Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2022-23648
Vulnerability from cvelistv5
Published
2022-03-03 00:00
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| containerd | containerd |
Version: < 1.4.13 Version: >= 1.5.0, < 1.5.10 Version: >= 1.6.0, < 1.6.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T03:51:45.829Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7", }, { tags: [ "x_transferred", ], url: "https://github.com/containerd/containerd/commit/10f428dac7cec44c864e1b830a4623af27a9fc70", }, { tags: [ "x_transferred", ], url: "https://github.com/containerd/containerd/releases/tag/v1.4.13", }, { tags: [ "x_transferred", ], url: "https://github.com/containerd/containerd/releases/tag/v1.5.10", }, { tags: [ "x_transferred", ], url: "https://github.com/containerd/containerd/releases/tag/v1.6.1", }, { name: "DSA-5091", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5091", }, { name: "FEDORA-2022-dc35dd101f", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO/", }, { name: "FEDORA-2022-230f2b024b", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA/", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/166421/containerd-Image-Volume-Insecure-Handling.html", }, { name: "FEDORA-2022-d9c9bf56f6", tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3/", }, { name: "GLSA-202401-31", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202401-31", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "containerd", vendor: "containerd", versions: [ { status: "affected", version: " < 1.4.13", }, { status: "affected", version: ">= 1.5.0, < 1.5.10", }, { status: "affected", version: ">= 1.6.0, < 1.6.1", }, ], }, ], descriptions: [ { lang: "en", value: "containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-01-31T13:06:18.281051", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { url: "https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7", }, { url: "https://github.com/containerd/containerd/commit/10f428dac7cec44c864e1b830a4623af27a9fc70", }, { url: "https://github.com/containerd/containerd/releases/tag/v1.4.13", }, { url: "https://github.com/containerd/containerd/releases/tag/v1.5.10", }, { url: "https://github.com/containerd/containerd/releases/tag/v1.6.1", }, { name: "DSA-5091", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2022/dsa-5091", }, { name: "FEDORA-2022-dc35dd101f", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO/", }, { name: "FEDORA-2022-230f2b024b", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA/", }, { url: "http://packetstormsecurity.com/files/166421/containerd-Image-Volume-Insecure-Handling.html", }, { name: "FEDORA-2022-d9c9bf56f6", tags: [ "vendor-advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3/", }, { name: "GLSA-202401-31", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202401-31", }, ], source: { advisory: "GHSA-crp2-qrr5-8pq7", discovery: "UNKNOWN", }, title: "Insecure handling of image volumes in containerd CRI plugin", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2022-23648", datePublished: "2022-03-03T00:00:00", dateReserved: "2022-01-19T00:00:00", dateUpdated: "2024-08-03T03:51:45.829Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.4.13\", \"matchCriteriaId\": \"E2E44BA2-CF61-41F7-B332-C2C977368870\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.5.0\", \"versionEndExcluding\": \"1.5.10\", \"matchCriteriaId\": \"5783F746-15E8-403A-A79F-D58E4577185E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.6.0\", \"versionEndExcluding\": \"1.6.1\", \"matchCriteriaId\": \"B7A0F3E7-387E-46F4-861A-8B65EBF6548A\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A930E247-0B43-43CB-98FF-6CE7B8189835\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd\\u2019s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd\\u2019s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.\"}, {\"lang\": \"es\", \"value\": \"containerd es un tiempo de ejecuci\\u00f3n de contenedores disponible como demonio para Linux y Windows. Se ha encontrado un fallo en containerd versiones anteriores a 1.6.1, 1.5.10 y 1.14.12, en el que los contenedores lanzados mediante la implementaci\\u00f3n CRI de containerd en Linux con una configuraci\\u00f3n de imagen especialmente dise\\u00f1ada pod\\u00edan conseguir acceso a copias de s\\u00f3lo lectura de archivos y directorios arbitrarios en el host. Esto puede omitir cualquier aplicaci\\u00f3n basada en pol\\u00edticas sobre la configuraci\\u00f3n de contenedores (incluyendo una pol\\u00edtica de seguridad de Kubernetes Pod) y exponer informaci\\u00f3n potencialmente confidencial. Kubernetes y crictl pueden ser configurados para usar la implementaci\\u00f3n de CRI de containerd. Este error ha sido corregido en containerd versiones 1.6.1, 1.5.10 y 1.4.12. Los usuarios deben actualizar a estas versiones para resolver el problema\"}]", id: "CVE-2022-23648", lastModified: "2024-11-21T06:49:00.957", metrics: "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}", published: "2022-03-03T14:15:07.973", references: "[{\"url\": \"http://packetstormsecurity.com/files/166421/containerd-Image-Volume-Insecure-Handling.html\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://github.com/containerd/containerd/commit/10f428dac7cec44c864e1b830a4623af27a9fc70\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/containerd/containerd/releases/tag/v1.4.13\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/containerd/containerd/releases/tag/v1.5.10\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/containerd/containerd/releases/tag/v1.6.1\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA/\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3/\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO/\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://security.gentoo.org/glsa/202401-31\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://www.debian.org/security/2022/dsa-5091\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/166421/containerd-Image-Volume-Insecure-Handling.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://github.com/containerd/containerd/commit/10f428dac7cec44c864e1b830a4623af27a9fc70\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/containerd/containerd/releases/tag/v1.4.13\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/containerd/containerd/releases/tag/v1.5.10\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/containerd/containerd/releases/tag/v1.6.1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202401-31\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2022/dsa-5091\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}]", sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2022-23648\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-03-03T14:15:07.973\",\"lastModified\":\"2024-11-21T06:49:00.957\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.\"},{\"lang\":\"es\",\"value\":\"containerd es un tiempo de ejecución de contenedores disponible como demonio para Linux y Windows. Se ha encontrado un fallo en containerd versiones anteriores a 1.6.1, 1.5.10 y 1.14.12, en el que los contenedores lanzados mediante la implementación CRI de containerd en Linux con una configuración de imagen especialmente diseñada podían conseguir acceso a copias de sólo lectura de archivos y directorios arbitrarios en el host. Esto puede omitir cualquier aplicación basada en políticas sobre la configuración de contenedores (incluyendo una política de seguridad de Kubernetes Pod) y exponer información potencialmente confidencial. Kubernetes y crictl pueden ser configurados para usar la implementación de CRI de containerd. Este error ha sido corregido en containerd versiones 1.6.1, 1.5.10 y 1.4.12. Los usuarios deben actualizar a estas versiones para resolver el problema\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.4.13\",\"matchCriteriaId\":\"E2E44BA2-CF61-41F7-B332-C2C977368870\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.5.0\",\"versionEndExcluding\":\"1.5.10\",\"matchCriteriaId\":\"5783F746-15E8-403A-A79F-D58E4577185E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.6.0\",\"versionEndExcluding\":\"1.6.1\",\"matchCriteriaId\":\"B7A0F3E7-387E-46F4-861A-8B65EBF6548A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/166421/containerd-Image-Volume-Insecure-Handling.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/containerd/containerd/commit/10f428dac7cec44c864e1b830a4623af27a9fc70\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/containerd/containerd/releases/tag/v1.4.13\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/containerd/containerd/releases/tag/v1.5.10\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/containerd/containerd/releases/tag/v1.6.1\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://security.gentoo.org/glsa/202401-31\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://www.debian.org/security/2022/dsa-5091\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/166421/containerd-Image-Volume-Insecure-Handling.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/containerd/containerd/commit/10f428dac7cec44c864e1b830a4623af27a9fc70\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/containerd/containerd/releases/tag/v1.4.13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/containerd/containerd/releases/tag/v1.5.10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/containerd/containerd/releases/tag/v1.6.1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202401-31\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2022/dsa-5091\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}", }, }
opensuse-su-2024:12008-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
trivy-0.26.0-1.1 on GA media
Notes
Title of the patch
trivy-0.26.0-1.1 on GA media
Description of the patch
These are all security issues fixed in the trivy-0.26.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-12008
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "trivy-0.26.0-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the trivy-0.26.0-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-12008", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12008-1.json", }, { category: "self", summary: "SUSE CVE CVE-2022-23648 page", url: "https://www.suse.com/security/cve/CVE-2022-23648/", }, ], title: "trivy-0.26.0-1.1 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:12008-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "trivy-0.26.0-1.1.aarch64", product: { name: "trivy-0.26.0-1.1.aarch64", product_id: "trivy-0.26.0-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "trivy-0.26.0-1.1.ppc64le", product: { name: "trivy-0.26.0-1.1.ppc64le", product_id: "trivy-0.26.0-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "trivy-0.26.0-1.1.s390x", product: { name: "trivy-0.26.0-1.1.s390x", product_id: "trivy-0.26.0-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "trivy-0.26.0-1.1.x86_64", product: { name: "trivy-0.26.0-1.1.x86_64", product_id: "trivy-0.26.0-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "trivy-0.26.0-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:trivy-0.26.0-1.1.aarch64", }, product_reference: "trivy-0.26.0-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "trivy-0.26.0-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:trivy-0.26.0-1.1.ppc64le", }, product_reference: "trivy-0.26.0-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "trivy-0.26.0-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:trivy-0.26.0-1.1.s390x", }, product_reference: "trivy-0.26.0-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "trivy-0.26.0-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:trivy-0.26.0-1.1.x86_64", }, product_reference: "trivy-0.26.0-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2022-23648", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23648", }, ], notes: [ { category: "general", text: "containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd's CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd's CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:trivy-0.26.0-1.1.aarch64", "openSUSE Tumbleweed:trivy-0.26.0-1.1.ppc64le", "openSUSE Tumbleweed:trivy-0.26.0-1.1.s390x", "openSUSE Tumbleweed:trivy-0.26.0-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23648", url: "https://www.suse.com/security/cve/CVE-2022-23648", }, { category: "external", summary: "SUSE Bug 1196441 for CVE-2022-23648", url: "https://bugzilla.suse.com/1196441", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:trivy-0.26.0-1.1.aarch64", "openSUSE Tumbleweed:trivy-0.26.0-1.1.ppc64le", "openSUSE Tumbleweed:trivy-0.26.0-1.1.s390x", "openSUSE Tumbleweed:trivy-0.26.0-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:trivy-0.26.0-1.1.aarch64", "openSUSE Tumbleweed:trivy-0.26.0-1.1.ppc64le", "openSUSE Tumbleweed:trivy-0.26.0-1.1.s390x", "openSUSE Tumbleweed:trivy-0.26.0-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2022-23648", }, ], }
opensuse-su-2022:10094-1
Vulnerability from csaf_opensuse
Published
2022-08-20 10:02
Modified
2022-08-20 10:02
Summary
Security update for trivy
Notes
Title of the patch
Security update for trivy
Description of the patch
This update for trivy fixes the following issues:
Update to version 0.30.4:
* fix: remove the first arg when running as a plugin (#2595)
* fix: k8s controlplaner scanning (#2593)
* fix(vuln): GitLab report template (#2578)
Update to version 0.30.3:
* fix(server): use a new db worker for hot updates (#2581)
* docs: add trivy with download-db-only flag to Air-Gapped Environment (#2583)
* docs: split commands to download db for different versions of oras (#2582)
* feat(report): export exitcode for license checks (#2564)
* fix: cli can use lowercase for severities (#2565)
* fix: allow subcommands with TRIVY_RUN_AS_PLUGIN (#2577)
* fix: add missing types in TypeOSes and TypeLanguages in analyzer (#2569)
* fix: enable some features of the wasm runtime (#2575)
* fix(k8s): no error logged if trivy can't get docker image in kubernetes mode (#2521)
* docs(sbom): improve sbom attestation documentation (#2566)
Update to version 0.30.2:
* fix(report): show the summary without results (#2548)
* fix(cli): replace '-' to '_' for env vars (#2561)
Update to version 0.30.1:
* chore: remove a test repository (#2551)
* fix(license): lazy loading of classifiers (#2547)
* fix: CVE-2022-1996 in Trivy (#2499)
* docs(sbom): add sbom attestation (#2527)
* feat(rocky): set Rocky Linux 9 EOL (#2543)
* docs: add attributes to the video tag to autoplay demo videos (#2538)
* fix: yaml files with non-string chart name (#2534)
* fix: skip dirs (#2530)
* feat(repo): add support for branch, commit, & tag (#2494)
* fix: remove auto configure environment variables via viper (#2526)
Update to version 0.30.0:
* fix: separating multiple licenses from one line in dpkg copyright files (#2508)
* fix: change a capital letter for `plugin uninstall` subcommand (#2519)
* fix: k8s hide empty report when scanning resource (#2517)
* refactor: fix comments (#2516)
* fix: scan vendor dir (#2515)
* feat: Add support for license scanning (#2418)
* chore: add owners for secret scanning (#2485)
* fix: remove dependency-tree flag for image subcommand (#2492)
* fix(k8s): add shorthand for k8s namespace flag (#2495)
* docs: add information about using multiple servers to troubleshooting (#2498)
* ci: add pushing canary build images to registries (#2428)
* feat(dotnet): add support for .Net core .deps.json files (#2487)
* feat(amazon): add support for 2022 version (#2429)
* Type correction bitnami chart (#2415)
* docs: add config file and update CLI references (#2489)
* feat: add support for flag groups (#2488)
* refactor: move from urfave/cli to spf13/cobra (#2458)
* fix: Fix secrets output not containing file/lines (#2467)
* fix: clear output with modules (#2478)
* docs(cbl): distroless 1.0 supported (#2473)
* fix: Fix example dockerfile rego policy (#2460)
* fix(config): add helm to list of config analyzers (#2457)
* feat: k8s resouces scan (#2395)
* feat(sbom): add cyclonedx sbom scan (#2203)
* docs: remove links to removed content (#2431)
* ci: added rpm build for rhel 9 (#2437)
* fix(secret): remove space from asymmetric private key (#2434)
* test(integration): fix golden files for debian 9 (#2435)
* fix(cli): fix version string in docs link when secret scanning is enabled (#2422)
* refactor: move CycloneDX marshaling (#2420)
* docs(nodejs): add docs about pnpm support (#2423)
* docs: improve k8s usage documentation (#2425)
* feat: Make secrets scanning output consistant (#2410)
* ci: create canary build after main branch changes (#1638)
* fix(misconf): skip broken scans (#2396)
* feat(nodejs): add pnpm support (#2414)
* fix: Fix false positive for use of COS images (#2413)
* eliminate nerdctl dependency (#2412)
* Add EOL date for SUSE SLES 15.3, 15.4 and OpenSUSE 15.4 (#2403)
* fix(go): no cast to lowercase go package names (#2401)
* BREAKING(sbom): change 'trivy sbom' to scan SBOM (#2408)
* fix(server): hot update the db from custom repository (#2406)
* feat: added license parser for dpkg (#2381)
* fix(misconf): Update defsec (v0.68.5) to fix docker rego duplicate key (#2400)
* feat: extract stripe publishable and secret keys (#2392)
* feat: rbac support k8s sub-command (#2339)
* feat(ruby): drop platform strings from dependency versions bundled with bundler v2 (#2390)
* docs: Updating README with new CLI command (#2359)
* fix(misconf): Update defsec to v0.68.4 to resolve CF detection bug (#2383)
* chore: add integration label and merge security label (#2316)
Update to version 0.29.2:
* chore: skip Visual Studio Code project folder (#2379)
* fix(helm): handle charts with templated names (#2374)
* docs: redirect operator docs to trivy-operator repo (#2372)
* fix(secret): use secret result when determining Failed status (#2370)
* try removing libdb-dev
* run integration tests in fanal
* use same testing images in fanal
* feat(helm): add support for trivy dbRepository (#2345)
* fix: Fix failing test due to deref lint issue
* test: Fix broken test
* fix: Fix makefile when no previous named ref is visible in a shallow clone
* chore: Fix linting issues in fanal
* refactor: Fix fanal import paths and remove dotfiles
Update to version 0.29.1:
* fix(report): add required fields to the SARIF template (#2341)
* chore: fix spelling errors (#2352)
* Omit Remediation if PrimaryURL is empty (#2006)
* docs(repo): Link to installation documentation in readme shows 404 (#2348)
* feat(alma): support for scanning of modular packages for AlmaLinux (#2347)
Update to version 0.29.0:
* fix(lang): fix dependency graph in client server mode (#2336)
* feat: allow expiration date for .trivyignore entries (#2332)
* feat(lang): add dependency origin graph (#1970)
* docs: update nix installation info (#2331)
* feat: add rbac scanning support (#2328)
* refactor: move WordPress module to another repository (#2329)
* ci: add support for ppc64le (#2281)
* feat: add support for WASM modules (#2195)
* feat(secret): show recommendation for slow scanning (#2051)
* fix(flag): remove --clear-cache flag client mode (#2301)
* fix(java): added check for looping for variable evaluation in pom file (#2322)
* BREAKING(k8s): change CLI API (#2186)
* feat(alpine): add Alpine Linux 3.16 (#2319)
* ci: add `go mod tidy` check (#2314)
* chore: run `go mod tidy` (#2313)
* fix: do not exit if one resource is not found (#2311)
* feat(cli): use stderr for all log messages (resolve #381) (#2289)
* test: replace deprecated subcommand client in integration tests (#2308)
* feat: add support for containerd (#2305)
* fix(kubernetes): Support floats in manifest yaml (#2297)
* docs(kubernetes): dead links (#2307)
* chore: add license label (#2304)
* feat(mariner): added support for CBL-Mariner Distroless v2.0 (#2293)
* feat(helm): add pod annotations (#2272)
* refactor: do not import defsec in fanal types package (#2292)
* feat(report): Add misconfiguration support to ASFF report template (#2285)
* test: use images in GHCR (#2275)
* feat(helm): support pod annotations (#2265)
* feat(misconf): Helm chart scanning (#2269)
* docs: Update custom rego policy docs to reflect latest defsec/fanal changes (#2267)
* fix: mask redis credentials when logging (#2264)
* refactor: extract commands Runner interface (#2147)
* docs: update operator release (#2263)
* feat(redhat): added architecture check (#2172)
* docs: updating links in the docs to work again (#2256)
* docs: fix readme (#2251)
* fix: fixed incorrect CycloneDX output format (#2255)
* refactor(deps): move dependencies to package (#2189)
* fix(report): change github format version to required (#2229)
* docs: update readme (#2110)
* docs: added information about choosing advisory database (#2212)
* chore: update trivy-kubernetes (#2224)
* docs: clarifying parts of the k8s docs and updating links (#2222)
* fix(k8s): timeout error logging (#2179)
* chore(deps): updated fanal after fix AsymmetricPrivateKeys (#2214)
* feat(k8s): add --context flag (#2171)
* fix(k8s): properly instantiate TableWriter (#2175)
* test: fixed integration tests after updating testcontainers to v0.13.0 (#2208)
* chore: update labels (#2197)
* fix(report): fixed panic if all misconf reports were removed in filter (#2188)
* feat(k8s): scan secrets (#2178)
* feat(report): GitHub Dependency Snapshots support (#1522)
* feat(db): added insecure skip tls verify to download trivy db (#2140)
* fix(redhat): always use vulns with fixed version if there is one (#2165)
* chore(redhat): Add support for Red Hat UBI 9. (#2183)
* fix(k8s): update trivy-kubernetes (#2163)
* fix misconfig start line for code quality tpl (#2181)
* fix: update docker/distribution from 2.8.0 to 2.8.1 (#2176)
* docs(vuln): Include GitLab 15.0 integration (#2153)
* docs: fix the operator version (#2167)
* fix(k8s): summary report when when only vulns exit (#2146)
* chore(deps): Update fanal to get defsec v0.58.2 (fixes false positives in ksv038) (#2156)
* perf(misconf): Improve performance when scanning very large files (#2152)
* docs(misconf): Update examples and docs to refer to builtin/defsec instead of appshield (#2150)
* chore(deps): Update fanal (for less verbose code in misconf results) (#2151)
* docs: fixed installation instruction for rhel/centos (#2143)
Update to version 0.28.0 (boo#1199760, CVE-2022-28946):
* fix: remove Highlighted from json output (#2131)
* fix: remove trivy-kubernetes replace (#2132)
* docs: Add Operator docs under Kubernetes section (#2111)
* fix(k8s): security-checks panic (#2127)
* ci: added k8s scope (#2130)
* docs: Update misconfig output in examples (#2128)
* fix(misconf): Fix coloured output in Goland terminal (#2126)
* docs(secret): Fix default value of --security-checks in docs (#2107)
* refactor(report): move colorize function from trivy-db (#2122)
* feat: k8s resource scanning (#2118)
* chore: add CODEOWNERS (#2121)
* feat(image): add `--server` option for remote scans (#1871)
* refactor: k8s (#2116)
* refactor: export useful APIs (#2108)
* docs: fix k8s doc (#2114)
* feat(kubernetes): Add report flag for summary (#2112)
* fix: Remove problematic advanced rego policies (#2113)
* feat(misconf): Add special output format for misconfigurations (#2100)
* feat: add k8s subcommand (#2065)
* chore: fix make lint version (#2102)
* fix(java): handle relative pom modules (#2101)
* fix(misconf): Add missing links for non-rego misconfig results (#2094)
* feat(misconf): Added fs.FS based scanning via latest defsec (#2084)
* chore(os): updated fanal version and alpine distroless test (#2086)
* feat(report): add support for SPDX (#2059)
* chore: app version 0.27.0 (#2046)
* fix(misconf): added to skip conf files if their scanning is not enabled (#2066)
* docs(secret) fix rule path in docs (#2061)
* docs: change from go.sum to go.mod (#2056)
Update to version 0.27.1:
* refactor(fs): scanner options (#2050)
* feat(secret): truncate long line (#2052)
* docs: fix a broken bullets (#2042)
* feat(ubuntu): add 22.04 approx eol date (#2044)
* docs: update installation.md (#2027)
* docs: add Containerfile (#2032)
