
"product_reference": "docker-compose-2.33.1-slfo.1.1_2.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.33.1-slfo.1.1_2.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.ppc64le"
},
"product_reference": "docker-compose-2.33.1-slfo.1.1_2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.33.1-slfo.1.1_2.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.s390x"
},
"product_reference": "docker-compose-2.33.1-slfo.1.1_2.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.33.1-slfo.1.1_2.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.x86_64"
},
"product_reference": "docker-compose-2.33.1-slfo.1.1_2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-06T11:34:20Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2025-47914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47914"
}
],
"notes": [
{
"category": "general",
"text": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47914",
"url": "https://www.suse.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "SUSE Bug 1253967 for CVE-2025-47914",
"url": "https://bugzilla.suse.com/1253967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-06T11:34:20Z",
"details": "moderate"
}
],
"title": "CVE-2025-47914"
},
{
"cve": "CVE-2025-62725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-62725"
}
],
"notes": [
{
"category": "general",
"text": "Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker-supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cache directory and writes the file there. This affects any platform or workflow that resolves remote OCI compose artifacts, Docker Desktop, standalone Compose binaries on Linux, CI/CD runners, cloud dev environments is affected. An attacker can escape the cache directory and overwrite arbitrary files on the machine running docker compose, even if the user only runs read-only commands such as docker compose config or docker compose ps. This issue is fixed in v2.40.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-62725",
"url": "https://www.suse.com/security/cve/CVE-2025-62725"
},
{
"category": "external",
"summary": "SUSE Bug 1252752 for CVE-2025-62725",
"url": "https://bugzilla.suse.com/1252752"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-06T11:34:20Z",
"details": "important"
}
],
"title": "CVE-2025-62725"
}
]
}
SUSE-SU-2026:20949-1
Vulnerability from csaf_suse - Published: 2026-03-27 10:09 - Updated: 2026-03-27 10:09Summary
Security update for docker-compose
Severity
Important
Notes
Title of the patch: Security update for docker-compose
Description of the patch: This update for docker-compose fixes the following issues:
- CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in
response to a key listing or signing request (bsc#1253584).
- CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds
read (bsc#1254041).
- CVE-2025-62725: OCI compose artifacts can be used to escape the cache directory and overwrite arbitrary files
(bsc#1252752).
Patchnames: SUSE-SL-Micro-6.2-455
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.3 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for docker-compose",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for docker-compose fixes the following issues:\n\n- CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in\n response to a key listing or signing request (bsc#1253584).\n- CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds\n read (bsc#1254041).\n- CVE-2025-62725: OCI compose artifacts can be used to escape the cache directory and overwrite arbitrary files\n (bsc#1252752).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SL-Micro-6.2-455",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20949-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20949-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620949-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20949-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045253.html"
},
{
"category": "self",
"summary": "SUSE Bug 1252752",
"url": "https://bugzilla.suse.com/1252752"
},
{
"category": "self",
"summary": "SUSE Bug 1253584",
"url": "https://bugzilla.suse.com/1253584"
},
{
"category": "self",
"summary": "SUSE Bug 1254041",
"url": "https://bugzilla.suse.com/1254041"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-62725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-62725/"
}
],
"title": "Security update for docker-compose",
"tracking": {
"current_release_date": "2026-03-27T10:09:30Z",
"generator": {
"date": "2026-03-27T10:09:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20949-1",
"initial_release_date": "2026-03-27T10:09:30Z",
"revision_history": [
{
"date": "2026-03-27T10:09:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-compose-2.33.1-160000.4.1.aarch64",
"product": {
"name": "docker-compose-2.33.1-160000.4.1.aarch64",
"product_id": "docker-compose-2.33.1-160000.4.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-compose-2.33.1-160000.4.1.ppc64le",
"product": {
"name": "docker-compose-2.33.1-160000.4.1.ppc64le",
"product_id": "docker-compose-2.33.1-160000.4.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-compose-2.33.1-160000.4.1.s390x",
"product": {
"name": "docker-compose-2.33.1-160000.4.1.s390x",
"product_id": "docker-compose-2.33.1-160000.4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-compose-2.33.1-160000.4.1.x86_64",
"product": {
"name": "docker-compose-2.33.1-160000.4.1.x86_64",
"product_id": "docker-compose-2.33.1-160000.4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.2",
"product": {
"name": "SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.33.1-160000.4.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.aarch64"
},
"product_reference": "docker-compose-2.33.1-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.33.1-160000.4.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.ppc64le"
},
"product_reference": "docker-compose-2.33.1-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.33.1-160000.4.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.s390x"
},
"product_reference": "docker-compose-2.33.1-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.33.1-160000.4.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.x86_64"
},
"product_reference": "docker-compose-2.33.1-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T10:09:30Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2025-47914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47914"
}
],
"notes": [
{
"category": "general",
"text": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47914",
"url": "https://www.suse.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "SUSE Bug 1253967 for CVE-2025-47914",
"url": "https://bugzilla.suse.com/1253967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T10:09:30Z",
"details": "moderate"
}
],
"title": "CVE-2025-47914"
},
{
"cve": "CVE-2025-62725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-62725"
}
],
"notes": [
{
"category": "general",
"text": "Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker-supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cache directory and writes the file there. This affects any platform or workflow that resolves remote OCI compose artifacts, Docker Desktop, standalone Compose binaries on Linux, CI/CD runners, cloud dev environments is affected. An attacker can escape the cache directory and overwrite arbitrary files on the machine running docker compose, even if the user only runs read-only commands such as docker compose config or docker compose ps. This issue is fixed in v2.40.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-62725",
"url": "https://www.suse.com/security/cve/CVE-2025-62725"
},
{
"category": "external",
"summary": "SUSE Bug 1252752 for CVE-2025-62725",
"url": "https://bugzilla.suse.com/1252752"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T10:09:30Z",
"details": "important"
}
],
"title": "CVE-2025-62725"
}
]
}
SUSE-SU-2026:20976-1
Vulnerability from csaf_suse - Published: 2026-03-27 10:09 - Updated: 2026-03-27 10:09Summary
Security update for docker-compose
Severity
Important
Notes
Title of the patch: Security update for docker-compose
Description of the patch: This update for docker-compose fixes the following issues:
- CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in
response to a key listing or signing request (bsc#1253584).
- CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds
read (bsc#1254041).
- CVE-2025-62725: OCI compose artifacts can be used to escape the cache directory and overwrite arbitrary files
(bsc#1252752).
Patchnames: SUSE-SLES-16.0-455
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.3 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for docker-compose",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for docker-compose fixes the following issues:\n\n- CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in\n response to a key listing or signing request (bsc#1253584).\n- CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds\n read (bsc#1254041).\n- CVE-2025-62725: OCI compose artifacts can be used to escape the cache directory and overwrite arbitrary files\n (bsc#1252752).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-455",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20976-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20976-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620976-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20976-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045355.html"
},
{
"category": "self",
"summary": "SUSE Bug 1252752",
"url": "https://bugzilla.suse.com/1252752"
},
{
"category": "self",
"summary": "SUSE Bug 1253584",
"url": "https://bugzilla.suse.com/1253584"
},
{
"category": "self",
"summary": "SUSE Bug 1254041",
"url": "https://bugzilla.suse.com/1254041"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-62725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-62725/"
}
],
"title": "Security update for docker-compose",
"tracking": {
"current_release_date": "2026-03-27T10:09:30Z",
"generator": {
"date": "2026-03-27T10:09:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20976-1",
"initial_release_date": "2026-03-27T10:09:30Z",
"revision_history": [
{
"date": "2026-03-27T10:09:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-compose-2.33.1-160000.4.1.aarch64",
"product": {
"name": "docker-compose-2.33.1-160000.4.1.aarch64",
"product_id": "docker-compose-2.33.1-160000.4.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-compose-2.33.1-160000.4.1.ppc64le",
"product": {
"name": "docker-compose-2.33.1-160000.4.1.ppc64le",
"product_id": "docker-compose-2.33.1-160000.4.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-compose-2.33.1-160000.4.1.s390x",
"product": {
"name": "docker-compose-2.33.1-160000.4.1.s390x",
"product_id": "docker-compose-2.33.1-160000.4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-compose-2.33.1-160000.4.1.x86_64",
"product": {
"name": "docker-compose-2.33.1-160000.4.1.x86_64",
"product_id": "docker-compose-2.33.1-160000.4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.33.1-160000.4.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.aarch64"
},
"product_reference": "docker-compose-2.33.1-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.33.1-160000.4.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.ppc64le"
},
"product_reference": "docker-compose-2.33.1-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.33.1-160000.4.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.s390x"
},
"product_reference": "docker-compose-2.33.1-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.33.1-160000.4.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.x86_64"
},
"product_reference": "docker-compose-2.33.1-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.33.1-160000.4.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.aarch64"
},
"product_reference": "docker-compose-2.33.1-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.33.1-160000.4.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.ppc64le"
},
"product_reference": "docker-compose-2.33.1-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.33.1-160000.4.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.s390x"
},
"product_reference": "docker-compose-2.33.1-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.33.1-160000.4.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.x86_64"
},
"product_reference": "docker-compose-2.33.1-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T10:09:30Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2025-47914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47914"
}
],
"notes": [
{
"category": "general",
"text": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47914",
"url": "https://www.suse.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "SUSE Bug 1253967 for CVE-2025-47914",
"url": "https://bugzilla.suse.com/1253967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T10:09:30Z",
"details": "moderate"
}
],
"title": "CVE-2025-47914"
},
{
"cve": "CVE-2025-62725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-62725"
}
],
"notes": [
{
"category": "general",
"text": "Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker-supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cache directory and writes the file there. This affects any platform or workflow that resolves remote OCI compose artifacts, Docker Desktop, standalone Compose binaries on Linux, CI/CD runners, cloud dev environments is affected. An attacker can escape the cache directory and overwrite arbitrary files on the machine running docker compose, even if the user only runs read-only commands such as docker compose config or docker compose ps. This issue is fixed in v2.40.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-62725",
"url": "https://www.suse.com/security/cve/CVE-2025-62725"
},
{
"category": "external",
"summary": "SUSE Bug 1252752 for CVE-2025-62725",
"url": "https://bugzilla.suse.com/1252752"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:docker-compose-2.33.1-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:docker-compose-2.33.1-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T10:09:30Z",
"details": "important"
}
],
"title": "CVE-2025-62725"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…