Update to version 0.27.0:
* fix(go): fixed panic to scan gomod without version (#2038)
* docs(mariner): confirm it works with Mariner 2.0 VM (#2036)
* feat(secret): support enable rules (#2035)
* chore: app version 26.0 (#2030)
* docs(secret): add a demo movie (#2031)
* feat: support cache TTL in Redis (#2021)
* fix(go): skip system installed binaries (#2028)
* fix(go): check if go.sum is nil (#2029)
* feat: add secret scanning (#1901)
* chore: gh publish only with push the tag release (#2025)
* fix(fs): ignore permission errors (#2022)
* test(mod): using correct module inside test go.mod (#2020)
* feat(server): re-add proxy support for client/server communications (#1995)
* fix(report): truncate a description before escaping in ASFF template (#2004)
* fix(cloudformation): correct margin removal for empty lines (#2002)
* fix(template): correct check of old sarif template files (#2003)
Update to version 0.26.0:
* feat(alpine): warn mixing versions (#2000)
* Update ASFF template (#1914)
* chore(deps): replace `containerd/containerd` version to fix CVE-2022-23648 (#1994)
* test(go): add integration tests for gomod (#1989)
* fix(python): fixed panic when scan .egg archive (#1992)
* fix(go): set correct go modules type (#1990)
* feat(alpine): support apk repositories (#1987)
* docs: add CBL-Mariner (#1982)
* docs(go): fix version (#1986)
* feat(go): support go.mod in Go 1.17+ (#1985)
* ci: fix URLs in the PR template (#1972)
* ci: add semantic pull requests check (#1968)
* docs(issue): added docs for wrong detection issues (#1961)
Update to version 0.25.4:
* docs: move CONTRIBUTING.md to docs (#1971)
* refactor(table): use file name instead package path (#1966)
* fix(sbom): add --db-repository (#1964)
* feat(table): add PkgPath in table result (#1960)
* fix(pom): merge multiple pom imports in a good manner (#1959)
Update to version 0.25.3:
* fix(downloadDB): add dbRepositoryFlag to repository and rootfs commands (#1956)
* fix(misconf): update BurntSushi/toml for fix runtime error (#1948)
* fix(misconf): Update fanal/defsec to resolve missing metadata issues (#1947)
* feat(jar): allow setting Maven Central URL using environment variable (#1939)
* chore(chart): update Trivy version in HelmChart to 0.25.0 (#1931)
* chore(chart): remove version comments (#1933)
Update to version 0.25.2:
* fix(downloadDB): add flag to server command (#1942)
Update to version 0.25.1:
* fix(misconf): update defsec to resolve panics (#1935)
* docs: restructure the documentation (#1887)
* Add trivy horizontal logo (#1932)
* feat(db): Add dbRepository flag to get advisory database from OCI registry (#1873)
- Buildrequire go1.18 as upstream says in go.mod
Update to version 0.25.0:
* docs(filter vulnerabilities): fix link (#1880)
* feat(template) Add misconfigurations to gitlab codequality report (#1756)
* fix(rpc): add PkgPath field to client / server mode (#1643)
* fix(vulnerabilities): fixed trivy-db vulns (#1883)
* feat(cache): remove temporary cache after filesystem scanning (#1868)
* feat(sbom): add a dedicated sbom command (#1799)
* feat(cyclonedx): add vulnerabilities (#1832)
* fix(option): hide false warning about remote options (#1865)
* feat(filesystem): scan in client/server mode (#1829)
* refactor(template): remove unused test (#1861)
* fix(cli): json format for trivy version (#1854)
* docs: change URL for tfsec-checks (#1857)
Patchnames
openSUSE-2022-10094
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for trivy", title: "Title of the patch", }, { category: "description", text: "This update for trivy fixes the following issues:\n\nUpdate to version 0.30.4:\n\n* fix: remove the first arg when running as a plugin (#2595)\n* fix: k8s controlplaner scanning (#2593)\n* fix(vuln): GitLab report template (#2578)\n\nUpdate to version 0.30.3:\n\n* fix(server): use a new db worker for hot updates (#2581)\n* docs: add trivy with download-db-only flag to Air-Gapped Environment (#2583)\n* docs: split commands to download db for different versions of oras (#2582)\n* feat(report): export exitcode for license checks (#2564)\n* fix: cli can use lowercase for severities (#2565)\n* fix: allow subcommands with TRIVY_RUN_AS_PLUGIN (#2577)\n* fix: add missing types in TypeOSes and TypeLanguages in analyzer (#2569)\n* fix: enable some features of the wasm runtime (#2575)\n* fix(k8s): no error logged if trivy can't get docker image in kubernetes mode (#2521)\n* docs(sbom): improve sbom attestation documentation (#2566)\n\nUpdate to version 0.30.2:\n\n* fix(report): show the summary without results (#2548)\n* fix(cli): replace '-' to '_' for env vars (#2561)\n\nUpdate to version 0.30.1:\n\n* chore: remove a test repository (#2551)\n* fix(license): lazy loading of classifiers (#2547)\n* fix: CVE-2022-1996 in Trivy (#2499)\n* docs(sbom): add sbom attestation (#2527)\n* feat(rocky): set Rocky Linux 9 EOL (#2543)\n* docs: add attributes to the video tag to autoplay demo videos (#2538)\n* fix: yaml files with non-string chart name (#2534)\n* fix: skip dirs (#2530)\n* feat(repo): add support for branch, commit, & tag (#2494)\n* fix: remove auto configure environment variables via viper (#2526)\n\nUpdate to version 0.30.0:\n\n* fix: separating multiple licenses from one line in dpkg copyright files (#2508)\n* fix: change a capital letter for `plugin uninstall` subcommand (#2519)\n* fix: k8s hide empty report when scanning resource (#2517)\n* refactor: fix comments (#2516)\n* fix: scan vendor dir (#2515)\n* feat: Add support for license scanning (#2418)\n* chore: add owners for secret scanning (#2485)\n* fix: remove dependency-tree flag for image subcommand (#2492)\n* fix(k8s): add shorthand for k8s namespace flag (#2495)\n* docs: add information about using multiple servers to troubleshooting (#2498)\n* ci: add pushing canary build images to registries (#2428)\n* feat(dotnet): add support for .Net core .deps.json files (#2487)\n* feat(amazon): add support for 2022 version (#2429)\n* Type correction bitnami chart (#2415)\n* docs: add config file and update CLI references (#2489)\n* feat: add support for flag groups (#2488)\n* refactor: move from urfave/cli to spf13/cobra (#2458)\n* fix: Fix secrets output not containing file/lines (#2467)\n* fix: clear output with modules (#2478)\n* docs(cbl): distroless 1.0 supported (#2473)\n* fix: Fix example dockerfile rego policy (#2460)\n* fix(config): add helm to list of config analyzers (#2457)\n* feat: k8s resouces scan (#2395)\n* feat(sbom): add cyclonedx sbom scan (#2203)\n* docs: remove links to removed content (#2431)\n* ci: added rpm build for rhel 9 (#2437)\n* fix(secret): remove space from asymmetric private key (#2434)\n* test(integration): fix golden files for debian 9 (#2435)\n* fix(cli): fix version string in docs link when secret scanning is enabled (#2422)\n* refactor: move CycloneDX marshaling (#2420)\n* docs(nodejs): add docs about pnpm support (#2423)\n* docs: improve k8s usage documentation (#2425)\n* feat: Make secrets scanning output consistant (#2410)\n* ci: create canary build after main branch changes (#1638)\n* fix(misconf): skip broken scans (#2396)\n* feat(nodejs): add pnpm support (#2414)\n* fix: Fix false positive for use of COS images (#2413)\n* eliminate nerdctl dependency (#2412)\n* Add EOL date for SUSE SLES 15.3, 15.4 and OpenSUSE 15.4 (#2403)\n* fix(go): no cast to lowercase go package names (#2401)\n* BREAKING(sbom): change 'trivy sbom' to scan SBOM (#2408)\n* fix(server): hot update the db from custom repository (#2406)\n* feat: added license parser for dpkg (#2381)\n* fix(misconf): Update defsec (v0.68.5) to fix docker rego duplicate key (#2400)\n* feat: extract stripe publishable and secret keys (#2392)\n* feat: rbac support k8s sub-command (#2339)\n* feat(ruby): drop platform strings from dependency versions bundled with bundler v2 (#2390)\n* docs: Updating README with new CLI command (#2359)\n* fix(misconf): Update defsec to v0.68.4 to resolve CF detection bug (#2383)\n* chore: add integration label and merge security label (#2316)\n\nUpdate to version 0.29.2:\n\n* chore: skip Visual Studio Code project folder (#2379)\n* fix(helm): handle charts with templated names (#2374)\n* docs: redirect operator docs to trivy-operator repo (#2372)\n* fix(secret): use secret result when determining Failed status (#2370)\n* try removing libdb-dev\n* run integration tests in fanal\n* use same testing images in fanal\n* feat(helm): add support for trivy dbRepository (#2345)\n* fix: Fix failing test due to deref lint issue\n* test: Fix broken test\n* fix: Fix makefile when no previous named ref is visible in a shallow clone\n* chore: Fix linting issues in fanal\n* refactor: Fix fanal import paths and remove dotfiles\n\nUpdate to version 0.29.1:\n\n* fix(report): add required fields to the SARIF template (#2341)\n* chore: fix spelling errors (#2352)\n* Omit Remediation if PrimaryURL is empty (#2006)\n* docs(repo): Link to installation documentation in readme shows 404 (#2348)\n* feat(alma): support for scanning of modular packages for AlmaLinux (#2347)\n\nUpdate to version 0.29.0:\n\n* fix(lang): fix dependency graph in client server mode (#2336)\n* feat: allow expiration date for .trivyignore entries (#2332)\n* feat(lang): add dependency origin graph (#1970)\n* docs: update nix installation info (#2331)\n* feat: add rbac scanning support (#2328)\n* refactor: move WordPress module to another repository (#2329)\n* ci: add support for ppc64le (#2281)\n* feat: add support for WASM modules (#2195)\n* feat(secret): show recommendation for slow scanning (#2051)\n* fix(flag): remove --clear-cache flag client mode (#2301)\n* fix(java): added check for looping for variable evaluation in pom file (#2322)\n* BREAKING(k8s): change CLI API (#2186)\n* feat(alpine): add Alpine Linux 3.16 (#2319)\n* ci: add `go mod tidy` check (#2314)\n* chore: run `go mod tidy` (#2313)\n* fix: do not exit if one resource is not found (#2311)\n* feat(cli): use stderr for all log messages (resolve #381) (#2289)\n* test: replace deprecated subcommand client in integration tests (#2308)\n* feat: add support for containerd (#2305)\n* fix(kubernetes): Support floats in manifest yaml (#2297)\n* docs(kubernetes): dead links (#2307)\n* chore: add license label (#2304)\n* feat(mariner): added support for CBL-Mariner Distroless v2.0 (#2293)\n* feat(helm): add pod annotations (#2272)\n* refactor: do not import defsec in fanal types package (#2292)\n* feat(report): Add misconfiguration support to ASFF report template (#2285)\n* test: use images in GHCR (#2275)\n* feat(helm): support pod annotations (#2265)\n* feat(misconf): Helm chart scanning (#2269)\n* docs: Update custom rego policy docs to reflect latest defsec/fanal changes (#2267)\n* fix: mask redis credentials when logging (#2264)\n* refactor: extract commands Runner interface (#2147)\n* docs: update operator release (#2263)\n* feat(redhat): added architecture check (#2172)\n* docs: updating links in the docs to work again (#2256)\n* docs: fix readme (#2251)\n* fix: fixed incorrect CycloneDX output format (#2255)\n* refactor(deps): move dependencies to package (#2189)\n* fix(report): change github format version to required (#2229)\n* docs: update readme (#2110)\n* docs: added information about choosing advisory database (#2212)\n* chore: update trivy-kubernetes (#2224)\n* docs: clarifying parts of the k8s docs and updating links (#2222)\n* fix(k8s): timeout error logging (#2179)\n* chore(deps): updated fanal after fix AsymmetricPrivateKeys (#2214)\n* feat(k8s): add --context flag (#2171)\n* fix(k8s): properly instantiate TableWriter (#2175)\n* test: fixed integration tests after updating testcontainers to v0.13.0 (#2208)\n* chore: update labels (#2197)\n* fix(report): fixed panic if all misconf reports were removed in filter (#2188)\n* feat(k8s): scan secrets (#2178)\n* feat(report): GitHub Dependency Snapshots support (#1522)\n* feat(db): added insecure skip tls verify to download trivy db (#2140)\n* fix(redhat): always use vulns with fixed version if there is one (#2165)\n* chore(redhat): Add support for Red Hat UBI 9. (#2183)\n* fix(k8s): update trivy-kubernetes (#2163)\n* fix misconfig start line for code quality tpl (#2181)\n* fix: update docker/distribution from 2.8.0 to 2.8.1 (#2176)\n* docs(vuln): Include GitLab 15.0 integration (#2153)\n* docs: fix the operator version (#2167)\n* fix(k8s): summary report when when only vulns exit (#2146)\n* chore(deps): Update fanal to get defsec v0.58.2 (fixes false positives in ksv038) (#2156)\n* perf(misconf): Improve performance when scanning very large files (#2152)\n* docs(misconf): Update examples and docs to refer to builtin/defsec instead of appshield (#2150)\n* chore(deps): Update fanal (for less verbose code in misconf results) (#2151)\n* docs: fixed installation instruction for rhel/centos (#2143)\n\nUpdate to version 0.28.0 (boo#1199760, CVE-2022-28946):\n\n* fix: remove Highlighted from json output (#2131)\n* fix: remove trivy-kubernetes replace (#2132)\n* docs: Add Operator docs under Kubernetes section (#2111)\n* fix(k8s): security-checks panic (#2127)\n* ci: added k8s scope (#2130)\n* docs: Update misconfig output in examples (#2128)\n* fix(misconf): Fix coloured output in Goland terminal (#2126)\n* docs(secret): Fix default value of --security-checks in docs (#2107)\n* refactor(report): move colorize function from trivy-db (#2122)\n* feat: k8s resource scanning (#2118)\n* chore: add CODEOWNERS (#2121)\n* feat(image): add `--server` option for remote scans (#1871)\n* refactor: k8s (#2116)\n* refactor: export useful APIs (#2108)\n* docs: fix k8s doc (#2114)\n* feat(kubernetes): Add report flag for summary (#2112)\n* fix: Remove problematic advanced rego policies (#2113)\n* feat(misconf): Add special output format for misconfigurations (#2100)\n* feat: add k8s subcommand (#2065)\n* chore: fix make lint version (#2102)\n* fix(java): handle relative pom modules (#2101)\n* fix(misconf): Add missing links for non-rego misconfig results (#2094)\n* feat(misconf): Added fs.FS based scanning via latest defsec (#2084)\n* chore(os): updated fanal version and alpine distroless test (#2086)\n* feat(report): add support for SPDX (#2059)\n* chore: app version 0.27.0 (#2046)\n* fix(misconf): added to skip conf files if their scanning is not enabled (#2066)\n* docs(secret) fix rule path in docs (#2061)\n* docs: change from go.sum to go.mod (#2056)\n\nUpdate to version 0.27.1:\n\n* refactor(fs): scanner options (#2050)\n* feat(secret): truncate long line (#2052)\n* docs: fix a broken bullets (#2042)\n* feat(ubuntu): add 22.04 approx eol date (#2044)\n* docs: update installation.md (#2027)\n* docs: add Containerfile (#2032)\n\nUpdate to version 0.27.0:\n\n* fix(go): fixed panic to scan gomod without version (#2038)\n* docs(mariner): confirm it works with Mariner 2.0 VM (#2036)\n* feat(secret): support enable rules (#2035)\n* chore: app version 26.0 (#2030)\n* docs(secret): add a demo movie (#2031)\n* feat: support cache TTL in Redis (#2021)\n* fix(go): skip system installed binaries (#2028)\n* fix(go): check if go.sum is nil (#2029)\n* feat: add secret scanning (#1901)\n* chore: gh publish only with push the tag release (#2025)\n* fix(fs): ignore permission errors (#2022)\n* test(mod): using correct module inside test go.mod (#2020)\n* feat(server): re-add proxy support for client/server communications (#1995)\n* fix(report): truncate a description before escaping in ASFF template (#2004)\n* fix(cloudformation): correct margin removal for empty lines (#2002)\n* fix(template): correct check of old sarif template files (#2003)\n\nUpdate to version 0.26.0:\n\n* feat(alpine): warn mixing versions (#2000)\n* Update ASFF template (#1914)\n* chore(deps): replace `containerd/containerd` version to fix CVE-2022-23648 (#1994)\n* test(go): add integration tests for gomod (#1989)\n* fix(python): fixed panic when scan .egg archive (#1992)\n* fix(go): set correct go modules type (#1990)\n* feat(alpine): support apk repositories (#1987)\n* docs: add CBL-Mariner (#1982)\n* docs(go): fix version (#1986)\n* feat(go): support go.mod in Go 1.17+ (#1985)\n* ci: fix URLs in the PR template (#1972)\n* ci: add semantic pull requests check (#1968)\n* docs(issue): added docs for wrong detection issues (#1961)\n\nUpdate to version 0.25.4:\n\n* docs: move CONTRIBUTING.md to docs (#1971)\n* refactor(table): use file name instead package path (#1966)\n* fix(sbom): add --db-repository (#1964)\n* feat(table): add PkgPath in table result (#1960)\n* fix(pom): merge multiple pom imports in a good manner (#1959)\n\nUpdate to version 0.25.3:\n\n* fix(downloadDB): add dbRepositoryFlag to repository and rootfs commands (#1956)\n* fix(misconf): update BurntSushi/toml for fix runtime error (#1948)\n* fix(misconf): Update fanal/defsec to resolve missing metadata issues (#1947)\n* feat(jar): allow setting Maven Central URL using environment variable (#1939)\n* chore(chart): update Trivy version in HelmChart to 0.25.0 (#1931)\n* chore(chart): remove version comments (#1933)\n\nUpdate to version 0.25.2:\n\n* fix(downloadDB): add flag to server command (#1942)\n\nUpdate to version 0.25.1:\n\n* fix(misconf): update defsec to resolve panics (#1935)\n* docs: restructure the documentation (#1887)\n* Add trivy horizontal logo (#1932)\n* feat(db): Add dbRepository flag to get advisory database from OCI registry (#1873)\n\n- Buildrequire go1.18 as upstream says in go.mod\n\nUpdate to version 0.25.0:\n\n* docs(filter vulnerabilities): fix link (#1880)\n* feat(template) Add misconfigurations to gitlab codequality report (#1756)\n* fix(rpc): add PkgPath field to client / server mode (#1643)\n* fix(vulnerabilities): fixed trivy-db vulns (#1883)\n* feat(cache): remove temporary cache after filesystem scanning (#1868)\n* feat(sbom): add a dedicated sbom command (#1799)\n* feat(cyclonedx): add vulnerabilities (#1832)\n* fix(option): hide false warning about remote options (#1865)\n* feat(filesystem): scan in client/server mode (#1829)\n* refactor(template): remove unused test (#1861)\n* fix(cli): json format for trivy version (#1854)\n* docs: change URL for tfsec-checks (#1857)\n", title: "Description of the patch", }, { category: "details", text: "openSUSE-2022-10094", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_10094-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2022:10094-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TFXT5GO737TPBRXIUOZS7A3WOJKWSJAX/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2022:10094-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TFXT5GO737TPBRXIUOZS7A3WOJKWSJAX/", }, { category: "self", summary: "SUSE Bug 1199760", url: "https://bugzilla.suse.com/1199760", }, { category: "self", summary: "SUSE CVE CVE-2022-1996 page", url: "https://www.suse.com/security/cve/CVE-2022-1996/", }, { category: "self", summary: "SUSE CVE CVE-2022-23648 page", url: "https://www.suse.com/security/cve/CVE-2022-23648/", }, { category: "self", summary: "SUSE CVE CVE-2022-28946 page", url: "https://www.suse.com/security/cve/CVE-2022-28946/", }, ], title: "Security update for trivy", tracking: { current_release_date: "2022-08-20T10:02:00Z", generator: { date: "2022-08-20T10:02:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2022:10094-1", initial_release_date: "2022-08-20T10:02:00Z", revision_history: [ { date: "2022-08-20T10:02:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "trivy-0.30.4-bp153.8.1.aarch64", product: { name: "trivy-0.30.4-bp153.8.1.aarch64", product_id: "trivy-0.30.4-bp153.8.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "trivy-0.30.4-bp153.8.1.i586", product: { name: "trivy-0.30.4-bp153.8.1.i586", product_id: "trivy-0.30.4-bp153.8.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "trivy-0.30.4-bp153.8.1.s390x", product: { name: "trivy-0.30.4-bp153.8.1.s390x", product_id: "trivy-0.30.4-bp153.8.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "trivy-0.30.4-bp153.8.1.x86_64", product: { name: "trivy-0.30.4-bp153.8.1.x86_64", product_id: "trivy-0.30.4-bp153.8.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Package Hub 15 SP3", product: { name: "SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3", }, }, { category: "product_name", name: "openSUSE Leap 15.3", product: { name: "openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.3", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "trivy-0.30.4-bp153.8.1.aarch64 as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.aarch64", }, product_reference: "trivy-0.30.4-bp153.8.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "trivy-0.30.4-bp153.8.1.i586 as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.i586", }, product_reference: "trivy-0.30.4-bp153.8.1.i586", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "trivy-0.30.4-bp153.8.1.s390x as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.s390x", }, product_reference: "trivy-0.30.4-bp153.8.1.s390x", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "trivy-0.30.4-bp153.8.1.x86_64 as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.x86_64", }, product_reference: "trivy-0.30.4-bp153.8.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "trivy-0.30.4-bp153.8.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.aarch64", }, product_reference: "trivy-0.30.4-bp153.8.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "trivy-0.30.4-bp153.8.1.i586 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.i586", }, product_reference: "trivy-0.30.4-bp153.8.1.i586", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "trivy-0.30.4-bp153.8.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.s390x", }, product_reference: "trivy-0.30.4-bp153.8.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "trivy-0.30.4-bp153.8.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.x86_64", }, product_reference: "trivy-0.30.4-bp153.8.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, ], }, vulnerabilities: [ { cve: "CVE-2022-1996", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-1996", }, ], notes: [ { category: "general", text: "Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.aarch64", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.i586", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.s390x", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.x86_64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.aarch64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.i586", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.s390x", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-1996", url: "https://www.suse.com/security/cve/CVE-2022-1996", }, { category: "external", summary: "SUSE Bug 1200528 for CVE-2022-1996", url: "https://bugzilla.suse.com/1200528", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.aarch64", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.i586", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.s390x", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.x86_64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.aarch64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.i586", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.s390x", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.aarch64", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.i586", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.s390x", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.x86_64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.aarch64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.i586", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.s390x", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-08-20T10:02:00Z", details: "critical", }, ], title: "CVE-2022-1996", }, { cve: "CVE-2022-23648", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23648", }, ], notes: [ { category: "general", text: "containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd's CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd's CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.aarch64", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.i586", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.s390x", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.x86_64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.aarch64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.i586", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.s390x", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23648", url: "https://www.suse.com/security/cve/CVE-2022-23648", }, { category: "external", summary: "SUSE Bug 1196441 for CVE-2022-23648", url: "https://bugzilla.suse.com/1196441", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.aarch64", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.i586", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.s390x", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.x86_64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.aarch64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.i586", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.s390x", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.aarch64", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.i586", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.s390x", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.x86_64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.aarch64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.i586", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.s390x", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-08-20T10:02:00Z", details: "moderate", }, ], title: "CVE-2022-23648", }, { cve: "CVE-2022-28946", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-28946", }, ], notes: [ { category: "general", text: "An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service (DoS) via triggering out-of-range memory access.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.aarch64", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.i586", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.s390x", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.x86_64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.aarch64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.i586", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.s390x", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-28946", url: "https://www.suse.com/security/cve/CVE-2022-28946", }, { category: "external", summary: "SUSE Bug 1199760 for CVE-2022-28946", url: "https://bugzilla.suse.com/1199760", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.aarch64", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.i586", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.s390x", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.x86_64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.aarch64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.i586", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.s390x", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.aarch64", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.i586", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.s390x", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.x86_64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.aarch64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.i586", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.s390x", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-08-20T10:02:00Z", details: "moderate", }, ], title: "CVE-2022-28946", }, ], }
opensuse-su-2022:10022-1
Vulnerability from csaf_opensuse
Published
2022-06-21 16:01
Modified
2022-06-21 16:01
Summary
Security update for trivy
Notes
Title of the patch
Security update for trivy
Description of the patch
This update for trivy fixes the following issues:
trivy was updated to version 0.28.0 (boo#1199760, CVE-2022-28946):
* fix: remove Highlighted from json output (#2131)
* fix: remove trivy-kubernetes replace (#2132)
* docs: Add Operator docs under Kubernetes section (#2111)
* fix(k8s): security-checks panic (#2127)
* ci: added k8s scope (#2130)
* docs: Update misconfig output in examples (#2128)
* fix(misconf): Fix coloured output in Goland terminal (#2126)
* docs(secret): Fix default value of --security-checks in docs (#2107)
* refactor(report): move colorize function from trivy-db (#2122)
* feat: k8s resource scanning (#2118)
* chore: add CODEOWNERS (#2121)
* feat(image): add `--server` option for remote scans (#1871)
* refactor: k8s (#2116)
* refactor: export useful APIs (#2108)
* docs: fix k8s doc (#2114)
* feat(kubernetes): Add report flag for summary (#2112)
* fix: Remove problematic advanced rego policies (#2113)
* feat(misconf): Add special output format for misconfigurations (#2100)
* feat: add k8s subcommand (#2065)
* chore: fix make lint version (#2102)
* fix(java): handle relative pom modules (#2101)
* fix(misconf): Add missing links for non-rego misconfig results (#2094)
* feat(misconf): Added fs.FS based scanning via latest defsec (#2084)
* chore(deps): bump trivy-issue-action to v0.0.4 (#2091)
* chore(deps): bump github.com/twitchtv/twirp (#2077)
* chore(deps): bump github.com/urfave/cli/v2 from 2.4.0 to 2.5.1 (#2074)
* chore(os): updated fanal version and alpine distroless test (#2086)
* chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.5.1 to 0.5.2 (#2075)
* chore(deps): bump github.com/samber/lo from 1.16.0 to 1.19.0 (#2076)
* feat(report): add support for SPDX (#2059)
* chore(deps): bump actions/setup-go from 2 to 3 (#2073)
* chore(deps): bump actions/cache from 3.0.1 to 3.0.2 (#2071)
* chore(deps): bump golang from 1.18.0 to 1.18.1 (#2069)
* chore(deps): bump actions/stale from 4 to 5 (#2070)
* chore(deps): bump sigstore/cosign-installer from 2.0.0 to 2.3.0 (#2072)
* chore(deps): bump github.com/open-policy-agent/opa from 0.39.0 to 0.40.0 (#2079)
* chore: app version 0.27.0 (#2046)
* fix(misconf): added to skip conf files if their scanning is not enabled (#2066)
* docs(secret) fix rule path in docs (#2061)
* docs: change from go.sum to go.mod (#2056)
Update to version 0.27.1:
* chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.5.0 to 0.5.1 (#1926)
* refactor(fs): scanner options (#2050)
* feat(secret): truncate long line (#2052)
* docs: fix a broken bullets (#2042)
* feat(ubuntu): add 22.04 approx eol date (#2044)
* docs: update installation.md (#2027)
* docs: add Containerfile (#2032)
Update to version 0.27.0:
* fix(go): fixed panic to scan gomod without version (#2038)
* docs(mariner): confirm it works with Mariner 2.0 VM (#2036)
* feat(secret): support enable rules (#2035)
* chore: app version 26.0 (#2030)
* docs(secret): add a demo movie (#2031)
* feat: support cache TTL in Redis (#2021)
* fix(go): skip system installed binaries (#2028)
* fix(go): check if go.sum is nil (#2029)
* feat: add secret scanning (#1901)
* chore: gh publish only with push the tag release (#2025)
* fix(fs): ignore permission errors (#2022)
* test(mod): using correct module inside test go.mod (#2020)
* feat(server): re-add proxy support for client/server communications (#1995)
* fix(report): truncate a description before escaping in ASFF template (#2004)
* fix(cloudformation): correct margin removal for empty lines (#2002)
* fix(template): correct check of old sarif template files (#2003)
Update to version 0.26.0:
* feat(alpine): warn mixing versions (#2000)
* Update ASFF template (#1914)
* chore(deps): replace `containerd/containerd` version to fix CVE-2022-23648 (#1994)
* chore(deps): bump alpine from 3.15.3 to 3.15.4 (#1993)
* test(go): add integration tests for gomod (#1989)
* fix(python): fixed panic when scan .egg archive (#1992)
* fix(go): set correct go modules type (#1990)
* feat(alpine): support apk repositories (#1987)
* docs: add CBL-Mariner (#1982)
* docs(go): fix version (#1986)
* feat(go): support go.mod in Go 1.17+ (#1985)
* ci: fix URLs in the PR template (#1972)
* ci: add semantic pull requests check (#1968)
* docs(issue): added docs for wrong detection issues (#1961)
Update to version 0.25.4:
* docs: move CONTRIBUTING.md to docs (#1971)
* refactor(table): use file name instead package path (#1966)
* fix(sbom): add --db-repository (#1964)
* feat(table): add PkgPath in table result (#1960)
* fix(pom): merge multiple pom imports in a good manner (#1959)
Update to version 0.25.3:
* fix(downloadDB): add dbRepositoryFlag to repository and rootfs commands (#1956)
* fix(misconf): update BurntSushi/toml for fix runtime error (#1948)
* fix(misconf): Update fanal/defsec to resolve missing metadata issues (#1947)
* feat(jar): allow setting Maven Central URL using environment variable (#1939)
* chore(chart): update Trivy version in HelmChart to 0.25.0 (#1931)
* chore(chart): remove version comments (#1933)
Update to version 0.25.2:
* fix(downloadDB): add flag to server command (#1942)
Update to version 0.25.1:
* fix(misconf): update defsec to resolve panics (#1935)
* chore(deps): bump github.com/docker/docker (#1924)
* docs: restructure the documentation (#1887)
* chore(deps): bump github.com/urfave/cli/v2 from 2.3.0 to 2.4.0 (#1923)
* chore(deps): bump actions/cache from 2 to 3.0.1 (#1920)
* chore(deps): bump actions/checkout from 2 to 3 (#1916)
* chore(deps): bump github.com/open-policy-agent/opa from 0.37.2 to 0.39.0 (#1921)
* chore(deps): bump sigstore/cosign-installer from 2.0.0 to 2.1.0 (#1919)
* chore(deps): bump helm/chart-testing-action from 2.2.0 to 2.2.1 (#1918)
* chore(deps): bump golang from 1.17 to 1.18.0 (#1915)
* Add trivy horizontal logo (#1932)
* chore(deps): bump alpine from 3.15.0 to 3.15.3 (#1917)
* chore(deps): bump github.com/go-redis/redis/v8 from 8.11.4 to 8.11.5 (#1925)
* chore(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 (#1927)
* feat(db): Add dbRepository flag to get advisory database from OCI registry (#1873)
Update to version 0.25.0:
* docs(filter vulnerabilities): fix link (#1880)
* feat(template) Add misconfigurations to gitlab codequality report (#1756)
* fix(rpc): add PkgPath field to client / server mode (#1643)
* fix(vulnerabilities): fixed trivy-db vulns (#1883)
* feat(cache): remove temporary cache after filesystem scanning (#1868)
* feat(sbom): add a dedicated sbom command (#1799)
* feat(cyclonedx): add vulnerabilities (#1832)
* fix(option): hide false warning about remote options (#1865)
* chore: bump up Go to 1.18 (#1862)
* feat(filesystem): scan in client/server mode (#1829)
* refactor(template): remove unused test (#1861)
* fix(cli): json format for trivy version (#1854)
* docs: change URL for tfsec-checks (#1857)
Patchnames
openSUSE-2022-10022
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for trivy", title: "Title of the patch", }, { category: "description", text: "This update for trivy fixes the following issues:\n\ntrivy was updated to version 0.28.0 (boo#1199760, CVE-2022-28946):\n\n* fix: remove Highlighted from json output (#2131)\n* fix: remove trivy-kubernetes replace (#2132)\n* docs: Add Operator docs under Kubernetes section (#2111)\n* fix(k8s): security-checks panic (#2127)\n* ci: added k8s scope (#2130)\n* docs: Update misconfig output in examples (#2128)\n* fix(misconf): Fix coloured output in Goland terminal (#2126)\n* docs(secret): Fix default value of --security-checks in docs (#2107)\n* refactor(report): move colorize function from trivy-db (#2122)\n* feat: k8s resource scanning (#2118)\n* chore: add CODEOWNERS (#2121)\n* feat(image): add `--server` option for remote scans (#1871)\n* refactor: k8s (#2116)\n* refactor: export useful APIs (#2108)\n* docs: fix k8s doc (#2114)\n* feat(kubernetes): Add report flag for summary (#2112)\n* fix: Remove problematic advanced rego policies (#2113)\n* feat(misconf): Add special output format for misconfigurations (#2100)\n* feat: add k8s subcommand (#2065)\n* chore: fix make lint version (#2102)\n* fix(java): handle relative pom modules (#2101)\n* fix(misconf): Add missing links for non-rego misconfig results (#2094)\n* feat(misconf): Added fs.FS based scanning via latest defsec (#2084)\n* chore(deps): bump trivy-issue-action to v0.0.4 (#2091)\n* chore(deps): bump github.com/twitchtv/twirp (#2077)\n* chore(deps): bump github.com/urfave/cli/v2 from 2.4.0 to 2.5.1 (#2074)\n* chore(os): updated fanal version and alpine distroless test (#2086)\n* chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.5.1 to 0.5.2 (#2075)\n* chore(deps): bump github.com/samber/lo from 1.16.0 to 1.19.0 (#2076)\n* feat(report): add support for SPDX (#2059)\n* chore(deps): bump actions/setup-go from 2 to 3 (#2073)\n* chore(deps): bump actions/cache from 3.0.1 to 3.0.2 (#2071)\n* chore(deps): bump golang from 1.18.0 to 1.18.1 (#2069)\n* chore(deps): bump actions/stale from 4 to 5 (#2070)\n* chore(deps): bump sigstore/cosign-installer from 2.0.0 to 2.3.0 (#2072)\n* chore(deps): bump github.com/open-policy-agent/opa from 0.39.0 to 0.40.0 (#2079)\n* chore: app version 0.27.0 (#2046)\n* fix(misconf): added to skip conf files if their scanning is not enabled (#2066)\n* docs(secret) fix rule path in docs (#2061)\n* docs: change from go.sum to go.mod (#2056)\n\nUpdate to version 0.27.1:\n\n* chore(deps): bump github.com/CycloneDX/cyclonedx-go from 0.5.0 to 0.5.1 (#1926)\n* refactor(fs): scanner options (#2050)\n* feat(secret): truncate long line (#2052)\n* docs: fix a broken bullets (#2042)\n* feat(ubuntu): add 22.04 approx eol date (#2044)\n* docs: update installation.md (#2027)\n* docs: add Containerfile (#2032)\n\nUpdate to version 0.27.0:\n\n* fix(go): fixed panic to scan gomod without version (#2038)\n* docs(mariner): confirm it works with Mariner 2.0 VM (#2036)\n* feat(secret): support enable rules (#2035)\n* chore: app version 26.0 (#2030)\n* docs(secret): add a demo movie (#2031)\n* feat: support cache TTL in Redis (#2021)\n* fix(go): skip system installed binaries (#2028)\n* fix(go): check if go.sum is nil (#2029)\n* feat: add secret scanning (#1901)\n* chore: gh publish only with push the tag release (#2025)\n* fix(fs): ignore permission errors (#2022)\n* test(mod): using correct module inside test go.mod (#2020)\n* feat(server): re-add proxy support for client/server communications (#1995)\n* fix(report): truncate a description before escaping in ASFF template (#2004)\n* fix(cloudformation): correct margin removal for empty lines (#2002)\n* fix(template): correct check of old sarif template files (#2003)\n\nUpdate to version 0.26.0:\n\n* feat(alpine): warn mixing versions (#2000)\n* Update ASFF template (#1914)\n* chore(deps): replace `containerd/containerd` version to fix CVE-2022-23648 (#1994)\n* chore(deps): bump alpine from 3.15.3 to 3.15.4 (#1993)\n* test(go): add integration tests for gomod (#1989)\n* fix(python): fixed panic when scan .egg archive (#1992)\n* fix(go): set correct go modules type (#1990)\n* feat(alpine): support apk repositories (#1987)\n* docs: add CBL-Mariner (#1982)\n* docs(go): fix version (#1986)\n* feat(go): support go.mod in Go 1.17+ (#1985)\n* ci: fix URLs in the PR template (#1972)\n* ci: add semantic pull requests check (#1968)\n* docs(issue): added docs for wrong detection issues (#1961)\n\nUpdate to version 0.25.4:\n\n* docs: move CONTRIBUTING.md to docs (#1971)\n* refactor(table): use file name instead package path (#1966)\n* fix(sbom): add --db-repository (#1964)\n* feat(table): add PkgPath in table result (#1960)\n* fix(pom): merge multiple pom imports in a good manner (#1959)\n\nUpdate to version 0.25.3:\n\n* fix(downloadDB): add dbRepositoryFlag to repository and rootfs commands (#1956)\n* fix(misconf): update BurntSushi/toml for fix runtime error (#1948)\n* fix(misconf): Update fanal/defsec to resolve missing metadata issues (#1947)\n* feat(jar): allow setting Maven Central URL using environment variable (#1939)\n* chore(chart): update Trivy version in HelmChart to 0.25.0 (#1931)\n* chore(chart): remove version comments (#1933)\n\nUpdate to version 0.25.2:\n\n* fix(downloadDB): add flag to server command (#1942)\n\nUpdate to version 0.25.1:\n\n* fix(misconf): update defsec to resolve panics (#1935)\n* chore(deps): bump github.com/docker/docker (#1924)\n* docs: restructure the documentation (#1887)\n* chore(deps): bump github.com/urfave/cli/v2 from 2.3.0 to 2.4.0 (#1923)\n* chore(deps): bump actions/cache from 2 to 3.0.1 (#1920)\n* chore(deps): bump actions/checkout from 2 to 3 (#1916)\n* chore(deps): bump github.com/open-policy-agent/opa from 0.37.2 to 0.39.0 (#1921)\n* chore(deps): bump sigstore/cosign-installer from 2.0.0 to 2.1.0 (#1919)\n* chore(deps): bump helm/chart-testing-action from 2.2.0 to 2.2.1 (#1918)\n* chore(deps): bump golang from 1.17 to 1.18.0 (#1915)\n* Add trivy horizontal logo (#1932)\n* chore(deps): bump alpine from 3.15.0 to 3.15.3 (#1917)\n* chore(deps): bump github.com/go-redis/redis/v8 from 8.11.4 to 8.11.5 (#1925)\n* chore(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 (#1927)\n* feat(db): Add dbRepository flag to get advisory database from OCI registry (#1873)\n\nUpdate to version 0.25.0:\n\n* docs(filter vulnerabilities): fix link (#1880)\n* feat(template) Add misconfigurations to gitlab codequality report (#1756)\n* fix(rpc): add PkgPath field to client / server mode (#1643)\n* fix(vulnerabilities): fixed trivy-db vulns (#1883)\n* feat(cache): remove temporary cache after filesystem scanning (#1868)\n* feat(sbom): add a dedicated sbom command (#1799)\n* feat(cyclonedx): add vulnerabilities (#1832)\n* fix(option): hide false warning about remote options (#1865)\n* chore: bump up Go to 1.18 (#1862)\n* feat(filesystem): scan in client/server mode (#1829)\n* refactor(template): remove unused test (#1861)\n* fix(cli): json format for trivy version (#1854)\n* docs: change URL for tfsec-checks (#1857)\n", title: "Description of the patch", }, { category: "details", text: "openSUSE-2022-10022", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_10022-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2022:10022-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/43ATI5PP2NX5LEC336CTPYZBZIQPNK2B/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2022:10022-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/43ATI5PP2NX5LEC336CTPYZBZIQPNK2B/", }, { category: "self", summary: "SUSE Bug 1199760", url: "https://bugzilla.suse.com/1199760", }, { category: "self", summary: "SUSE CVE CVE-2022-23648 page", url: "https://www.suse.com/security/cve/CVE-2022-23648/", }, { category: "self", summary: "SUSE CVE CVE-2022-28946 page", url: "https://www.suse.com/security/cve/CVE-2022-28946/", }, ], title: "Security update for trivy", tracking: { current_release_date: "2022-06-21T16:01:17Z", generator: { date: "2022-06-21T16:01:17Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2022:10022-1", initial_release_date: "2022-06-21T16:01:17Z", revision_history: [ { date: "2022-06-21T16:01:17Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "trivy-0.28.0-bp154.2.3.1.aarch64", product: { name: "trivy-0.28.0-bp154.2.3.1.aarch64", product_id: "trivy-0.28.0-bp154.2.3.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "trivy-0.28.0-bp154.2.3.1.i586", product: { name: "trivy-0.28.0-bp154.2.3.1.i586", product_id: "trivy-0.28.0-bp154.2.3.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "trivy-0.28.0-bp154.2.3.1.s390x", product: { name: "trivy-0.28.0-bp154.2.3.1.s390x", product_id: "trivy-0.28.0-bp154.2.3.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "trivy-0.28.0-bp154.2.3.1.x86_64", product: { name: "trivy-0.28.0-bp154.2.3.1.x86_64", product_id: "trivy-0.28.0-bp154.2.3.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Package Hub 15 SP4", product: { name: "SUSE Package Hub 15 SP4", product_id: "SUSE Package Hub 15 SP4", }, }, { category: "product_name", name: "openSUSE Leap 15.4", product: { name: "openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.4", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "trivy-0.28.0-bp154.2.3.1.aarch64 as component of SUSE Package Hub 15 SP4", product_id: "SUSE Package Hub 15 SP4:trivy-0.28.0-bp154.2.3.1.aarch64", }, product_reference: "trivy-0.28.0-bp154.2.3.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP4", }, { category: "default_component_of", full_product_name: { name: "trivy-0.28.0-bp154.2.3.1.i586 as component of SUSE Package Hub 15 SP4", product_id: "SUSE Package Hub 15 SP4:trivy-0.28.0-bp154.2.3.1.i586", }, product_reference: "trivy-0.28.0-bp154.2.3.1.i586", relates_to_product_reference: "SUSE Package Hub 15 SP4", }, { category: "default_component_of", full_product_name: { name: "trivy-0.28.0-bp154.2.3.1.s390x as component of SUSE Package Hub 15 SP4", product_id: "SUSE Package Hub 15 SP4:trivy-0.28.0-bp154.2.3.1.s390x", }, product_reference: "trivy-0.28.0-bp154.2.3.1.s390x", relates_to_product_reference: "SUSE Package Hub 15 SP4", }, { category: "default_component_of", full_product_name: { name: "trivy-0.28.0-bp154.2.3.1.x86_64 as component of SUSE Package Hub 15 SP4", product_id: "SUSE Package Hub 15 SP4:trivy-0.28.0-bp154.2.3.1.x86_64", }, product_reference: "trivy-0.28.0-bp154.2.3.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP4", }, { category: "default_component_of", full_product_name: { name: "trivy-0.28.0-bp154.2.3.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:trivy-0.28.0-bp154.2.3.1.aarch64", }, product_reference: "trivy-0.28.0-bp154.2.3.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "trivy-0.28.0-bp154.2.3.1.i586 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:trivy-0.28.0-bp154.2.3.1.i586", }, product_reference: "trivy-0.28.0-bp154.2.3.1.i586", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "trivy-0.28.0-bp154.2.3.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:trivy-0.28.0-bp154.2.3.1.s390x", }, product_reference: "trivy-0.28.0-bp154.2.3.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "trivy-0.28.0-bp154.2.3.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:trivy-0.28.0-bp154.2.3.1.x86_64", }, product_reference: "trivy-0.28.0-bp154.2.3.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, ], }, vulnerabilities: [ { cve: "CVE-2022-23648", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23648", }, ], notes: [ { category: "general", text: "containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd's CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd's CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP4:trivy-0.28.0-bp154.2.3.1.aarch64", "SUSE Package Hub 15 SP4:trivy-0.28.0-bp154.2.3.1.i586", "SUSE Package Hub 15 SP4:trivy-0.28.0-bp154.2.3.1.s390x", "SUSE Package Hub 15 SP4:trivy-0.28.0-bp154.2.3.1.x86_64", "openSUSE Leap 15.4:trivy-0.28.0-bp154.2.3.1.aarch64", "openSUSE Leap 15.4:trivy-0.28.0-bp154.2.3.1.i586", "openSUSE Leap 15.4:trivy-0.28.0-bp154.2.3.1.s390x", "openSUSE Leap 15.4:trivy-0.28.0-bp154.2.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23648", url: "https://www.suse.com/security/cve/CVE-2022-23648", }, { category: "external", summary: "SUSE Bug 1196441 for CVE-2022-23648", url: "https://bugzilla.suse.com/1196441", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP4:trivy-0.28.0-bp154.2.3.1.aarch64", "SUSE Package Hub 15 SP4:trivy-0.28.0-bp154.2.3.1.i586", "SUSE Package Hub 15 SP4:trivy-0.28.0-bp154.2.3.1.s390x", "SUSE Package Hub 15 SP4:trivy-0.28.0-bp154.2.3.1.x86_64", "openSUSE Leap 15.4:trivy-0.28.0-bp154.2.3.1.aarch64", "openSUSE Leap 15.4:trivy-0.28.0-bp154.2.3.1.i586", "openSUSE Leap 15.4:trivy-0.28.0-bp154.2.3.1.s390x", "openSUSE Leap 15.4:trivy-0.28.0-bp154.2.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP4:trivy-0.28.0-bp154.2.3.1.aarch64", "SUSE Package Hub 15 SP4:trivy-0.28.0-bp154.2.3.1.i586", "SUSE Package Hub 15 SP4:trivy-0.28.0-bp154.2.3.1.s390x", "SUSE Package Hub 15 SP4:trivy-0.28.0-bp154.2.3.1.x86_64", "openSUSE Leap 15.4:trivy-0.28.0-bp154.2.3.1.aarch64", "openSUSE Leap 15.4:trivy-0.28.0-bp154.2.3.1.i586", "openSUSE Leap 15.4:trivy-0.28.0-bp154.2.3.1.s390x", "openSUSE Leap 15.4:trivy-0.28.0-bp154.2.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-06-21T16:01:17Z", details: "moderate", }, ], title: "CVE-2022-23648", }, { cve: "CVE-2022-28946", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-28946", }, ], notes: [ { category: "general", text: "An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service (DoS) via triggering out-of-range memory access.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP4:trivy-0.28.0-bp154.2.3.1.aarch64", "SUSE Package Hub 15 SP4:trivy-0.28.0-bp154.2.3.1.i586", "SUSE Package Hub 15 SP4:trivy-0.28.0-bp154.2.3.1.s390x", "SUSE Package Hub 15 SP4:trivy-0.28.0-bp154.2.3.1.x86_64", "openSUSE Leap 15.4:trivy-0.28.0-bp154.2.3.1.aarch64", "openSUSE Leap 15.4:trivy-0.28.0-bp154.2.3.1.i586", "openSUSE Leap 15.4:trivy-0.28.0-bp154.2.3.1.s390x", "openSUSE Leap 15.4:trivy-0.28.0-bp154.2.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-28946", url: "https://www.suse.com/security/cve/CVE-2022-28946", }, { category: "external", summary: "SUSE Bug 1199760 for CVE-2022-28946", url: "https://bugzilla.suse.com/1199760", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP4:trivy-0.28.0-bp154.2.3.1.aarch64", "SUSE Package Hub 15 SP4:trivy-0.28.0-bp154.2.3.1.i586", "SUSE Package Hub 15 SP4:trivy-0.28.0-bp154.2.3.1.s390x", "SUSE Package Hub 15 SP4:trivy-0.28.0-bp154.2.3.1.x86_64", "openSUSE Leap 15.4:trivy-0.28.0-bp154.2.3.1.aarch64", "openSUSE Leap 15.4:trivy-0.28.0-bp154.2.3.1.i586", "openSUSE Leap 15.4:trivy-0.28.0-bp154.2.3.1.s390x", "openSUSE Leap 15.4:trivy-0.28.0-bp154.2.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Package Hub 15 SP4:trivy-0.28.0-bp154.2.3.1.aarch64", "SUSE Package Hub 15 SP4:trivy-0.28.0-bp154.2.3.1.i586", "SUSE Package Hub 15 SP4:trivy-0.28.0-bp154.2.3.1.s390x", "SUSE Package Hub 15 SP4:trivy-0.28.0-bp154.2.3.1.x86_64", "openSUSE Leap 15.4:trivy-0.28.0-bp154.2.3.1.aarch64", "openSUSE Leap 15.4:trivy-0.28.0-bp154.2.3.1.i586", "openSUSE Leap 15.4:trivy-0.28.0-bp154.2.3.1.s390x", "openSUSE Leap 15.4:trivy-0.28.0-bp154.2.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-06-21T16:01:17Z", details: "moderate", }, ], title: "CVE-2022-28946", }, ], }
opensuse-su-2024:11891-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
containerd-1.4.13-1.1 on GA media
Notes
Title of the patch
containerd-1.4.13-1.1 on GA media
Description of the patch
These are all security issues fixed in the containerd-1.4.13-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11891
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "containerd-1.4.13-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the containerd-1.4.13-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-11891", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11891-1.json", }, { category: "self", summary: "SUSE CVE CVE-2022-23648 page", url: "https://www.suse.com/security/cve/CVE-2022-23648/", }, ], title: "containerd-1.4.13-1.1 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:11891-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "containerd-1.4.13-1.1.aarch64", product: { name: "containerd-1.4.13-1.1.aarch64", product_id: "containerd-1.4.13-1.1.aarch64", }, }, { category: "product_version", name: "containerd-ctr-1.4.13-1.1.aarch64", product: { name: "containerd-ctr-1.4.13-1.1.aarch64", product_id: "containerd-ctr-1.4.13-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "containerd-1.4.13-1.1.ppc64le", product: { name: "containerd-1.4.13-1.1.ppc64le", product_id: "containerd-1.4.13-1.1.ppc64le", }, }, { category: "product_version", name: "containerd-ctr-1.4.13-1.1.ppc64le", product: { name: "containerd-ctr-1.4.13-1.1.ppc64le", product_id: "containerd-ctr-1.4.13-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "containerd-1.4.13-1.1.s390x", product: { name: "containerd-1.4.13-1.1.s390x", product_id: "containerd-1.4.13-1.1.s390x", }, }, { category: "product_version", name: "containerd-ctr-1.4.13-1.1.s390x", product: { name: "containerd-ctr-1.4.13-1.1.s390x", product_id: "containerd-ctr-1.4.13-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "containerd-1.4.13-1.1.x86_64", product: { name: "containerd-1.4.13-1.1.x86_64", product_id: "containerd-1.4.13-1.1.x86_64", }, }, { category: "product_version", name: "containerd-ctr-1.4.13-1.1.x86_64", product: { name: "containerd-ctr-1.4.13-1.1.x86_64", product_id: "containerd-ctr-1.4.13-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "containerd-1.4.13-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:containerd-1.4.13-1.1.aarch64", }, product_reference: "containerd-1.4.13-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.13-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:containerd-1.4.13-1.1.ppc64le", }, product_reference: "containerd-1.4.13-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.13-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:containerd-1.4.13-1.1.s390x", }, product_reference: "containerd-1.4.13-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.13-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:containerd-1.4.13-1.1.x86_64", }, product_reference: "containerd-1.4.13-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.4.13-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:containerd-ctr-1.4.13-1.1.aarch64", }, product_reference: "containerd-ctr-1.4.13-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.4.13-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:containerd-ctr-1.4.13-1.1.ppc64le", }, product_reference: "containerd-ctr-1.4.13-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.4.13-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:containerd-ctr-1.4.13-1.1.s390x", }, product_reference: "containerd-ctr-1.4.13-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.4.13-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:containerd-ctr-1.4.13-1.1.x86_64", }, product_reference: "containerd-ctr-1.4.13-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2022-23648", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23648", }, ], notes: [ { category: "general", text: "containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd's CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd's CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:containerd-1.4.13-1.1.aarch64", "openSUSE Tumbleweed:containerd-1.4.13-1.1.ppc64le", "openSUSE Tumbleweed:containerd-1.4.13-1.1.s390x", "openSUSE Tumbleweed:containerd-1.4.13-1.1.x86_64", "openSUSE Tumbleweed:containerd-ctr-1.4.13-1.1.aarch64", "openSUSE Tumbleweed:containerd-ctr-1.4.13-1.1.ppc64le", "openSUSE Tumbleweed:containerd-ctr-1.4.13-1.1.s390x", "openSUSE Tumbleweed:containerd-ctr-1.4.13-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23648", url: "https://www.suse.com/security/cve/CVE-2022-23648", }, { category: "external", summary: "SUSE Bug 1196441 for CVE-2022-23648", url: "https://bugzilla.suse.com/1196441", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:containerd-1.4.13-1.1.aarch64", "openSUSE Tumbleweed:containerd-1.4.13-1.1.ppc64le", "openSUSE Tumbleweed:containerd-1.4.13-1.1.s390x", "openSUSE Tumbleweed:containerd-1.4.13-1.1.x86_64", "openSUSE Tumbleweed:containerd-ctr-1.4.13-1.1.aarch64", "openSUSE Tumbleweed:containerd-ctr-1.4.13-1.1.ppc64le", "openSUSE Tumbleweed:containerd-ctr-1.4.13-1.1.s390x", "openSUSE Tumbleweed:containerd-ctr-1.4.13-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:containerd-1.4.13-1.1.aarch64", "openSUSE Tumbleweed:containerd-1.4.13-1.1.ppc64le", "openSUSE Tumbleweed:containerd-1.4.13-1.1.s390x", "openSUSE Tumbleweed:containerd-1.4.13-1.1.x86_64", "openSUSE Tumbleweed:containerd-ctr-1.4.13-1.1.aarch64", "openSUSE Tumbleweed:containerd-ctr-1.4.13-1.1.ppc64le", "openSUSE Tumbleweed:containerd-ctr-1.4.13-1.1.s390x", "openSUSE Tumbleweed:containerd-ctr-1.4.13-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2022-23648", }, ], }
opensuse-su-2022:0720-1
Vulnerability from csaf_opensuse
Published
2022-03-04 09:20
Modified
2022-03-04 09:20
Summary
Security update for containerd
Notes
Title of the patch
Security update for containerd
Description of the patch
This update for containerd fixes the following issues:
- CVE-2022-23648: A specially-crafted image configuration could gain access to
read-only copies of arbitrary files and directories on the host (bsc#1196441).
Patchnames
openSUSE-SLE-15.3-2022-720,openSUSE-SLE-15.4-2022-720
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for containerd", title: "Title of the patch", }, { category: "description", text: "This update for containerd fixes the following issues:\n\n- CVE-2022-23648: A specially-crafted image configuration could gain access to \n read-only copies of arbitrary files and directories on the host (bsc#1196441).\n", title: "Description of the patch", }, { category: "details", text: "openSUSE-SLE-15.3-2022-720,openSUSE-SLE-15.4-2022-720", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_0720-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2022:0720-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZII6Q7ZAGJJ37CB2SMGVMILNG766D3EX/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2022:0720-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZII6Q7ZAGJJ37CB2SMGVMILNG766D3EX/", }, { category: "self", summary: "SUSE Bug 1196441", url: "https://bugzilla.suse.com/1196441", }, { category: "self", summary: "SUSE CVE CVE-2022-23648 page", url: "https://www.suse.com/security/cve/CVE-2022-23648/", }, ], title: "Security update for containerd", tracking: { current_release_date: "2022-03-04T09:20:44Z", generator: { date: "2022-03-04T09:20:44Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2022:0720-1", initial_release_date: "2022-03-04T09:20:44Z", revision_history: [ { date: "2022-03-04T09:20:44Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "containerd-1.4.12-63.1.aarch64", product: { name: "containerd-1.4.12-63.1.aarch64", product_id: "containerd-1.4.12-63.1.aarch64", }, }, { category: "product_version", name: "containerd-ctr-1.4.12-63.1.aarch64", product: { name: "containerd-ctr-1.4.12-63.1.aarch64", product_id: "containerd-ctr-1.4.12-63.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "containerd-1.4.12-63.1.ppc64le", product: { name: "containerd-1.4.12-63.1.ppc64le", product_id: "containerd-1.4.12-63.1.ppc64le", }, }, { category: "product_version", name: "containerd-ctr-1.4.12-63.1.ppc64le", product: { name: "containerd-ctr-1.4.12-63.1.ppc64le", product_id: "containerd-ctr-1.4.12-63.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "containerd-1.4.12-63.1.s390x", product: { name: "containerd-1.4.12-63.1.s390x", product_id: "containerd-1.4.12-63.1.s390x", }, }, { category: "product_version", name: "containerd-ctr-1.4.12-63.1.s390x", product: { name: "containerd-ctr-1.4.12-63.1.s390x", product_id: "containerd-ctr-1.4.12-63.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "containerd-1.4.12-63.1.x86_64", product: { name: "containerd-1.4.12-63.1.x86_64", product_id: "containerd-1.4.12-63.1.x86_64", }, }, { category: "product_version", name: "containerd-ctr-1.4.12-63.1.x86_64", product: { name: "containerd-ctr-1.4.12-63.1.x86_64", product_id: "containerd-ctr-1.4.12-63.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Leap 15.3", product: { name: "openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.3", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "containerd-1.4.12-63.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:containerd-1.4.12-63.1.aarch64", }, product_reference: "containerd-1.4.12-63.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.12-63.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:containerd-1.4.12-63.1.ppc64le", }, product_reference: "containerd-1.4.12-63.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.12-63.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:containerd-1.4.12-63.1.s390x", }, product_reference: "containerd-1.4.12-63.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.12-63.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:containerd-1.4.12-63.1.x86_64", }, product_reference: "containerd-1.4.12-63.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.4.12-63.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:containerd-ctr-1.4.12-63.1.aarch64", }, product_reference: "containerd-ctr-1.4.12-63.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.4.12-63.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:containerd-ctr-1.4.12-63.1.ppc64le", }, product_reference: "containerd-ctr-1.4.12-63.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.4.12-63.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:containerd-ctr-1.4.12-63.1.s390x", }, product_reference: "containerd-ctr-1.4.12-63.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.4.12-63.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:containerd-ctr-1.4.12-63.1.x86_64", }, product_reference: "containerd-ctr-1.4.12-63.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, ], }, vulnerabilities: [ { cve: "CVE-2022-23648", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23648", }, ], notes: [ { category: "general", text: "containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd's CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd's CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Leap 15.3:containerd-1.4.12-63.1.aarch64", "openSUSE Leap 15.3:containerd-1.4.12-63.1.ppc64le", "openSUSE Leap 15.3:containerd-1.4.12-63.1.s390x", "openSUSE Leap 15.3:containerd-1.4.12-63.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.4.12-63.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.4.12-63.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.4.12-63.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.4.12-63.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23648", url: "https://www.suse.com/security/cve/CVE-2022-23648", }, { category: "external", summary: "SUSE Bug 1196441 for CVE-2022-23648", url: "https://bugzilla.suse.com/1196441", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Leap 15.3:containerd-1.4.12-63.1.aarch64", "openSUSE Leap 15.3:containerd-1.4.12-63.1.ppc64le", "openSUSE Leap 15.3:containerd-1.4.12-63.1.s390x", "openSUSE Leap 15.3:containerd-1.4.12-63.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.4.12-63.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.4.12-63.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.4.12-63.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.4.12-63.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "openSUSE Leap 15.3:containerd-1.4.12-63.1.aarch64", "openSUSE Leap 15.3:containerd-1.4.12-63.1.ppc64le", "openSUSE Leap 15.3:containerd-1.4.12-63.1.s390x", "openSUSE Leap 15.3:containerd-1.4.12-63.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.4.12-63.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.4.12-63.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.4.12-63.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.4.12-63.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-03-04T09:20:44Z", details: "moderate", }, ], title: "CVE-2022-23648", }, ], }
suse-su-2022:0720-1
Vulnerability from csaf_suse
Published
2022-03-04 09:20
Modified
2022-03-04 09:20
Summary
Security update for containerd
Notes
Title of the patch
Security update for containerd
Description of the patch
This update for containerd fixes the following issues:
- CVE-2022-23648: A specially-crafted image configuration could gain access to
read-only copies of arbitrary files and directories on the host (bsc#1196441).
Patchnames
SUSE-2022-720,SUSE-SLE-Module-Containers-15-SP3-2022-720,SUSE-SUSE-MicroOS-5.0-2022-720,SUSE-SUSE-MicroOS-5.1-2022-720
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for containerd", title: "Title of the patch", }, { category: "description", text: "This update for containerd fixes the following issues:\n\n- CVE-2022-23648: A specially-crafted image configuration could gain access to \n read-only copies of arbitrary files and directories on the host (bsc#1196441).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2022-720,SUSE-SLE-Module-Containers-15-SP3-2022-720,SUSE-SUSE-MicroOS-5.0-2022-720,SUSE-SUSE-MicroOS-5.1-2022-720", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_0720-1.json", }, { category: "self", summary: "URL for SUSE-SU-2022:0720-1", url: "https://www.suse.com/support/update/announcement/2022/suse-su-20220720-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2022:0720-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010353.html", }, { category: "self", summary: "SUSE Bug 1196441", url: "https://bugzilla.suse.com/1196441", }, { category: "self", summary: "SUSE CVE CVE-2022-23648 page", url: "https://www.suse.com/security/cve/CVE-2022-23648/", }, ], title: "Security update for containerd", tracking: { current_release_date: "2022-03-04T09:20:48Z", generator: { date: "2022-03-04T09:20:48Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2022:0720-1", initial_release_date: "2022-03-04T09:20:48Z", revision_history: [ { date: "2022-03-04T09:20:48Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "containerd-1.4.12-63.1.aarch64", product: { name: "containerd-1.4.12-63.1.aarch64", product_id: "containerd-1.4.12-63.1.aarch64", }, }, { category: "product_version", name: "containerd-ctr-1.4.12-63.1.aarch64", product: { name: "containerd-ctr-1.4.12-63.1.aarch64", product_id: "containerd-ctr-1.4.12-63.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "containerd-1.4.12-63.1.i586", product: { name: "containerd-1.4.12-63.1.i586", product_id: "containerd-1.4.12-63.1.i586", }, }, { category: "product_version", name: "containerd-ctr-1.4.12-63.1.i586", product: { name: "containerd-ctr-1.4.12-63.1.i586", product_id: "containerd-ctr-1.4.12-63.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "containerd-1.4.12-63.1.ppc64le", product: { name: "containerd-1.4.12-63.1.ppc64le", product_id: "containerd-1.4.12-63.1.ppc64le", }, }, { category: "product_version", name: "containerd-ctr-1.4.12-63.1.ppc64le", product: { name: "containerd-ctr-1.4.12-63.1.ppc64le", product_id: "containerd-ctr-1.4.12-63.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "containerd-1.4.12-63.1.s390x", product: { name: "containerd-1.4.12-63.1.s390x", product_id: "containerd-1.4.12-63.1.s390x", }, }, { category: "product_version", name: "containerd-ctr-1.4.12-63.1.s390x", product: { name: "containerd-ctr-1.4.12-63.1.s390x", product_id: "containerd-ctr-1.4.12-63.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "containerd-1.4.12-63.1.x86_64", product: { name: "containerd-1.4.12-63.1.x86_64", product_id: "containerd-1.4.12-63.1.x86_64", }, }, { category: "product_version", name: "containerd-ctr-1.4.12-63.1.x86_64", product: { name: "containerd-ctr-1.4.12-63.1.x86_64", product_id: "containerd-ctr-1.4.12-63.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Containers 15 SP3", product: { name: "SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-containers:15:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Micro 5.0", product: { name: "SUSE Linux Enterprise Micro 5.0", product_id: "SUSE Linux Enterprise Micro 5.0", product_identification_helper: { cpe: "cpe:/o:suse:suse-microos:5.0", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Micro 5.1", product: { name: "SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1", product_identification_helper: { cpe: "cpe:/o:suse:suse-microos:5.1", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "containerd-1.4.12-63.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.12-63.1.aarch64", }, product_reference: "containerd-1.4.12-63.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.12-63.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.12-63.1.ppc64le", }, product_reference: "containerd-1.4.12-63.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.12-63.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.12-63.1.s390x", }, product_reference: "containerd-1.4.12-63.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.12-63.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.12-63.1.x86_64", }, product_reference: "containerd-1.4.12-63.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.12-63.1.aarch64 as component of SUSE Linux Enterprise Micro 5.0", product_id: "SUSE Linux Enterprise Micro 5.0:containerd-1.4.12-63.1.aarch64", }, product_reference: "containerd-1.4.12-63.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.0", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.12-63.1.x86_64 as component of SUSE Linux Enterprise Micro 5.0", product_id: "SUSE Linux Enterprise Micro 5.0:containerd-1.4.12-63.1.x86_64", }, product_reference: "containerd-1.4.12-63.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.0", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.12-63.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:containerd-1.4.12-63.1.aarch64", }, product_reference: "containerd-1.4.12-63.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.12-63.1.s390x as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:containerd-1.4.12-63.1.s390x", }, product_reference: "containerd-1.4.12-63.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.12-63.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:containerd-1.4.12-63.1.x86_64", }, product_reference: "containerd-1.4.12-63.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, ], }, vulnerabilities: [ { cve: "CVE-2022-23648", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23648", }, ], notes: [ { category: "general", text: "containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd's CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd's CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.0:containerd-1.4.12-63.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.12-63.1.x86_64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.12-63.1.aarch64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.12-63.1.s390x", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.12-63.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.12-63.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.12-63.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.12-63.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.12-63.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23648", url: "https://www.suse.com/security/cve/CVE-2022-23648", }, { category: "external", summary: "SUSE Bug 1196441 for CVE-2022-23648", url: "https://bugzilla.suse.com/1196441", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.0:containerd-1.4.12-63.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.12-63.1.x86_64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.12-63.1.aarch64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.12-63.1.s390x", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.12-63.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.12-63.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.12-63.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.12-63.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.12-63.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.0:containerd-1.4.12-63.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.4.12-63.1.x86_64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.12-63.1.aarch64", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.12-63.1.s390x", "SUSE Linux Enterprise Micro 5.1:containerd-1.4.12-63.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.12-63.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.12-63.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.12-63.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.4.12-63.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-03-04T09:20:48Z", details: "moderate", }, ], title: "CVE-2022-23648", }, ], }
suse-su-2022:1507-1
Vulnerability from csaf_suse
Published
2022-05-03 14:08
Modified
2022-05-03 14:08
Summary
Security update for containerd, docker
Notes
Title of the patch
Security update for containerd, docker
Description of the patch
This update for containerd, docker fixes the following issues:
- CVE-2022-24769: Fixed incorrect default inheritable capabilities (bsc#1197517).
- CVE-2022-23648: Fixed directory traversal issue (bsc#1196441).
- CVE-2021-41190: Fixed parsing confusions in OCI manifest and index (bsc#1193273).
- CVE-2022-27191: Fixed a crash in a golang.org/x/crypto/ssh server (bsc#1197284).
- CVE-2021-43565: Fixed a panic in golang.org/x/crypto by empty plaintext packet (bsc#1193930).
Patchnames
SUSE-2022-1507,SUSE-SLE-Module-Containers-12-2022-1507
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for containerd, docker", title: "Title of the patch", }, { category: "description", text: "This update for containerd, docker fixes the following issues:\n\n- CVE-2022-24769: Fixed incorrect default inheritable capabilities (bsc#1197517).\n- CVE-2022-23648: Fixed directory traversal issue (bsc#1196441).\n- CVE-2021-41190: Fixed parsing confusions in OCI manifest and index (bsc#1193273).\n- CVE-2022-27191: Fixed a crash in a golang.org/x/crypto/ssh server (bsc#1197284).\n- CVE-2021-43565: Fixed a panic in golang.org/x/crypto by empty plaintext packet (bsc#1193930).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2022-1507,SUSE-SLE-Module-Containers-12-2022-1507", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_1507-1.json", }, { category: "self", summary: "URL for SUSE-SU-2022:1507-1", url: "https://www.suse.com/support/update/announcement/2022/suse-su-20221507-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2022:1507-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-May/010921.html", }, { category: "self", summary: "SUSE Bug 1192814", url: "https://bugzilla.suse.com/1192814", }, { category: "self", summary: "SUSE Bug 1193273", url: "https://bugzilla.suse.com/1193273", }, { category: "self", summary: "SUSE Bug 1193930", url: "https://bugzilla.suse.com/1193930", }, { category: "self", summary: "SUSE Bug 1196441", url: "https://bugzilla.suse.com/1196441", }, { category: "self", summary: "SUSE Bug 1197284", url: "https://bugzilla.suse.com/1197284", }, { category: "self", summary: "SUSE Bug 1197517", url: "https://bugzilla.suse.com/1197517", }, { category: "self", summary: "SUSE CVE CVE-2021-41190 page", url: "https://www.suse.com/security/cve/CVE-2021-41190/", }, { category: "self", summary: "SUSE CVE CVE-2021-43565 page", url: "https://www.suse.com/security/cve/CVE-2021-43565/", }, { category: "self", summary: "SUSE CVE CVE-2022-23648 page", url: "https://www.suse.com/security/cve/CVE-2022-23648/", }, { category: "self", summary: "SUSE CVE CVE-2022-24769 page", url: "https://www.suse.com/security/cve/CVE-2022-24769/", }, { category: "self", summary: "SUSE CVE CVE-2022-27191 page", url: "https://www.suse.com/security/cve/CVE-2022-27191/", }, ], title: "Security update for containerd, docker", tracking: { current_release_date: "2022-05-03T14:08:25Z", generator: { date: "2022-05-03T14:08:25Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2022:1507-1", initial_release_date: "2022-05-03T14:08:25Z", revision_history: [ { date: "2022-05-03T14:08:25Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "containerd-1.5.11-16.57.1.aarch64", product: { name: "containerd-1.5.11-16.57.1.aarch64", product_id: "containerd-1.5.11-16.57.1.aarch64", }, }, { category: "product_version", name: "containerd-ctr-1.5.11-16.57.1.aarch64", product: { name: "containerd-ctr-1.5.11-16.57.1.aarch64", product_id: "containerd-ctr-1.5.11-16.57.1.aarch64", }, }, { category: "product_version", name: "docker-20.10.14_ce-98.80.1.aarch64", product: { name: "docker-20.10.14_ce-98.80.1.aarch64", product_id: "docker-20.10.14_ce-98.80.1.aarch64", }, }, { category: "product_version", name: "docker-kubic-20.10.14_ce-98.80.1.aarch64", product: { name: "docker-kubic-20.10.14_ce-98.80.1.aarch64", product_id: "docker-kubic-20.10.14_ce-98.80.1.aarch64", }, }, { category: "product_version", name: "docker-kubic-kubeadm-criconfig-20.10.14_ce-98.80.1.aarch64", product: { name: "docker-kubic-kubeadm-criconfig-20.10.14_ce-98.80.1.aarch64", product_id: "docker-kubic-kubeadm-criconfig-20.10.14_ce-98.80.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "containerd-1.5.11-16.57.1.i586", product: { name: "containerd-1.5.11-16.57.1.i586", product_id: "containerd-1.5.11-16.57.1.i586", }, }, { category: "product_version", name: "containerd-ctr-1.5.11-16.57.1.i586", product: { name: "containerd-ctr-1.5.11-16.57.1.i586", product_id: "containerd-ctr-1.5.11-16.57.1.i586", }, }, { category: "product_version", name: "docker-20.10.14_ce-98.80.1.i586", product: { name: "docker-20.10.14_ce-98.80.1.i586", product_id: "docker-20.10.14_ce-98.80.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "docker-bash-completion-20.10.14_ce-98.80.1.noarch", product: { name: "docker-bash-completion-20.10.14_ce-98.80.1.noarch", product_id: "docker-bash-completion-20.10.14_ce-98.80.1.noarch", }, }, { category: "product_version", name: "docker-fish-completion-20.10.14_ce-98.80.1.noarch", product: { name: "docker-fish-completion-20.10.14_ce-98.80.1.noarch", product_id: "docker-fish-completion-20.10.14_ce-98.80.1.noarch", }, }, { category: "product_version", name: "docker-kubic-bash-completion-20.10.14_ce-98.80.1.noarch", product: { name: "docker-kubic-bash-completion-20.10.14_ce-98.80.1.noarch", product_id: "docker-kubic-bash-completion-20.10.14_ce-98.80.1.noarch", }, }, { category: "product_version", name: "docker-kubic-fish-completion-20.10.14_ce-98.80.1.noarch", product: { name: "docker-kubic-fish-completion-20.10.14_ce-98.80.1.noarch", product_id: "docker-kubic-fish-completion-20.10.14_ce-98.80.1.noarch", }, }, { category: "product_version", name: "docker-kubic-zsh-completion-20.10.14_ce-98.80.1.noarch", product: { name: "docker-kubic-zsh-completion-20.10.14_ce-98.80.1.noarch", product_id: "docker-kubic-zsh-completion-20.10.14_ce-98.80.1.noarch", }, }, { category: "product_version", name: "docker-zsh-completion-20.10.14_ce-98.80.1.noarch", product: { name: "docker-zsh-completion-20.10.14_ce-98.80.1.noarch", product_id: "docker-zsh-completion-20.10.14_ce-98.80.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "containerd-1.5.11-16.57.1.ppc64le", product: { name: "containerd-1.5.11-16.57.1.ppc64le", product_id: "containerd-1.5.11-16.57.1.ppc64le", }, }, { category: "product_version", name: "containerd-ctr-1.5.11-16.57.1.ppc64le", product: { name: "containerd-ctr-1.5.11-16.57.1.ppc64le", product_id: "containerd-ctr-1.5.11-16.57.1.ppc64le", }, }, { category: "product_version", name: "docker-20.10.14_ce-98.80.1.ppc64le", product: { name: "docker-20.10.14_ce-98.80.1.ppc64le", product_id: "docker-20.10.14_ce-98.80.1.ppc64le", }, }, { category: "product_version", name: "docker-kubic-20.10.14_ce-98.80.1.ppc64le", product: { name: "docker-kubic-20.10.14_ce-98.80.1.ppc64le", product_id: "docker-kubic-20.10.14_ce-98.80.1.ppc64le", }, }, { category: "product_version", name: "docker-kubic-kubeadm-criconfig-20.10.14_ce-98.80.1.ppc64le", product: { name: "docker-kubic-kubeadm-criconfig-20.10.14_ce-98.80.1.ppc64le", product_id: "docker-kubic-kubeadm-criconfig-20.10.14_ce-98.80.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "containerd-1.5.11-16.57.1.s390x", product: { name: "containerd-1.5.11-16.57.1.s390x", product_id: "containerd-1.5.11-16.57.1.s390x", }, }, { category: "product_version", name: "containerd-ctr-1.5.11-16.57.1.s390x", product: { name: "containerd-ctr-1.5.11-16.57.1.s390x", product_id: "containerd-ctr-1.5.11-16.57.1.s390x", }, }, { category: "product_version", name: "docker-20.10.14_ce-98.80.1.s390x", product: { name: "docker-20.10.14_ce-98.80.1.s390x", product_id: "docker-20.10.14_ce-98.80.1.s390x", }, }, { category: "product_version", name: "docker-kubic-20.10.14_ce-98.80.1.s390x", product: { name: "docker-kubic-20.10.14_ce-98.80.1.s390x", product_id: "docker-kubic-20.10.14_ce-98.80.1.s390x", }, }, { category: "product_version", name: "docker-kubic-kubeadm-criconfig-20.10.14_ce-98.80.1.s390x", product: { name: "docker-kubic-kubeadm-criconfig-20.10.14_ce-98.80.1.s390x", product_id: "docker-kubic-kubeadm-criconfig-20.10.14_ce-98.80.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "containerd-1.5.11-16.57.1.x86_64", product: { name: "containerd-1.5.11-16.57.1.x86_64", product_id: "containerd-1.5.11-16.57.1.x86_64", }, }, { category: "product_version", name: "containerd-ctr-1.5.11-16.57.1.x86_64", product: { name: "containerd-ctr-1.5.11-16.57.1.x86_64", product_id: "containerd-ctr-1.5.11-16.57.1.x86_64", }, }, { category: "product_version", name: "docker-20.10.14_ce-98.80.1.x86_64", product: { name: "docker-20.10.14_ce-98.80.1.x86_64", product_id: "docker-20.10.14_ce-98.80.1.x86_64", }, }, { category: "product_version", name: "docker-kubic-20.10.14_ce-98.80.1.x86_64", product: { name: "docker-kubic-20.10.14_ce-98.80.1.x86_64", product_id: "docker-kubic-20.10.14_ce-98.80.1.x86_64", }, }, { category: "product_version", name: "docker-kubic-kubeadm-criconfig-20.10.14_ce-98.80.1.x86_64", product: { name: "docker-kubic-kubeadm-criconfig-20.10.14_ce-98.80.1.x86_64", product_id: "docker-kubic-kubeadm-criconfig-20.10.14_ce-98.80.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Containers 12", product: { name: "SUSE Linux Enterprise Module for Containers 12", product_id: "SUSE Linux Enterprise Module for Containers 12", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-containers:12", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-16.57.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 12", product_id: "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.ppc64le", }, product_reference: "containerd-1.5.11-16.57.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 12", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-16.57.1.s390x as component of SUSE Linux Enterprise Module for Containers 12", product_id: "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.s390x", }, product_reference: "containerd-1.5.11-16.57.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 12", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-16.57.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 12", product_id: "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.x86_64", }, product_reference: "containerd-1.5.11-16.57.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 12", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-98.80.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 12", product_id: "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.ppc64le", }, product_reference: "docker-20.10.14_ce-98.80.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 12", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-98.80.1.s390x as component of SUSE Linux Enterprise Module for Containers 12", product_id: "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.s390x", }, product_reference: "docker-20.10.14_ce-98.80.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 12", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-98.80.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 12", product_id: "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.x86_64", }, product_reference: "docker-20.10.14_ce-98.80.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 12", }, ], }, vulnerabilities: [ { cve: "CVE-2021-41190", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-41190", }, ], notes: [ { category: "general", text: "The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both \"manifests\" and \"layers\" fields could be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a client may interpret the resulting content differently. The OCI Distribution Specification has been updated to require that a mediaType value present in a manifest or index match the Content-Type header used during the push and pull operations. Clients pulling from a registry may distrust the Content-Type header and reject an ambiguous document that contains both \"manifests\" and \"layers\" fields or \"manifests\" and \"config\" fields if they are unable to update to version 1.0.1 of the spec.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.s390x", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-41190", url: "https://www.suse.com/security/cve/CVE-2021-41190", }, { category: "external", summary: "SUSE Bug 1193273 for CVE-2021-41190", url: "https://bugzilla.suse.com/1193273", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.s390x", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.s390x", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-05-03T14:08:25Z", details: "moderate", }, ], title: "CVE-2021-41190", }, { cve: "CVE-2021-43565", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-43565", }, ], notes: [ { category: "general", text: "The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.s390x", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2021-43565", url: "https://www.suse.com/security/cve/CVE-2021-43565", }, { category: "external", summary: "SUSE Bug 1193930 for CVE-2021-43565", url: "https://bugzilla.suse.com/1193930", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.s390x", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.s390x", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-05-03T14:08:25Z", details: "important", }, ], title: "CVE-2021-43565", }, { cve: "CVE-2022-23648", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23648", }, ], notes: [ { category: "general", text: "containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd's CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd's CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.s390x", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23648", url: "https://www.suse.com/security/cve/CVE-2022-23648", }, { category: "external", summary: "SUSE Bug 1196441 for CVE-2022-23648", url: "https://bugzilla.suse.com/1196441", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.s390x", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.s390x", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-05-03T14:08:25Z", details: "moderate", }, ], title: "CVE-2022-23648", }, { cve: "CVE-2022-24769", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-24769", }, ], notes: [ { category: "general", text: "Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.s390x", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-24769", url: "https://www.suse.com/security/cve/CVE-2022-24769", }, { category: "external", summary: "SUSE Bug 1197517 for CVE-2022-24769", url: "https://bugzilla.suse.com/1197517", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.s390x", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.s390x", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-05-03T14:08:25Z", details: "moderate", }, ], title: "CVE-2022-24769", }, { cve: "CVE-2022-27191", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-27191", }, ], notes: [ { category: "general", text: "The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.s390x", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-27191", url: "https://www.suse.com/security/cve/CVE-2022-27191", }, { category: "external", summary: "SUSE Bug 1197284 for CVE-2022-27191", url: "https://bugzilla.suse.com/1197284", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.s390x", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.5.11-16.57.1.x86_64", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.s390x", "SUSE Linux Enterprise Module for Containers 12:docker-20.10.14_ce-98.80.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-05-03T14:08:25Z", details: "important", }, ], title: "CVE-2022-27191", }, ], }
suse-su-2022:0719-1
Vulnerability from csaf_suse
Published
2022-03-04 09:19
Modified
2022-03-04 09:19
Summary
Security update for containerd
Notes
Title of the patch
Security update for containerd
Description of the patch
This update for containerd fixes the following issues:
- CVE-2022-23648: A specially-crafted image configuration could gain access to
read-only copies of arbitrary files and directories on the host (bsc#1196441).
Patchnames
SUSE-2022-719,SUSE-SLE-Module-Containers-12-2022-719
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for containerd", title: "Title of the patch", }, { category: "description", text: "This update for containerd fixes the following issues:\n\n- CVE-2022-23648: A specially-crafted image configuration could gain access to\n read-only copies of arbitrary files and directories on the host (bsc#1196441).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2022-719,SUSE-SLE-Module-Containers-12-2022-719", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_0719-1.json", }, { category: "self", summary: "URL for SUSE-SU-2022:0719-1", url: "https://www.suse.com/support/update/announcement/2022/suse-su-20220719-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2022:0719-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-March/010359.html", }, { category: "self", summary: "SUSE Bug 1196441", url: "https://bugzilla.suse.com/1196441", }, { category: "self", summary: "SUSE CVE CVE-2022-23648 page", url: "https://www.suse.com/security/cve/CVE-2022-23648/", }, ], title: "Security update for containerd", tracking: { current_release_date: "2022-03-04T09:19:54Z", generator: { date: "2022-03-04T09:19:54Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2022:0719-1", initial_release_date: "2022-03-04T09:19:54Z", revision_history: [ { date: "2022-03-04T09:19:54Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "containerd-1.4.13-16.54.1.aarch64", product: { name: "containerd-1.4.13-16.54.1.aarch64", product_id: "containerd-1.4.13-16.54.1.aarch64", }, }, { category: "product_version", name: "containerd-ctr-1.4.13-16.54.1.aarch64", product: { name: "containerd-ctr-1.4.13-16.54.1.aarch64", product_id: "containerd-ctr-1.4.13-16.54.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "containerd-1.4.13-16.54.1.i586", product: { name: "containerd-1.4.13-16.54.1.i586", product_id: "containerd-1.4.13-16.54.1.i586", }, }, { category: "product_version", name: "containerd-ctr-1.4.13-16.54.1.i586", product: { name: "containerd-ctr-1.4.13-16.54.1.i586", product_id: "containerd-ctr-1.4.13-16.54.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "containerd-1.4.13-16.54.1.ppc64le", product: { name: "containerd-1.4.13-16.54.1.ppc64le", product_id: "containerd-1.4.13-16.54.1.ppc64le", }, }, { category: "product_version", name: "containerd-ctr-1.4.13-16.54.1.ppc64le", product: { name: "containerd-ctr-1.4.13-16.54.1.ppc64le", product_id: "containerd-ctr-1.4.13-16.54.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "containerd-1.4.13-16.54.1.s390x", product: { name: "containerd-1.4.13-16.54.1.s390x", product_id: "containerd-1.4.13-16.54.1.s390x", }, }, { category: "product_version", name: "containerd-ctr-1.4.13-16.54.1.s390x", product: { name: "containerd-ctr-1.4.13-16.54.1.s390x", product_id: "containerd-ctr-1.4.13-16.54.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "containerd-1.4.13-16.54.1.x86_64", product: { name: "containerd-1.4.13-16.54.1.x86_64", product_id: "containerd-1.4.13-16.54.1.x86_64", }, }, { category: "product_version", name: "containerd-ctr-1.4.13-16.54.1.x86_64", product: { name: "containerd-ctr-1.4.13-16.54.1.x86_64", product_id: "containerd-ctr-1.4.13-16.54.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Containers 12", product: { name: "SUSE Linux Enterprise Module for Containers 12", product_id: "SUSE Linux Enterprise Module for Containers 12", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-containers:12", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "containerd-1.4.13-16.54.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 12", product_id: "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.13-16.54.1.ppc64le", }, product_reference: "containerd-1.4.13-16.54.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 12", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.13-16.54.1.s390x as component of SUSE Linux Enterprise Module for Containers 12", product_id: "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.13-16.54.1.s390x", }, product_reference: "containerd-1.4.13-16.54.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 12", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.13-16.54.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 12", product_id: "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.13-16.54.1.x86_64", }, product_reference: "containerd-1.4.13-16.54.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 12", }, ], }, vulnerabilities: [ { cve: "CVE-2022-23648", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23648", }, ], notes: [ { category: "general", text: "containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd's CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd's CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.13-16.54.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.13-16.54.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.13-16.54.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23648", url: "https://www.suse.com/security/cve/CVE-2022-23648", }, { category: "external", summary: "SUSE Bug 1196441 for CVE-2022-23648", url: "https://bugzilla.suse.com/1196441", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.13-16.54.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.13-16.54.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.13-16.54.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.13-16.54.1.ppc64le", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.13-16.54.1.s390x", "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.13-16.54.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-03-04T09:19:54Z", details: "moderate", }, ], title: "CVE-2022-23648", }, ], }
suse-su-2022:0720-2
Vulnerability from csaf_suse
Published
2022-04-19 19:32
Modified
2022-04-19 19:32
Summary
Security update for containerd
Notes
Title of the patch
Security update for containerd
Description of the patch
This update for containerd fixes the following issues:
- CVE-2022-23648: A specially-crafted image configuration could gain access to
read-only copies of arbitrary files and directories on the host (bsc#1196441).
Patchnames
SUSE-2022-720,SUSE-SUSE-MicroOS-5.2-2022-720
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for containerd", title: "Title of the patch", }, { category: "description", text: "This update for containerd fixes the following issues:\n\n- CVE-2022-23648: A specially-crafted image configuration could gain access to \n read-only copies of arbitrary files and directories on the host (bsc#1196441).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2022-720,SUSE-SUSE-MicroOS-5.2-2022-720", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_0720-2.json", }, { category: "self", summary: "URL for SUSE-SU-2022:0720-2", url: "https://www.suse.com/support/update/announcement/2022/suse-su-20220720-2/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2022:0720-2", url: "https://lists.suse.com/pipermail/sle-updates/2022-April/022656.html", }, { category: "self", summary: "SUSE Bug 1196441", url: "https://bugzilla.suse.com/1196441", }, { category: "self", summary: "SUSE CVE CVE-2022-23648 page", url: "https://www.suse.com/security/cve/CVE-2022-23648/", }, ], title: "Security update for containerd", tracking: { current_release_date: "2022-04-19T19:32:27Z", generator: { date: "2022-04-19T19:32:27Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2022:0720-2", initial_release_date: "2022-04-19T19:32:27Z", revision_history: [ { date: "2022-04-19T19:32:27Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "containerd-1.4.12-63.1.aarch64", product: { name: "containerd-1.4.12-63.1.aarch64", product_id: "containerd-1.4.12-63.1.aarch64", }, }, { category: "product_version", name: "containerd-ctr-1.4.12-63.1.aarch64", product: { name: "containerd-ctr-1.4.12-63.1.aarch64", product_id: "containerd-ctr-1.4.12-63.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "containerd-1.4.12-63.1.i586", product: { name: "containerd-1.4.12-63.1.i586", product_id: "containerd-1.4.12-63.1.i586", }, }, { category: "product_version", name: "containerd-ctr-1.4.12-63.1.i586", product: { name: "containerd-ctr-1.4.12-63.1.i586", product_id: "containerd-ctr-1.4.12-63.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "containerd-1.4.12-63.1.ppc64le", product: { name: "containerd-1.4.12-63.1.ppc64le", product_id: "containerd-1.4.12-63.1.ppc64le", }, }, { category: "product_version", name: "containerd-ctr-1.4.12-63.1.ppc64le", product: { name: "containerd-ctr-1.4.12-63.1.ppc64le", product_id: "containerd-ctr-1.4.12-63.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "containerd-1.4.12-63.1.s390x", product: { name: "containerd-1.4.12-63.1.s390x", product_id: "containerd-1.4.12-63.1.s390x", }, }, { category: "product_version", name: "containerd-ctr-1.4.12-63.1.s390x", product: { name: "containerd-ctr-1.4.12-63.1.s390x", product_id: "containerd-ctr-1.4.12-63.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "containerd-1.4.12-63.1.x86_64", product: { name: "containerd-1.4.12-63.1.x86_64", product_id: "containerd-1.4.12-63.1.x86_64", }, }, { category: "product_version", name: "containerd-ctr-1.4.12-63.1.x86_64", product: { name: "containerd-ctr-1.4.12-63.1.x86_64", product_id: "containerd-ctr-1.4.12-63.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Micro 5.2", product: { name: "SUSE Linux Enterprise Micro 5.2", product_id: "SUSE Linux Enterprise Micro 5.2", product_identification_helper: { cpe: "cpe:/o:suse:suse-microos:5.2", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "containerd-1.4.12-63.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2", product_id: "SUSE Linux Enterprise Micro 5.2:containerd-1.4.12-63.1.aarch64", }, product_reference: "containerd-1.4.12-63.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.2", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.12-63.1.s390x as component of SUSE Linux Enterprise Micro 5.2", product_id: "SUSE Linux Enterprise Micro 5.2:containerd-1.4.12-63.1.s390x", }, product_reference: "containerd-1.4.12-63.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.2", }, { category: "default_component_of", full_product_name: { name: "containerd-1.4.12-63.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2", product_id: "SUSE Linux Enterprise Micro 5.2:containerd-1.4.12-63.1.x86_64", }, product_reference: "containerd-1.4.12-63.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.2", }, ], }, vulnerabilities: [ { cve: "CVE-2022-23648", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23648", }, ], notes: [ { category: "general", text: "containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd's CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd's CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Micro 5.2:containerd-1.4.12-63.1.aarch64", "SUSE Linux Enterprise Micro 5.2:containerd-1.4.12-63.1.s390x", "SUSE Linux Enterprise Micro 5.2:containerd-1.4.12-63.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23648", url: "https://www.suse.com/security/cve/CVE-2022-23648", }, { category: "external", summary: "SUSE Bug 1196441 for CVE-2022-23648", url: "https://bugzilla.suse.com/1196441", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Micro 5.2:containerd-1.4.12-63.1.aarch64", "SUSE Linux Enterprise Micro 5.2:containerd-1.4.12-63.1.s390x", "SUSE Linux Enterprise Micro 5.2:containerd-1.4.12-63.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Micro 5.2:containerd-1.4.12-63.1.aarch64", "SUSE Linux Enterprise Micro 5.2:containerd-1.4.12-63.1.s390x", "SUSE Linux Enterprise Micro 5.2:containerd-1.4.12-63.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-04-19T19:32:27Z", details: "moderate", }, ], title: "CVE-2022-23648", }, ], }
suse-su-2022:1689-1
Vulnerability from csaf_suse
Published
2022-05-16 12:09
Modified
2022-05-16 12:09
Summary
Security update for containerd, docker
Notes
Title of the patch
Security update for containerd, docker
Description of the patch
This update for containerd, docker fixes the following issues:
- CVE-2022-24769: Fixed incorrect default inheritable capabilities (bsc#1197517).
- CVE-2022-23648: Fixed directory traversal issue (bsc#1196441).
- CVE-2022-27191: Fixed a crash in a golang.org/x/crypto/ssh server (bsc#1197284).
- CVE-2021-43565: Fixed a panic in golang.org/x/crypto by empty plaintext packet (bsc#1193930).
Patchnames
SUSE-2022-1689,SUSE-SLE-Module-Containers-15-SP3-2022-1689,SUSE-SLE-Module-Containers-15-SP4-2022-1689,SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1689,SUSE-SLE-Product-HPC-15-2022-1689,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1689,SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1689,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1689,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1689,SUSE-SLE-Product-SLES-15-2022-1689,SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1689,SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1689,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1689,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1689,SUSE-SLE-Product-SLES_SAP-15-2022-1689,SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1689,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1689,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1689,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1689,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1689,SUSE-SUSE-MicroOS-5.0-2022-1689,SUSE-SUSE-MicroOS-5.1-2022-1689,SUSE-SUSE-MicroOS-5.2-2022-1689,SUSE-Storage-6-2022-1689,SUSE-Storage-7-2022-1689,openSUSE-SLE-15.3-2022-1689,openSUSE-SLE-15.4-2022-1689
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for containerd, docker", title: "Title of the patch", }, { category: "description", text: "This update for containerd, docker fixes the following issues:\n\n- CVE-2022-24769: Fixed incorrect default inheritable capabilities (bsc#1197517).\n- CVE-2022-23648: Fixed directory traversal issue (bsc#1196441).\n- CVE-2022-27191: Fixed a crash in a golang.org/x/crypto/ssh server (bsc#1197284).\n- CVE-2021-43565: Fixed a panic in golang.org/x/crypto by empty plaintext packet (bsc#1193930).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2022-1689,SUSE-SLE-Module-Containers-15-SP3-2022-1689,SUSE-SLE-Module-Containers-15-SP4-2022-1689,SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1689,SUSE-SLE-Product-HPC-15-2022-1689,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1689,SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1689,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1689,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1689,SUSE-SLE-Product-SLES-15-2022-1689,SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1689,SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1689,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1689,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1689,SUSE-SLE-Product-SLES_SAP-15-2022-1689,SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1689,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1689,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1689,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1689,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1689,SUSE-SUSE-MicroOS-5.0-2022-1689,SUSE-SUSE-MicroOS-5.1-2022-1689,SUSE-SUSE-MicroOS-5.2-2022-1689,SUSE-Storage-6-2022-1689,SUSE-Storage-7-2022-1689,openSUSE-SLE-15.3-2022-1689,openSUSE-SLE-15.4-2022-1689", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_1689-1.json", }, { category: "self", summary: "URL for SUSE-SU-2022:1689-1", url: "https://www.suse.com/support/update/announcement/2022/suse-su-20221689-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2022:1689-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2022-May/011030.html", }, { category: "self", summary: "SUSE Bug 1193930", url: "https://bugzilla.suse.com/1193930", }, { category: "self", summary: "SUSE Bug 1196441", url: "https://bugzilla.suse.com/1196441", }, { category: "self", summary: "SUSE Bug 1197284", url: "https://bugzilla.suse.com/1197284", }, { category: "self", summary: "SUSE Bug 1197517", url: "https://bugzilla.suse.com/1197517", }, { category: "self", summary: "SUSE CVE CVE-2021-43565 page", url: "https://www.suse.com/security/cve/CVE-2021-43565/", }, { category: "self", summary: "SUSE CVE CVE-2022-23648 page", url: "https://www.suse.com/security/cve/CVE-2022-23648/", }, { category: "self", summary: "SUSE CVE CVE-2022-24769 page", url: "https://www.suse.com/security/cve/CVE-2022-24769/", }, { category: "self", summary: "SUSE CVE CVE-2022-27191 page", url: "https://www.suse.com/security/cve/CVE-2022-27191/", }, ], title: "Security update for containerd, docker", tracking: { current_release_date: "2022-05-16T12:09:38Z", generator: { date: "2022-05-16T12:09:38Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2022:1689-1", initial_release_date: "2022-05-16T12:09:38Z", revision_history: [ { date: "2022-05-16T12:09:38Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "containerd-1.5.11-150000.68.1.aarch64", product: { name: "containerd-1.5.11-150000.68.1.aarch64", product_id: "containerd-1.5.11-150000.68.1.aarch64", }, }, { category: "product_version", name: "containerd-ctr-1.5.11-150000.68.1.aarch64", product: { name: "containerd-ctr-1.5.11-150000.68.1.aarch64", product_id: "containerd-ctr-1.5.11-150000.68.1.aarch64", }, }, { category: "product_version", name: "docker-20.10.14_ce-150000.163.1.aarch64", product: { name: "docker-20.10.14_ce-150000.163.1.aarch64", product_id: "docker-20.10.14_ce-150000.163.1.aarch64", }, }, { category: "product_version", name: "docker-kubic-20.10.14_ce-150000.163.1.aarch64", product: { name: "docker-kubic-20.10.14_ce-150000.163.1.aarch64", product_id: "docker-kubic-20.10.14_ce-150000.163.1.aarch64", }, }, { category: "product_version", name: "docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.aarch64", product: { name: "docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.aarch64", product_id: "docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "containerd-1.5.11-150000.68.1.i586", product: { name: "containerd-1.5.11-150000.68.1.i586", product_id: "containerd-1.5.11-150000.68.1.i586", }, }, { category: "product_version", name: "containerd-ctr-1.5.11-150000.68.1.i586", product: { name: "containerd-ctr-1.5.11-150000.68.1.i586", product_id: "containerd-ctr-1.5.11-150000.68.1.i586", }, }, { category: "product_version", name: "docker-20.10.14_ce-150000.163.1.i586", product: { name: "docker-20.10.14_ce-150000.163.1.i586", product_id: "docker-20.10.14_ce-150000.163.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch", product: { name: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch", product_id: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch", }, }, { category: "product_version", name: "docker-fish-completion-20.10.14_ce-150000.163.1.noarch", product: { name: "docker-fish-completion-20.10.14_ce-150000.163.1.noarch", product_id: "docker-fish-completion-20.10.14_ce-150000.163.1.noarch", }, }, { category: "product_version", name: "docker-kubic-bash-completion-20.10.14_ce-150000.163.1.noarch", product: { name: "docker-kubic-bash-completion-20.10.14_ce-150000.163.1.noarch", product_id: "docker-kubic-bash-completion-20.10.14_ce-150000.163.1.noarch", }, }, { category: "product_version", name: "docker-kubic-fish-completion-20.10.14_ce-150000.163.1.noarch", product: { name: "docker-kubic-fish-completion-20.10.14_ce-150000.163.1.noarch", product_id: "docker-kubic-fish-completion-20.10.14_ce-150000.163.1.noarch", }, }, { category: "product_version", name: "docker-kubic-zsh-completion-20.10.14_ce-150000.163.1.noarch", product: { name: "docker-kubic-zsh-completion-20.10.14_ce-150000.163.1.noarch", product_id: "docker-kubic-zsh-completion-20.10.14_ce-150000.163.1.noarch", }, }, { category: "product_version", name: "docker-zsh-completion-20.10.14_ce-150000.163.1.noarch", product: { name: "docker-zsh-completion-20.10.14_ce-150000.163.1.noarch", product_id: "docker-zsh-completion-20.10.14_ce-150000.163.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "containerd-1.5.11-150000.68.1.ppc64le", product: { name: "containerd-1.5.11-150000.68.1.ppc64le", product_id: "containerd-1.5.11-150000.68.1.ppc64le", }, }, { category: "product_version", name: "containerd-ctr-1.5.11-150000.68.1.ppc64le", product: { name: "containerd-ctr-1.5.11-150000.68.1.ppc64le", product_id: "containerd-ctr-1.5.11-150000.68.1.ppc64le", }, }, { category: "product_version", name: "docker-20.10.14_ce-150000.163.1.ppc64le", product: { name: "docker-20.10.14_ce-150000.163.1.ppc64le", product_id: "docker-20.10.14_ce-150000.163.1.ppc64le", }, }, { category: "product_version", name: "docker-kubic-20.10.14_ce-150000.163.1.ppc64le", product: { name: "docker-kubic-20.10.14_ce-150000.163.1.ppc64le", product_id: "docker-kubic-20.10.14_ce-150000.163.1.ppc64le", }, }, { category: "product_version", name: "docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.ppc64le", product: { name: "docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.ppc64le", product_id: "docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "containerd-1.5.11-150000.68.1.s390x", product: { name: "containerd-1.5.11-150000.68.1.s390x", product_id: "containerd-1.5.11-150000.68.1.s390x", }, }, { category: "product_version", name: "containerd-ctr-1.5.11-150000.68.1.s390x", product: { name: "containerd-ctr-1.5.11-150000.68.1.s390x", product_id: "containerd-ctr-1.5.11-150000.68.1.s390x", }, }, { category: "product_version", name: "docker-20.10.14_ce-150000.163.1.s390x", product: { name: "docker-20.10.14_ce-150000.163.1.s390x", product_id: "docker-20.10.14_ce-150000.163.1.s390x", }, }, { category: "product_version", name: "docker-kubic-20.10.14_ce-150000.163.1.s390x", product: { name: "docker-kubic-20.10.14_ce-150000.163.1.s390x", product_id: "docker-kubic-20.10.14_ce-150000.163.1.s390x", }, }, { category: "product_version", name: "docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.s390x", product: { name: "docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.s390x", product_id: "docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "containerd-1.5.11-150000.68.1.x86_64", product: { name: "containerd-1.5.11-150000.68.1.x86_64", product_id: "containerd-1.5.11-150000.68.1.x86_64", }, }, { category: "product_version", name: "containerd-ctr-1.5.11-150000.68.1.x86_64", product: { name: "containerd-ctr-1.5.11-150000.68.1.x86_64", product_id: "containerd-ctr-1.5.11-150000.68.1.x86_64", }, }, { category: "product_version", name: "docker-20.10.14_ce-150000.163.1.x86_64", product: { name: "docker-20.10.14_ce-150000.163.1.x86_64", product_id: "docker-20.10.14_ce-150000.163.1.x86_64", }, }, { category: "product_version", name: "docker-kubic-20.10.14_ce-150000.163.1.x86_64", product: { name: "docker-kubic-20.10.14_ce-150000.163.1.x86_64", product_id: "docker-kubic-20.10.14_ce-150000.163.1.x86_64", }, }, { category: "product_version", name: "docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.x86_64", product: { name: "docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.x86_64", product_id: "docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Containers 15 SP3", product: { name: "SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-containers:15:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Containers 15 SP4", product: { name: "SUSE Linux Enterprise Module for Containers 15 SP4", product_id: "SUSE Linux Enterprise Module for Containers 15 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-containers:15:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Module for Package Hub 15 SP3", product: { name: "SUSE Linux Enterprise Module for Package Hub 15 SP3", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP3", product_identification_helper: { cpe: "cpe:/o:suse:packagehub:15:sp3", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15-ESPOS", product: { name: "SUSE Linux Enterprise High Performance Computing 15-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15-ESPOS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-espos:15", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15-LTSS", product: { name: "SUSE Linux Enterprise High Performance Computing 15-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-ltss:15", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-espos:15:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-ltss:15:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-espos:15:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-ltss:15:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 15-LTSS", product: { name: "SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:15", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 15 SP1-BCL", product: { name: "SUSE Linux Enterprise Server 15 SP1-BCL", product_id: "SUSE Linux Enterprise Server 15 SP1-BCL", product_identification_helper: { cpe: "cpe:/o:suse:sles_bcl:15:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 15 SP1-LTSS", product: { name: "SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:15:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 15 SP2-BCL", product: { name: "SUSE Linux Enterprise Server 15 SP2-BCL", product_id: "SUSE Linux Enterprise Server 15 SP2-BCL", product_identification_helper: { cpe: "cpe:/o:suse:sles_bcl:15:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 15 SP2-LTSS", product: { name: "SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:15:sp2", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 15", product: { name: "SUSE Linux Enterprise Server for SAP Applications 15", product_id: "SUSE Linux Enterprise Server for SAP Applications 15", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:15", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", product: { name: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:15:sp1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", product: { name: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:15:sp2", }, }, }, { category: "product_name", name: "SUSE Manager Proxy 4.1", product: { name: "SUSE Manager Proxy 4.1", product_id: "SUSE Manager Proxy 4.1", product_identification_helper: { cpe: "cpe:/o:suse:suse-manager-proxy:4.1", }, }, }, { category: "product_name", name: "SUSE Manager Retail Branch Server 4.1", product: { name: "SUSE Manager Retail Branch Server 4.1", product_id: "SUSE Manager Retail Branch Server 4.1", product_identification_helper: { cpe: "cpe:/o:suse:suse-manager-retail-branch-server:4.1", }, }, }, { category: "product_name", name: "SUSE Manager Server 4.1", product: { name: "SUSE Manager Server 4.1", product_id: "SUSE Manager Server 4.1", product_identification_helper: { cpe: "cpe:/o:suse:suse-manager-server:4.1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Micro 5.0", product: { name: "SUSE Linux Enterprise Micro 5.0", product_id: "SUSE Linux Enterprise Micro 5.0", product_identification_helper: { cpe: "cpe:/o:suse:suse-microos:5.0", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Micro 5.1", product: { name: "SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1", product_identification_helper: { cpe: "cpe:/o:suse:suse-microos:5.1", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Micro 5.2", product: { name: "SUSE Linux Enterprise Micro 5.2", product_id: "SUSE Linux Enterprise Micro 5.2", product_identification_helper: { cpe: "cpe:/o:suse:suse-microos:5.2", }, }, }, { category: "product_name", name: "SUSE Enterprise Storage 6", product: { name: "SUSE Enterprise Storage 6", product_id: "SUSE Enterprise Storage 6", product_identification_helper: { cpe: "cpe:/o:suse:ses:6", }, }, }, { category: "product_name", name: "SUSE Enterprise Storage 7", product: { name: "SUSE Enterprise Storage 7", product_id: "SUSE Enterprise Storage 7", product_identification_helper: { cpe: "cpe:/o:suse:ses:7", }, }, }, { category: "product_name", name: "openSUSE Leap 15.3", product: { name: "openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.3", }, }, }, { category: "product_name", name: "openSUSE Leap 15.4", product: { name: "openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.4", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.aarch64", }, product_reference: "containerd-1.5.11-150000.68.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.ppc64le", }, product_reference: "containerd-1.5.11-150000.68.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.s390x", }, product_reference: "containerd-1.5.11-150000.68.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.aarch64", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.ppc64le", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.s390x", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.aarch64", }, product_reference: "docker-20.10.14_ce-150000.163.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.ppc64le", }, product_reference: "docker-20.10.14_ce-150000.163.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.s390x", }, product_reference: "docker-20.10.14_ce-150000.163.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.x86_64", }, product_reference: "docker-20.10.14_ce-150000.163.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", }, product_reference: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "docker-fish-completion-20.10.14_ce-150000.163.1.noarch as component of SUSE Linux Enterprise Module for Containers 15 SP3", product_id: "SUSE Linux Enterprise Module for Containers 15 SP3:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", }, product_reference: "docker-fish-completion-20.10.14_ce-150000.163.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP3", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP4", product_id: "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.aarch64", }, product_reference: "containerd-1.5.11-150000.68.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP4", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP4", product_id: "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.ppc64le", }, product_reference: "containerd-1.5.11-150000.68.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP4", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP4", product_id: "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.s390x", }, product_reference: "containerd-1.5.11-150000.68.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP4", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP4", product_id: "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP4", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP4", product_id: "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.aarch64", }, product_reference: "docker-20.10.14_ce-150000.163.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP4", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP4", product_id: "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.ppc64le", }, product_reference: "docker-20.10.14_ce-150000.163.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP4", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP4", product_id: "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.s390x", }, product_reference: "docker-20.10.14_ce-150000.163.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP4", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP4", product_id: "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.x86_64", }, product_reference: "docker-20.10.14_ce-150000.163.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP4", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch as component of SUSE Linux Enterprise Module for Containers 15 SP4", product_id: "SUSE Linux Enterprise Module for Containers 15 SP4:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", }, product_reference: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Containers 15 SP4", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP3", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.aarch64", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP3", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.ppc64le", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP3", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.s390x", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP3", product_id: "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15-ESPOS", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15-ESPOS", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", }, product_reference: "docker-20.10.14_ce-150000.163.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15-ESPOS", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", }, product_reference: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15-ESPOS", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", }, product_reference: "docker-20.10.14_ce-150000.163.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", }, product_reference: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.5.11-150000.68.1.aarch64", }, product_reference: "containerd-1.5.11-150000.68.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-ctr-1.5.11-150000.68.1.aarch64", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.14_ce-150000.163.1.aarch64", }, product_reference: "docker-20.10.14_ce-150000.163.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", }, product_reference: "docker-20.10.14_ce-150000.163.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", }, product_reference: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.5.11-150000.68.1.aarch64", }, product_reference: "containerd-1.5.11-150000.68.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", }, product_reference: "docker-20.10.14_ce-150000.163.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", }, product_reference: "docker-20.10.14_ce-150000.163.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", }, product_reference: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-1.5.11-150000.68.1.aarch64", }, product_reference: "containerd-1.5.11-150000.68.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-ctr-1.5.11-150000.68.1.aarch64", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-20.10.14_ce-150000.163.1.aarch64", }, product_reference: "docker-20.10.14_ce-150000.163.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", }, product_reference: "docker-20.10.14_ce-150000.163.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", }, product_reference: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-1.5.11-150000.68.1.aarch64", }, product_reference: "containerd-1.5.11-150000.68.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", }, product_reference: "docker-20.10.14_ce-150000.163.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", }, product_reference: "docker-20.10.14_ce-150000.163.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", }, product_reference: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.ppc64le", }, product_reference: "containerd-1.5.11-150000.68.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.s390x", }, product_reference: "containerd-1.5.11-150000.68.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", }, product_reference: "docker-20.10.14_ce-150000.163.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.s390x", }, product_reference: "docker-20.10.14_ce-150000.163.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", }, product_reference: "docker-20.10.14_ce-150000.163.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch as component of SUSE Linux Enterprise Server 15-LTSS", product_id: "SUSE Linux Enterprise Server 15-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", }, product_reference: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL", product_id: "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-BCL", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL", product_id: "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-ctr-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-BCL", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL", product_id: "SUSE Linux Enterprise Server 15 SP1-BCL:docker-20.10.14_ce-150000.163.1.x86_64", }, product_reference: "docker-20.10.14_ce-150000.163.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-BCL", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-BCL", product_id: "SUSE Linux Enterprise Server 15 SP1-BCL:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", }, product_reference: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-BCL", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.aarch64", }, product_reference: "containerd-1.5.11-150000.68.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.ppc64le", }, product_reference: "containerd-1.5.11-150000.68.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.s390x", }, product_reference: "containerd-1.5.11-150000.68.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", }, product_reference: "docker-20.10.14_ce-150000.163.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", }, product_reference: "docker-20.10.14_ce-150000.163.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.s390x", }, product_reference: "docker-20.10.14_ce-150000.163.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", }, product_reference: "docker-20.10.14_ce-150000.163.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", }, product_reference: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP1-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-BCL", product_id: "SUSE Linux Enterprise Server 15 SP2-BCL:containerd-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-BCL", product_id: "SUSE Linux Enterprise Server 15 SP2-BCL:containerd-ctr-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-BCL", product_id: "SUSE Linux Enterprise Server 15 SP2-BCL:docker-20.10.14_ce-150000.163.1.x86_64", }, product_reference: "docker-20.10.14_ce-150000.163.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-BCL", product_id: "SUSE Linux Enterprise Server 15 SP2-BCL:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", }, product_reference: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-BCL", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.aarch64", }, product_reference: "containerd-1.5.11-150000.68.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.ppc64le", }, product_reference: "containerd-1.5.11-150000.68.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.s390x", }, product_reference: "containerd-1.5.11-150000.68.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", }, product_reference: "docker-20.10.14_ce-150000.163.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", }, product_reference: "docker-20.10.14_ce-150000.163.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.s390x", }, product_reference: "docker-20.10.14_ce-150000.163.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", }, product_reference: "docker-20.10.14_ce-150000.163.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", }, product_reference: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP2-LTSS", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15", product_id: "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.5.11-150000.68.1.ppc64le", }, product_reference: "containerd-1.5.11-150000.68.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15", product_id: "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15", product_id: "SUSE Linux Enterprise Server for SAP Applications 15:containerd-ctr-1.5.11-150000.68.1.ppc64le", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15", product_id: "SUSE Linux Enterprise Server for SAP Applications 15:containerd-ctr-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15", product_id: "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.14_ce-150000.163.1.ppc64le", }, product_reference: "docker-20.10.14_ce-150000.163.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15", product_id: "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.14_ce-150000.163.1.x86_64", }, product_reference: "docker-20.10.14_ce-150000.163.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15", product_id: "SUSE Linux Enterprise Server for SAP Applications 15:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", }, product_reference: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.5.11-150000.68.1.ppc64le", }, product_reference: "containerd-1.5.11-150000.68.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-ctr-1.5.11-150000.68.1.ppc64le", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-ctr-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.14_ce-150000.163.1.ppc64le", }, product_reference: "docker-20.10.14_ce-150000.163.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.14_ce-150000.163.1.x86_64", }, product_reference: "docker-20.10.14_ce-150000.163.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", }, product_reference: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP1", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-1.5.11-150000.68.1.ppc64le", }, product_reference: "containerd-1.5.11-150000.68.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-ctr-1.5.11-150000.68.1.ppc64le", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-ctr-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-20.10.14_ce-150000.163.1.ppc64le", }, product_reference: "docker-20.10.14_ce-150000.163.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-20.10.14_ce-150000.163.1.x86_64", }, product_reference: "docker-20.10.14_ce-150000.163.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", }, product_reference: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP2", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.x86_64 as component of SUSE Manager Proxy 4.1", product_id: "SUSE Manager Proxy 4.1:containerd-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Manager Proxy 4.1", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.x86_64 as component of SUSE Manager Proxy 4.1", product_id: "SUSE Manager Proxy 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Manager Proxy 4.1", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.x86_64 as component of SUSE Manager Proxy 4.1", product_id: "SUSE Manager Proxy 4.1:docker-20.10.14_ce-150000.163.1.x86_64", }, product_reference: "docker-20.10.14_ce-150000.163.1.x86_64", relates_to_product_reference: "SUSE Manager Proxy 4.1", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch as component of SUSE Manager Proxy 4.1", product_id: "SUSE Manager Proxy 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", }, product_reference: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch", relates_to_product_reference: "SUSE Manager Proxy 4.1", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.x86_64 as component of SUSE Manager Retail Branch Server 4.1", product_id: "SUSE Manager Retail Branch Server 4.1:containerd-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Manager Retail Branch Server 4.1", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.x86_64 as component of SUSE Manager Retail Branch Server 4.1", product_id: "SUSE Manager Retail Branch Server 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Manager Retail Branch Server 4.1", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.x86_64 as component of SUSE Manager Retail Branch Server 4.1", product_id: "SUSE Manager Retail Branch Server 4.1:docker-20.10.14_ce-150000.163.1.x86_64", }, product_reference: "docker-20.10.14_ce-150000.163.1.x86_64", relates_to_product_reference: "SUSE Manager Retail Branch Server 4.1", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch as component of SUSE Manager Retail Branch Server 4.1", product_id: "SUSE Manager Retail Branch Server 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", }, product_reference: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch", relates_to_product_reference: "SUSE Manager Retail Branch Server 4.1", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.ppc64le as component of SUSE Manager Server 4.1", product_id: "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.ppc64le", }, product_reference: "containerd-1.5.11-150000.68.1.ppc64le", relates_to_product_reference: "SUSE Manager Server 4.1", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.s390x as component of SUSE Manager Server 4.1", product_id: "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.s390x", }, product_reference: "containerd-1.5.11-150000.68.1.s390x", relates_to_product_reference: "SUSE Manager Server 4.1", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.x86_64 as component of SUSE Manager Server 4.1", product_id: "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Manager Server 4.1", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.ppc64le as component of SUSE Manager Server 4.1", product_id: "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.ppc64le", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.ppc64le", relates_to_product_reference: "SUSE Manager Server 4.1", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.s390x as component of SUSE Manager Server 4.1", product_id: "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.s390x", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.s390x", relates_to_product_reference: "SUSE Manager Server 4.1", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.x86_64 as component of SUSE Manager Server 4.1", product_id: "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Manager Server 4.1", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.ppc64le as component of SUSE Manager Server 4.1", product_id: "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.ppc64le", }, product_reference: "docker-20.10.14_ce-150000.163.1.ppc64le", relates_to_product_reference: "SUSE Manager Server 4.1", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.s390x as component of SUSE Manager Server 4.1", product_id: "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.s390x", }, product_reference: "docker-20.10.14_ce-150000.163.1.s390x", relates_to_product_reference: "SUSE Manager Server 4.1", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.x86_64 as component of SUSE Manager Server 4.1", product_id: "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.x86_64", }, product_reference: "docker-20.10.14_ce-150000.163.1.x86_64", relates_to_product_reference: "SUSE Manager Server 4.1", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch as component of SUSE Manager Server 4.1", product_id: "SUSE Manager Server 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", }, product_reference: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch", relates_to_product_reference: "SUSE Manager Server 4.1", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.aarch64 as component of SUSE Linux Enterprise Micro 5.0", product_id: "SUSE Linux Enterprise Micro 5.0:containerd-1.5.11-150000.68.1.aarch64", }, product_reference: "containerd-1.5.11-150000.68.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.0", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.x86_64 as component of SUSE Linux Enterprise Micro 5.0", product_id: "SUSE Linux Enterprise Micro 5.0:containerd-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.0", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.aarch64 as component of SUSE Linux Enterprise Micro 5.0", product_id: "SUSE Linux Enterprise Micro 5.0:docker-20.10.14_ce-150000.163.1.aarch64", }, product_reference: "docker-20.10.14_ce-150000.163.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.0", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.x86_64 as component of SUSE Linux Enterprise Micro 5.0", product_id: "SUSE Linux Enterprise Micro 5.0:docker-20.10.14_ce-150000.163.1.x86_64", }, product_reference: "docker-20.10.14_ce-150000.163.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.0", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.aarch64", }, product_reference: "containerd-1.5.11-150000.68.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.s390x as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.s390x", }, product_reference: "containerd-1.5.11-150000.68.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.aarch64", }, product_reference: "docker-20.10.14_ce-150000.163.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.s390x as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.s390x", }, product_reference: "docker-20.10.14_ce-150000.163.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1", product_id: "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.x86_64", }, product_reference: "docker-20.10.14_ce-150000.163.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.1", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2", product_id: "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.aarch64", }, product_reference: "containerd-1.5.11-150000.68.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.2", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.s390x as component of SUSE Linux Enterprise Micro 5.2", product_id: "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.s390x", }, product_reference: "containerd-1.5.11-150000.68.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.2", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2", product_id: "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.2", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2", product_id: "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.aarch64", }, product_reference: "docker-20.10.14_ce-150000.163.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.2", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.s390x as component of SUSE Linux Enterprise Micro 5.2", product_id: "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.s390x", }, product_reference: "docker-20.10.14_ce-150000.163.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.2", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2", product_id: "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.x86_64", }, product_reference: "docker-20.10.14_ce-150000.163.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Micro 5.2", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.aarch64 as component of SUSE Enterprise Storage 6", product_id: "SUSE Enterprise Storage 6:containerd-1.5.11-150000.68.1.aarch64", }, product_reference: "containerd-1.5.11-150000.68.1.aarch64", relates_to_product_reference: "SUSE Enterprise Storage 6", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.x86_64 as component of SUSE Enterprise Storage 6", product_id: "SUSE Enterprise Storage 6:containerd-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 6", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.aarch64 as component of SUSE Enterprise Storage 6", product_id: "SUSE Enterprise Storage 6:containerd-ctr-1.5.11-150000.68.1.aarch64", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.aarch64", relates_to_product_reference: "SUSE Enterprise Storage 6", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.x86_64 as component of SUSE Enterprise Storage 6", product_id: "SUSE Enterprise Storage 6:containerd-ctr-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 6", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.aarch64 as component of SUSE Enterprise Storage 6", product_id: "SUSE Enterprise Storage 6:docker-20.10.14_ce-150000.163.1.aarch64", }, product_reference: "docker-20.10.14_ce-150000.163.1.aarch64", relates_to_product_reference: "SUSE Enterprise Storage 6", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.x86_64 as component of SUSE Enterprise Storage 6", product_id: "SUSE Enterprise Storage 6:docker-20.10.14_ce-150000.163.1.x86_64", }, product_reference: "docker-20.10.14_ce-150000.163.1.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 6", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch as component of SUSE Enterprise Storage 6", product_id: "SUSE Enterprise Storage 6:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", }, product_reference: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch", relates_to_product_reference: "SUSE Enterprise Storage 6", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.aarch64 as component of SUSE Enterprise Storage 7", product_id: "SUSE Enterprise Storage 7:containerd-1.5.11-150000.68.1.aarch64", }, product_reference: "containerd-1.5.11-150000.68.1.aarch64", relates_to_product_reference: "SUSE Enterprise Storage 7", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.x86_64 as component of SUSE Enterprise Storage 7", product_id: "SUSE Enterprise Storage 7:containerd-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 7", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.aarch64 as component of SUSE Enterprise Storage 7", product_id: "SUSE Enterprise Storage 7:containerd-ctr-1.5.11-150000.68.1.aarch64", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.aarch64", relates_to_product_reference: "SUSE Enterprise Storage 7", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.x86_64 as component of SUSE Enterprise Storage 7", product_id: "SUSE Enterprise Storage 7:containerd-ctr-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 7", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.aarch64 as component of SUSE Enterprise Storage 7", product_id: "SUSE Enterprise Storage 7:docker-20.10.14_ce-150000.163.1.aarch64", }, product_reference: "docker-20.10.14_ce-150000.163.1.aarch64", relates_to_product_reference: "SUSE Enterprise Storage 7", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.x86_64 as component of SUSE Enterprise Storage 7", product_id: "SUSE Enterprise Storage 7:docker-20.10.14_ce-150000.163.1.x86_64", }, product_reference: "docker-20.10.14_ce-150000.163.1.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 7", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch as component of SUSE Enterprise Storage 7", product_id: "SUSE Enterprise Storage 7:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", }, product_reference: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch", relates_to_product_reference: "SUSE Enterprise Storage 7", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.aarch64", }, product_reference: "containerd-1.5.11-150000.68.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.ppc64le", }, product_reference: "containerd-1.5.11-150000.68.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.s390x", }, product_reference: "containerd-1.5.11-150000.68.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.aarch64", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.ppc64le", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.s390x", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.aarch64", }, product_reference: "docker-20.10.14_ce-150000.163.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.ppc64le", }, product_reference: "docker-20.10.14_ce-150000.163.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.s390x", }, product_reference: "docker-20.10.14_ce-150000.163.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.x86_64", }, product_reference: "docker-20.10.14_ce-150000.163.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", }, product_reference: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-fish-completion-20.10.14_ce-150000.163.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", }, product_reference: "docker-fish-completion-20.10.14_ce-150000.163.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-kubic-20.10.14_ce-150000.163.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.aarch64", }, product_reference: "docker-kubic-20.10.14_ce-150000.163.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-kubic-20.10.14_ce-150000.163.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.ppc64le", }, product_reference: "docker-kubic-20.10.14_ce-150000.163.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-kubic-20.10.14_ce-150000.163.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.s390x", }, product_reference: "docker-kubic-20.10.14_ce-150000.163.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-kubic-20.10.14_ce-150000.163.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.x86_64", }, product_reference: "docker-kubic-20.10.14_ce-150000.163.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-kubic-bash-completion-20.10.14_ce-150000.163.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-kubic-bash-completion-20.10.14_ce-150000.163.1.noarch", }, product_reference: "docker-kubic-bash-completion-20.10.14_ce-150000.163.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-kubic-fish-completion-20.10.14_ce-150000.163.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-kubic-fish-completion-20.10.14_ce-150000.163.1.noarch", }, product_reference: "docker-kubic-fish-completion-20.10.14_ce-150000.163.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.aarch64", }, product_reference: "docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.ppc64le as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.ppc64le", }, product_reference: "docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.s390x", }, product_reference: "docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.x86_64", }, product_reference: "docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-kubic-zsh-completion-20.10.14_ce-150000.163.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-kubic-zsh-completion-20.10.14_ce-150000.163.1.noarch", }, product_reference: "docker-kubic-zsh-completion-20.10.14_ce-150000.163.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "docker-zsh-completion-20.10.14_ce-150000.163.1.noarch as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:docker-zsh-completion-20.10.14_ce-150000.163.1.noarch", }, product_reference: "docker-zsh-completion-20.10.14_ce-150000.163.1.noarch", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.aarch64", }, product_reference: "containerd-1.5.11-150000.68.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.ppc64le", }, product_reference: "containerd-1.5.11-150000.68.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.s390x", }, product_reference: "containerd-1.5.11-150000.68.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "containerd-1.5.11-150000.68.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.aarch64", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.ppc64le", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.s390x", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "containerd-ctr-1.5.11-150000.68.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.x86_64", }, product_reference: "containerd-ctr-1.5.11-150000.68.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.aarch64", }, product_reference: "docker-20.10.14_ce-150000.163.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.ppc64le", }, product_reference: "docker-20.10.14_ce-150000.163.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.s390x", }, product_reference: "docker-20.10.14_ce-150000.163.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "docker-20.10.14_ce-150000.163.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.x86_64", }, product_reference: "docker-20.10.14_ce-150000.163.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", }, product_reference: "docker-bash-completion-20.10.14_ce-150000.163.1.noarch", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "docker-fish-completion-20.10.14_ce-150000.163.1.noarch as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", }, product_reference: "docker-fish-completion-20.10.14_ce-150000.163.1.noarch", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "docker-kubic-20.10.14_ce-150000.163.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.aarch64", }, product_reference: "docker-kubic-20.10.14_ce-150000.163.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "docker-kubic-20.10.14_ce-150000.163.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.ppc64le", }, product_reference: "docker-kubic-20.10.14_ce-150000.163.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "docker-kubic-20.10.14_ce-150000.163.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.s390x", }, product_reference: "docker-kubic-20.10.14_ce-150000.163.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "docker-kubic-20.10.14_ce-150000.163.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.x86_64", }, product_reference: "docker-kubic-20.10.14_ce-150000.163.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "docker-kubic-bash-completion-20.10.14_ce-150000.163.1.noarch as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:docker-kubic-bash-completion-20.10.14_ce-150000.163.1.noarch", }, product_reference: "docker-kubic-bash-completion-20.10.14_ce-150000.163.1.noarch", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "docker-kubic-fish-completion-20.10.14_ce-150000.163.1.noarch as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:docker-kubic-fish-completion-20.10.14_ce-150000.163.1.noarch", }, product_reference: "docker-kubic-fish-completion-20.10.14_ce-150000.163.1.noarch", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.aarch64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.aarch64", }, product_reference: "docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.ppc64le as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.ppc64le", }, product_reference: "docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.ppc64le", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.s390x as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.s390x", }, product_reference: "docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.s390x", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.x86_64 as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.x86_64", }, product_reference: "docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "docker-kubic-zsh-completion-20.10.14_ce-150000.163.1.noarch as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:docker-kubic-zsh-completion-20.10.14_ce-150000.163.1.noarch", }, product_reference: "docker-kubic-zsh-completion-20.10.14_ce-150000.163.1.noarch", relates_to_product_reference: "openSUSE Leap 15.4", }, { category: "default_component_of", full_product_name: { name: "docker-zsh-completion-20.10.14_ce-150000.163.1.noarch as component of openSUSE Leap 15.4", product_id: "openSUSE Leap 15.4:docker-zsh-completion-20.10.14_ce-150000.163.1.noarch", }, product_reference: "docker-zsh-completion-20.10.14_ce-150000.163.1.noarch", relates_to_product_reference: "openSUSE Leap 15.4", }, ], }, vulnerabilities: [ { cve: "CVE-2021-43565", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2021-43565", }, ], notes: [ { category: "general", text: "The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 6:containerd-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 6:containerd-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 6:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 6:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 6:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Enterprise Storage 6:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Enterprise Storage 6:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Enterprise Storage 7:containerd-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 7:containerd-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 7:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 7:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 7:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Enterprise Storage 7:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Enterprise Storage 7:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Micro 5.0:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Proxy 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Proxy 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Proxy 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Proxy 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Retail Branch Server 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Retail Branch Server 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Retail Branch Server 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Retail Branch Server 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.s390x", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Server 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-kubic-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-kubic-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-kubic-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-kubic-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-zsh-completion-20.10.14_ce-150000.163.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2021-43565", url: "https://www.suse.com/security/cve/CVE-2021-43565", }, { category: "external", summary: "SUSE Bug 1193930 for CVE-2021-43565", url: "https://bugzilla.suse.com/1193930", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 6:containerd-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 6:containerd-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 6:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 6:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 6:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Enterprise Storage 6:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Enterprise Storage 6:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Enterprise Storage 7:containerd-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 7:containerd-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 7:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 7:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 7:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Enterprise Storage 7:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Enterprise Storage 7:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Micro 5.0:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Proxy 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Proxy 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Proxy 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Proxy 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Retail Branch Server 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Retail Branch Server 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Retail Branch Server 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Retail Branch Server 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.s390x", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Server 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-kubic-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-kubic-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-kubic-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-kubic-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-zsh-completion-20.10.14_ce-150000.163.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 6:containerd-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 6:containerd-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 6:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 6:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 6:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Enterprise Storage 6:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Enterprise Storage 6:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Enterprise Storage 7:containerd-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 7:containerd-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 7:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 7:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 7:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Enterprise Storage 7:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Enterprise Storage 7:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Micro 5.0:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Proxy 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Proxy 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Proxy 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Proxy 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Retail Branch Server 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Retail Branch Server 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Retail Branch Server 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Retail Branch Server 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.s390x", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Server 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-kubic-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-kubic-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-kubic-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-kubic-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-zsh-completion-20.10.14_ce-150000.163.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-05-16T12:09:38Z", details: "important", }, ], title: "CVE-2021-43565", }, { cve: "CVE-2022-23648", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23648", }, ], notes: [ { category: "general", text: "containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd's CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd's CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 6:containerd-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 6:containerd-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 6:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 6:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 6:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Enterprise Storage 6:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Enterprise Storage 6:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Enterprise Storage 7:containerd-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 7:containerd-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 7:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 7:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 7:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Enterprise Storage 7:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Enterprise Storage 7:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Micro 5.0:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Proxy 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Proxy 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Proxy 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Proxy 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Retail Branch Server 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Retail Branch Server 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Retail Branch Server 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Retail Branch Server 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.s390x", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Server 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-kubic-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-kubic-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-kubic-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-kubic-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-zsh-completion-20.10.14_ce-150000.163.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-23648", url: "https://www.suse.com/security/cve/CVE-2022-23648", }, { category: "external", summary: "SUSE Bug 1196441 for CVE-2022-23648", url: "https://bugzilla.suse.com/1196441", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 6:containerd-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 6:containerd-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 6:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 6:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 6:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Enterprise Storage 6:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Enterprise Storage 6:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Enterprise Storage 7:containerd-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 7:containerd-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 7:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 7:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 7:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Enterprise Storage 7:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Enterprise Storage 7:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Micro 5.0:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Proxy 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Proxy 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Proxy 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Proxy 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Retail Branch Server 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Retail Branch Server 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Retail Branch Server 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Retail Branch Server 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.s390x", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Server 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-kubic-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-kubic-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-kubic-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-kubic-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-zsh-completion-20.10.14_ce-150000.163.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Enterprise Storage 6:containerd-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 6:containerd-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 6:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 6:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 6:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Enterprise Storage 6:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Enterprise Storage 6:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Enterprise Storage 7:containerd-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 7:containerd-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 7:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 7:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 7:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Enterprise Storage 7:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Enterprise Storage 7:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Micro 5.0:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Proxy 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Proxy 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Proxy 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Proxy 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Retail Branch Server 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Retail Branch Server 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Retail Branch Server 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Retail Branch Server 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.s390x", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Server 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-kubic-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-kubic-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-kubic-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-kubic-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-zsh-completion-20.10.14_ce-150000.163.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-05-16T12:09:38Z", details: "moderate", }, ], title: "CVE-2022-23648", }, { cve: "CVE-2022-24769", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-24769", }, ], notes: [ { category: "general", text: "Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 6:containerd-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 6:containerd-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 6:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 6:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 6:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Enterprise Storage 6:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Enterprise Storage 6:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Enterprise Storage 7:containerd-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 7:containerd-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 7:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 7:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 7:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Enterprise Storage 7:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Enterprise Storage 7:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Micro 5.0:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Proxy 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Proxy 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Proxy 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Proxy 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Retail Branch Server 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Retail Branch Server 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Retail Branch Server 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Retail Branch Server 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.s390x", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Server 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-kubic-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-kubic-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-kubic-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-kubic-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-zsh-completion-20.10.14_ce-150000.163.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-24769", url: "https://www.suse.com/security/cve/CVE-2022-24769", }, { category: "external", summary: "SUSE Bug 1197517 for CVE-2022-24769", url: "https://bugzilla.suse.com/1197517", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 6:containerd-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 6:containerd-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 6:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 6:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 6:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Enterprise Storage 6:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Enterprise Storage 6:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Enterprise Storage 7:containerd-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 7:containerd-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 7:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 7:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 7:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Enterprise Storage 7:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Enterprise Storage 7:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Micro 5.0:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Proxy 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Proxy 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Proxy 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Proxy 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Retail Branch Server 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Retail Branch Server 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Retail Branch Server 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Retail Branch Server 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.s390x", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Server 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-kubic-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-kubic-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-kubic-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-kubic-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-zsh-completion-20.10.14_ce-150000.163.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Enterprise Storage 6:containerd-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 6:containerd-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 6:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 6:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 6:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Enterprise Storage 6:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Enterprise Storage 6:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Enterprise Storage 7:containerd-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 7:containerd-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 7:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 7:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 7:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Enterprise Storage 7:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Enterprise Storage 7:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Micro 5.0:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Proxy 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Proxy 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Proxy 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Proxy 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Retail Branch Server 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Retail Branch Server 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Retail Branch Server 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Retail Branch Server 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.s390x", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Server 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-kubic-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-kubic-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-kubic-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-kubic-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-zsh-completion-20.10.14_ce-150000.163.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-05-16T12:09:38Z", details: "moderate", }, ], title: "CVE-2022-24769", }, { cve: "CVE-2022-27191", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-27191", }, ], notes: [ { category: "general", text: "The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 6:containerd-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 6:containerd-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 6:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 6:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 6:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Enterprise Storage 6:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Enterprise Storage 6:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Enterprise Storage 7:containerd-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 7:containerd-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 7:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 7:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 7:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Enterprise Storage 7:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Enterprise Storage 7:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Micro 5.0:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Proxy 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Proxy 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Proxy 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Proxy 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Retail Branch Server 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Retail Branch Server 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Retail Branch Server 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Retail Branch Server 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.s390x", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Server 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-kubic-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-kubic-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-kubic-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-kubic-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-zsh-completion-20.10.14_ce-150000.163.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2022-27191", url: "https://www.suse.com/security/cve/CVE-2022-27191", }, { category: "external", summary: "SUSE Bug 1197284 for CVE-2022-27191", url: "https://bugzilla.suse.com/1197284", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 6:containerd-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 6:containerd-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 6:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 6:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 6:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Enterprise Storage 6:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Enterprise Storage 6:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Enterprise Storage 7:containerd-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 7:containerd-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 7:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 7:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 7:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Enterprise Storage 7:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Enterprise Storage 7:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Micro 5.0:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Proxy 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Proxy 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Proxy 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Proxy 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Retail Branch Server 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Retail Branch Server 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Retail Branch Server 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Retail Branch Server 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.s390x", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Server 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-kubic-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-kubic-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-kubic-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-kubic-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-zsh-completion-20.10.14_ce-150000.163.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Enterprise Storage 6:containerd-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 6:containerd-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 6:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 6:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 6:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Enterprise Storage 6:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Enterprise Storage 6:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Enterprise Storage 7:containerd-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 7:containerd-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 7:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Enterprise Storage 7:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Enterprise Storage 7:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Enterprise Storage 7:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Enterprise Storage 7:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-ESPOS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise High Performance Computing 15-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Micro 5.0:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.0:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.0:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Micro 5.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Micro 5.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Micro 5.2:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Micro 5.2:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP3:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Module for Containers 15 SP4:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Module for Package Hub 15 SP3:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-BCL:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP1-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP2-BCL:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-BCL:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.aarch64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15 SP2-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Linux Enterprise Server 15-LTSS:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server 15-LTSS:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP2:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Proxy 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Proxy 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Proxy 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Proxy 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Retail Branch Server 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Retail Branch Server 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Retail Branch Server 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Retail Branch Server 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.ppc64le", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.s390x", "SUSE Manager Server 4.1:containerd-1.5.11-150000.68.1.x86_64", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.ppc64le", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.s390x", "SUSE Manager Server 4.1:containerd-ctr-1.5.11-150000.68.1.x86_64", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.ppc64le", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.s390x", "SUSE Manager Server 4.1:docker-20.10.14_ce-150000.163.1.x86_64", "SUSE Manager Server 4.1:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.3:containerd-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.3:containerd-ctr-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-kubic-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-kubic-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.3:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.3:docker-kubic-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.3:docker-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.4:containerd-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.aarch64", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.ppc64le", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.s390x", "openSUSE Leap 15.4:containerd-ctr-1.5.11-150000.68.1.x86_64", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-kubic-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-kubic-bash-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-fish-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.aarch64", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.ppc64le", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.s390x", "openSUSE Leap 15.4:docker-kubic-kubeadm-criconfig-20.10.14_ce-150000.163.1.x86_64", "openSUSE Leap 15.4:docker-kubic-zsh-completion-20.10.14_ce-150000.163.1.noarch", "openSUSE Leap 15.4:docker-zsh-completion-20.10.14_ce-150000.163.1.noarch", ], }, ], threats: [ { category: "impact", date: "2022-05-16T12:09:38Z", details: "important", }, ], title: "CVE-2022-27191", }, ], }
fkie_cve-2022-23648
Vulnerability from fkie_nvd
Published
2022-03-03 14:15
Modified
2024-11-21 06:49
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | containerd | * | |
| linuxfoundation | containerd | * | |
| linuxfoundation | containerd | * | |
| debian | debian_linux | 11.0 | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*", matchCriteriaId: "E2E44BA2-CF61-41F7-B332-C2C977368870", versionEndExcluding: "1.4.13", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*", matchCriteriaId: "5783F746-15E8-403A-A79F-D58E4577185E", versionEndExcluding: "1.5.10", versionStartIncluding: "1.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*", matchCriteriaId: "B7A0F3E7-387E-46F4-861A-8B65EBF6548A", versionEndExcluding: "1.6.1", versionStartIncluding: "1.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.", }, { lang: "es", value: "containerd es un tiempo de ejecución de contenedores disponible como demonio para Linux y Windows. Se ha encontrado un fallo en containerd versiones anteriores a 1.6.1, 1.5.10 y 1.14.12, en el que los contenedores lanzados mediante la implementación CRI de containerd en Linux con una configuración de imagen especialmente diseñada podían conseguir acceso a copias de sólo lectura de archivos y directorios arbitrarios en el host. Esto puede omitir cualquier aplicación basada en políticas sobre la configuración de contenedores (incluyendo una política de seguridad de Kubernetes Pod) y exponer información potencialmente confidencial. Kubernetes y crictl pueden ser configurados para usar la implementación de CRI de containerd. Este error ha sido corregido en containerd versiones 1.6.1, 1.5.10 y 1.4.12. Los usuarios deben actualizar a estas versiones para resolver el problema", }, ], id: "CVE-2022-23648", lastModified: "2024-11-21T06:49:00.957", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-03-03T14:15:07.973", references: [ { source: "security-advisories@github.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/166421/containerd-Image-Volume-Insecure-Handling.html", }, { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/containerd/containerd/commit/10f428dac7cec44c864e1b830a4623af27a9fc70", }, { source: "security-advisories@github.com", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/containerd/containerd/releases/tag/v1.4.13", }, { source: "security-advisories@github.com", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/containerd/containerd/releases/tag/v1.5.10", }, { source: "security-advisories@github.com", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/containerd/containerd/releases/tag/v1.6.1", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO/", }, { source: "security-advisories@github.com", url: "https://security.gentoo.org/glsa/202401-31", }, { source: "security-advisories@github.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5091", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/166421/containerd-Image-Volume-Insecure-Handling.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/containerd/containerd/commit/10f428dac7cec44c864e1b830a4623af27a9fc70", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/containerd/containerd/releases/tag/v1.4.13", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/containerd/containerd/releases/tag/v1.5.10", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/containerd/containerd/releases/tag/v1.6.1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202401-31", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5091", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
ghsa-crp2-qrr5-8pq7
Vulnerability from github
Published
2022-03-02 21:33
Modified
2024-01-31 15:32
Severity ?
Summary
containerd CRI plugin: Insecure handling of image volumes
Details
Impact
A bug was found in containerd where containers launched through containerd’s CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation.
Patches
This bug has been fixed in containerd 1.6.1, 1.5.10 and 1.4.13. Users should update to these versions to resolve the issue.
Workarounds
Ensure that only trusted images are used.
Credits
The containerd project would like to thank Felix Wilhelm of Google Project Zero for responsibly disclosing this issue in accordance with the containerd security policy.
For more information
If you have any questions or comments about this advisory:
- Open an issue in containerd
- Email us at security@containerd.io
{ affected: [ { package: { ecosystem: "Go", name: "github.com/containerd/containerd", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "1.4.13", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "Go", name: "github.com/containerd/containerd", }, ranges: [ { events: [ { introduced: "1.5.0", }, { fixed: "1.5.10", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "Go", name: "github.com/containerd/containerd", }, ranges: [ { events: [ { introduced: "1.6.0", }, { fixed: "1.6.1", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2022-23648", ], database_specific: { cwe_ids: [ "CWE-200", ], github_reviewed: true, github_reviewed_at: "2022-03-02T21:33:17Z", nvd_published_at: "2022-03-03T14:15:00Z", severity: "HIGH", }, details: "### Impact\n\nA bug was found in containerd where containers launched through containerd’s CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation.\n\n### Patches\n\nThis bug has been fixed in containerd 1.6.1, 1.5.10 and 1.4.13. Users should update to these versions to resolve the issue.\n\n### Workarounds\n\nEnsure that only trusted images are used.\n\n### Credits\n\nThe containerd project would like to thank Felix Wilhelm of Google Project Zero for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/main/SECURITY.md).\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at [security@containerd.io](mailto:security@containerd.io)", id: "GHSA-crp2-qrr5-8pq7", modified: "2024-01-31T15:32:06Z", published: "2022-03-02T21:33:17Z", references: [ { type: "WEB", url: "https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7", }, { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-23648", }, { type: "WEB", url: "https://github.com/containerd/containerd/commit/10f428dac7cec44c864e1b830a4623af27a9fc70", }, { type: "PACKAGE", url: "https://github.com/containerd/containerd", }, { type: "WEB", url: "https://github.com/containerd/containerd/releases/tag/v1.4.13", }, { type: "WEB", url: "https://github.com/containerd/containerd/releases/tag/v1.5.10", }, { type: "WEB", url: "https://github.com/containerd/containerd/releases/tag/v1.6.1", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO", }, { type: "WEB", url: "https://security.gentoo.org/glsa/202401-31", }, { type: "WEB", url: "https://www.debian.org/security/2022/dsa-5091", }, { type: "WEB", url: "http://packetstormsecurity.com/files/166421/containerd-Image-Volume-Insecure-Handling.html", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", type: "CVSS_V3", }, ], summary: "containerd CRI plugin: Insecure handling of image volumes", }
gsd-2022-23648
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.
Aliases
Aliases
{ GSD: { alias: "CVE-2022-23648", description: "containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.", id: "GSD-2022-23648", references: [ "https://www.suse.com/security/cve/CVE-2022-23648.html", "https://www.debian.org/security/2022/dsa-5091", "https://ubuntu.com/security/CVE-2022-23648", "https://advisories.mageia.org/CVE-2022-23648.html", "https://alas.aws.amazon.com/cve/html/CVE-2022-23648.html", "https://security.archlinux.org/CVE-2022-23648", "https://packetstormsecurity.com/files/cve/CVE-2022-23648", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2022-23648", ], details: "containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.", id: "GSD-2022-23648", modified: "2023-12-13T01:19:35.267759Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2022-23648", STATE: "PUBLIC", TITLE: "Insecure handling of image volumes in containerd CRI plugin", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "containerd", version: { version_data: [ { version_value: " < 1.4.13", }, { version_value: ">= 1.5.0, < 1.5.10", }, { version_value: ">= 1.6.0, < 1.6.1", }, ], }, }, ], }, vendor_name: "containerd", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7", refsource: "CONFIRM", url: "https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7", }, { name: "https://github.com/containerd/containerd/commit/10f428dac7cec44c864e1b830a4623af27a9fc70", refsource: "MISC", url: "https://github.com/containerd/containerd/commit/10f428dac7cec44c864e1b830a4623af27a9fc70", }, { name: "https://github.com/containerd/containerd/releases/tag/v1.4.13", refsource: "MISC", url: "https://github.com/containerd/containerd/releases/tag/v1.4.13", }, { name: "https://github.com/containerd/containerd/releases/tag/v1.5.10", refsource: "MISC", url: "https://github.com/containerd/containerd/releases/tag/v1.5.10", }, { name: "https://github.com/containerd/containerd/releases/tag/v1.6.1", refsource: "MISC", url: "https://github.com/containerd/containerd/releases/tag/v1.6.1", }, { name: "DSA-5091", refsource: "DEBIAN", url: "https://www.debian.org/security/2022/dsa-5091", }, { name: "FEDORA-2022-dc35dd101f", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO/", }, { name: "FEDORA-2022-230f2b024b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA/", }, { name: "http://packetstormsecurity.com/files/166421/containerd-Image-Volume-Insecure-Handling.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/166421/containerd-Image-Volume-Insecure-Handling.html", }, { name: "FEDORA-2022-d9c9bf56f6", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3/", }, { name: "GLSA-202401-31", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202401-31", }, ], }, source: { advisory: "GHSA-crp2-qrr5-8pq7", discovery: "UNKNOWN", }, }, "gitlab.com": { advisories: [ { affected_range: "<1.4.13||>=1.5.0 <1.5.10||>=1.6.0 <1.6.1", affected_versions: "All versions before 1.4.13, all versions starting from 1.5.0 before 1.5.10, all versions starting from 1.6.0 before 1.6.1", cvss_v2: "AV:N/AC:L/Au:N/C:P/I:N/A:N", cvss_v3: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", cwe_ids: [ "CWE-1035", "CWE-937", ], date: "2023-07-11", description: "containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.", fixed_versions: [ "1.4.13", "1.5.10", "1.6.1", ], identifier: "CVE-2022-23648", identifiers: [ "CVE-2022-23648", "GHSA-crp2-qrr5-8pq7", ], not_impacted: "All versions starting from 1.4.13 before 1.5.0, all versions starting from 1.5.10 before 1.6.0, all versions starting from 1.6.1", package_slug: "go/github.com/containerd/containerd", pubdate: "2022-03-03", solution: "Upgrade to versions 1.4.13, 1.5.10, 1.6.1 or above.", title: "Exposure of Sensitive Information to an Unauthorized Actor", urls: [ "https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7", "https://github.com/advisories/GHSA-crp2-qrr5-8pq7", ], uuid: "76d56170-967a-4647-b580-38738a65efb0", }, ], }, "nvd.nist.gov": { cve: { configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*", matchCriteriaId: "E2E44BA2-CF61-41F7-B332-C2C977368870", versionEndExcluding: "1.4.13", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*", matchCriteriaId: "5783F746-15E8-403A-A79F-D58E4577185E", versionEndExcluding: "1.5.10", versionStartIncluding: "1.5.0", vulnerable: true, }, { criteria: "cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*", matchCriteriaId: "B7A0F3E7-387E-46F4-861A-8B65EBF6548A", versionEndExcluding: "1.6.1", versionStartIncluding: "1.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", matchCriteriaId: "A930E247-0B43-43CB-98FF-6CE7B8189835", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", matchCriteriaId: "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", matchCriteriaId: "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], descriptions: [ { lang: "en", value: "containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.", }, { lang: "es", value: "containerd es un tiempo de ejecución de contenedores disponible como demonio para Linux y Windows. Se ha encontrado un fallo en containerd versiones anteriores a 1.6.1, 1.5.10 y 1.14.12, en el que los contenedores lanzados mediante la implementación CRI de containerd en Linux con una configuración de imagen especialmente diseñada podían conseguir acceso a copias de sólo lectura de archivos y directorios arbitrarios en el host. Esto puede omitir cualquier aplicación basada en políticas sobre la configuración de contenedores (incluyendo una política de seguridad de Kubernetes Pod) y exponer información potencialmente confidencial. Kubernetes y crictl pueden ser configurados para usar la implementación de CRI de containerd. Este error ha sido corregido en containerd versiones 1.6.1, 1.5.10 y 1.4.12. Los usuarios deben actualizar a estas versiones para resolver el problema", }, ], id: "CVE-2022-23648", lastModified: "2024-01-31T13:15:08.760", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security-advisories@github.com", type: "Secondary", }, ], }, published: "2022-03-03T14:15:07.973", references: [ { source: "security-advisories@github.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/166421/containerd-Image-Volume-Insecure-Handling.html", }, { source: "security-advisories@github.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/containerd/containerd/commit/10f428dac7cec44c864e1b830a4623af27a9fc70", }, { source: "security-advisories@github.com", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/containerd/containerd/releases/tag/v1.4.13", }, { source: "security-advisories@github.com", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/containerd/containerd/releases/tag/v1.5.10", }, { source: "security-advisories@github.com", tags: [ "Patch", "Release Notes", "Third Party Advisory", ], url: "https://github.com/containerd/containerd/releases/tag/v1.6.1", }, { source: "security-advisories@github.com", tags: [ "Third Party Advisory", ], url: "https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AUDQUQBZJGBWJPMRVB6QCCCRF7O3O4PA/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFTS2EF3S7HNYSNZSEJZIJHPRU7OPUV3/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OCCARJ6FU4MWBTXHZNMS7NELPDBIX2VO/", }, { source: "security-advisories@github.com", url: "https://security.gentoo.org/glsa/202401-31", }, { source: "security-advisories@github.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://www.debian.org/security/2022/dsa-5091", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-200", }, ], source: "security-advisories@github.com", type: "Secondary", }, ], }, }, }, }
wid-sec-w-2022-1375
Vulnerability from csaf_certbund
Published
2022-09-11 22:00
Modified
2023-09-14 22:00
Summary
JFrog Artifactory: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
JFrog Artifactory ist eine universelle DevOps-Lösung.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in JFrog Artifactory ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen.
Betroffene Betriebssysteme
- UNIX
- Linux
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "JFrog Artifactory ist eine universelle DevOps-Lösung.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in JFrog Artifactory ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2022-1375 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1375.json", }, { category: "self", summary: "WID-SEC-2022-1375 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1375", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5165 vom 2023-09-14", url: "https://access.redhat.com/errata/RHSA-2023:5165", }, { category: "external", summary: "JFrog Fixed Security Vulnerabilities vom 2022-09-11", url: "https://www.jfrog.com/confluence/display/JFROG/Fixed+Security+Vulnerabilities", }, { category: "external", summary: "JFrog Fixed Security Vulnerabilities", url: "https://www.jfrog.com/confluence/display/JFROG/Fixed+Security+Vulnerabilities", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:6782 vom 2022-10-04", url: "https://access.redhat.com/errata/RHSA-2022:6782", }, { category: "external", summary: "Ubuntu Security Notice USN-5776-1 vom 2022-12-13", url: "https://ubuntu.com/security/notices/USN-5776-1", }, ], source_lang: "en-US", title: "JFrog Artifactory: Mehrere Schwachstellen", tracking: { current_release_date: "2023-09-14T22:00:00.000+00:00", generator: { date: "2024-08-15T17:34:59.214+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2022-1375", initial_release_date: "2022-09-11T22:00:00.000+00:00", revision_history: [ { date: "2022-09-11T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2022-10-03T22:00:00.000+00:00", number: "2", summary: "Neue Updates aufgenommen", }, { date: "2022-10-04T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2022-12-12T23:00:00.000+00:00", number: "4", summary: "Neue Updates von Ubuntu aufgenommen", }, { date: "2022-12-20T23:00:00.000+00:00", number: "5", summary: "Referenz(en) aufgenommen: FEDORA-2022-DB674BAFD9, FEDORA-2022-7E327A20BE", }, { date: "2023-09-14T22:00:00.000+00:00", number: "6", summary: "Neue Updates von Red Hat aufgenommen", }, ], status: "final", version: "6", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "JFrog Artifactory", product: { name: "JFrog Artifactory", product_id: "T024527", product_identification_helper: { cpe: "cpe:/a:jfrog:artifactory:-", }, }, }, { category: "product_name", name: "JFrog Artifactory < 7.46.3", product: { name: "JFrog Artifactory < 7.46.3", product_id: "T024764", product_identification_helper: { cpe: "cpe:/a:jfrog:artifactory:7.46.3", }, }, }, ], category: "product_name", name: "Artifactory", }, ], category: "vendor", name: "JFrog", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, ], }, vulnerabilities: [ { cve: "CVE-2013-4517", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2013-4517", }, { cve: "CVE-2013-7285", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2013-7285", }, { cve: "CVE-2014-0107", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2014-0107", }, { cve: "CVE-2014-0114", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2014-0114", }, { cve: "CVE-2014-3577", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2014-3577", }, { cve: "CVE-2014-3623", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2014-3623", }, { cve: "CVE-2015-0227", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2015-0227", }, { cve: "CVE-2015-2575", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2015-2575", }, { cve: "CVE-2015-3253", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2015-3253", }, { cve: "CVE-2015-4852", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2015-4852", }, { cve: "CVE-2015-7940", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2015-7940", }, { cve: "CVE-2016-10750", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2016-10750", }, { cve: "CVE-2016-3092", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2016-3092", }, { cve: "CVE-2016-3674", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2016-3674", }, { cve: "CVE-2016-6501", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2016-6501", }, { cve: "CVE-2016-8735", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2016-8735", }, { cve: "CVE-2016-8745", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2016-8745", }, { cve: "CVE-2017-1000487", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2017-1000487", }, { cve: "CVE-2017-15095", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2017-15095", }, { cve: "CVE-2017-17485", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2017-17485", }, { cve: "CVE-2017-18214", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2017-18214", }, { cve: "CVE-2017-18640", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2017-18640", }, { cve: "CVE-2017-7525", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2017-7525", }, { cve: "CVE-2017-7657", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2017-7657", }, { cve: "CVE-2017-7957", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2017-7957", }, { cve: "CVE-2017-9506", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2017-9506", }, { cve: "CVE-2018-1000206", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2018-1000206", }, { cve: "CVE-2018-9116", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2018-9116", }, { cve: "CVE-2019-10219", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2019-10219", }, { cve: "CVE-2019-12402", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2019-12402", }, { cve: "CVE-2019-17359", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2019-17359", }, { cve: "CVE-2019-17571", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2019-17571", }, { cve: "CVE-2019-20104", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2019-20104", }, { cve: "CVE-2020-11996", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2020-11996", }, { cve: "CVE-2020-13934", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2020-13934", }, { cve: "CVE-2020-13935", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2020-13935", }, { cve: "CVE-2020-13949", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2020-13949", }, { cve: "CVE-2020-14340", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2020-14340", }, { cve: "CVE-2020-15586", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2020-15586", }, { cve: "CVE-2020-1745", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2020-1745", }, { cve: "CVE-2020-17521", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2020-17521", }, { cve: "CVE-2020-25649", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2020-25649", }, { cve: "CVE-2020-28500", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2020-28500", }, { cve: "CVE-2020-29582", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2020-29582", }, { cve: "CVE-2020-36518", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2020-36518", }, { cve: "CVE-2020-7226", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2020-7226", }, { cve: "CVE-2020-7692", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2020-7692", }, { cve: "CVE-2020-8203", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2020-8203", }, { cve: "CVE-2021-13936", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-13936", }, { cve: "CVE-2021-21290", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-21290", }, { cve: "CVE-2021-22060", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-22060", }, { cve: "CVE-2021-22112", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-22112", }, { cve: "CVE-2021-22119", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-22119", }, { cve: "CVE-2021-22147", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-22147", }, { cve: "CVE-2021-22148", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-22148", }, { cve: "CVE-2021-22149", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-22149", }, { cve: "CVE-2021-22573", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-22573", }, { cve: "CVE-2021-23337", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-23337", }, { cve: "CVE-2021-25122", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-25122", }, { cve: "CVE-2021-26291", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-26291", }, { cve: "CVE-2021-27568", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-27568", }, { cve: "CVE-2021-29505", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-29505", }, { cve: "CVE-2021-30129", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-30129", }, { cve: "CVE-2021-33037", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-33037", }, { cve: "CVE-2021-35550", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-35550", }, { cve: "CVE-2021-35556", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-35556", }, { cve: "CVE-2021-35560", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-35560", }, { cve: "CVE-2021-35561", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-35561", }, { cve: "CVE-2021-35564", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-35564", }, { cve: "CVE-2021-35565", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-35565", }, { cve: "CVE-2021-35567", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-35567", }, { cve: "CVE-2021-35578", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-35578", }, { cve: "CVE-2021-35586", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-35586", }, { cve: "CVE-2021-35588", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-35588", }, { cve: "CVE-2021-35603", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-35603", }, { cve: "CVE-2021-36374", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-36374", }, { cve: "CVE-2021-3765", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-3765", }, { cve: "CVE-2021-3807", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-3807", }, { cve: "CVE-2021-38561", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-38561", }, { cve: "CVE-2021-3859", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-3859", }, { cve: "CVE-2021-41090", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-41090", }, { cve: "CVE-2021-41091", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-41091", }, { cve: "CVE-2021-42340", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-42340", }, { cve: "CVE-2021-42550", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-42550", }, { cve: "CVE-2021-43797", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-43797", }, { cve: "CVE-2022-0536", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2022-0536", }, { cve: "CVE-2022-22963", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2022-22963", }, { cve: "CVE-2022-23632", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2022-23632", }, { cve: "CVE-2022-23648", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2022-23648", }, { cve: "CVE-2022-23806", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2022-23806", }, { cve: "CVE-2022-24769", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2022-24769", }, { cve: "CVE-2022-24823", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2022-24823", }, { cve: "CVE-2022-27191", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2022-27191", }, { cve: "CVE-2022-29153", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2022-29153", }, { cve: "CVE-2022-32212", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2022-32212", }, { cve: "CVE-2022-32213", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2022-32213", }, { cve: "CVE-2022-32214", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2022-32214", }, { cve: "CVE-2022-32215", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2022-32215", }, { cve: "CVE-2022-32223", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2022-32223", }, ], }
WID-SEC-W-2022-1375
Vulnerability from csaf_certbund
Published
2022-09-11 22:00
Modified
2023-09-14 22:00
Summary
JFrog Artifactory: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
JFrog Artifactory ist eine universelle DevOps-Lösung.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in JFrog Artifactory ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen.
Betroffene Betriebssysteme
- UNIX
- Linux
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "JFrog Artifactory ist eine universelle DevOps-Lösung.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in JFrog Artifactory ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen.", title: "Angriff", }, { category: "general", text: "- UNIX\n- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2022-1375 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1375.json", }, { category: "self", summary: "WID-SEC-2022-1375 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1375", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:5165 vom 2023-09-14", url: "https://access.redhat.com/errata/RHSA-2023:5165", }, { category: "external", summary: "JFrog Fixed Security Vulnerabilities vom 2022-09-11", url: "https://www.jfrog.com/confluence/display/JFROG/Fixed+Security+Vulnerabilities", }, { category: "external", summary: "JFrog Fixed Security Vulnerabilities", url: "https://www.jfrog.com/confluence/display/JFROG/Fixed+Security+Vulnerabilities", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2022:6782 vom 2022-10-04", url: "https://access.redhat.com/errata/RHSA-2022:6782", }, { category: "external", summary: "Ubuntu Security Notice USN-5776-1 vom 2022-12-13", url: "https://ubuntu.com/security/notices/USN-5776-1", }, ], source_lang: "en-US", title: "JFrog Artifactory: Mehrere Schwachstellen", tracking: { current_release_date: "2023-09-14T22:00:00.000+00:00", generator: { date: "2024-08-15T17:34:59.214+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2022-1375", initial_release_date: "2022-09-11T22:00:00.000+00:00", revision_history: [ { date: "2022-09-11T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2022-10-03T22:00:00.000+00:00", number: "2", summary: "Neue Updates aufgenommen", }, { date: "2022-10-04T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2022-12-12T23:00:00.000+00:00", number: "4", summary: "Neue Updates von Ubuntu aufgenommen", }, { date: "2022-12-20T23:00:00.000+00:00", number: "5", summary: "Referenz(en) aufgenommen: FEDORA-2022-DB674BAFD9, FEDORA-2022-7E327A20BE", }, { date: "2023-09-14T22:00:00.000+00:00", number: "6", summary: "Neue Updates von Red Hat aufgenommen", }, ], status: "final", version: "6", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "JFrog Artifactory", product: { name: "JFrog Artifactory", product_id: "T024527", product_identification_helper: { cpe: "cpe:/a:jfrog:artifactory:-", }, }, }, { category: "product_name", name: "JFrog Artifactory < 7.46.3", product: { name: "JFrog Artifactory < 7.46.3", product_id: "T024764", product_identification_helper: { cpe: "cpe:/a:jfrog:artifactory:7.46.3", }, }, }, ], category: "product_name", name: "Artifactory", }, ], category: "vendor", name: "JFrog", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, ], }, vulnerabilities: [ { cve: "CVE-2013-4517", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2013-4517", }, { cve: "CVE-2013-7285", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2013-7285", }, { cve: "CVE-2014-0107", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2014-0107", }, { cve: "CVE-2014-0114", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2014-0114", }, { cve: "CVE-2014-3577", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2014-3577", }, { cve: "CVE-2014-3623", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2014-3623", }, { cve: "CVE-2015-0227", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2015-0227", }, { cve: "CVE-2015-2575", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2015-2575", }, { cve: "CVE-2015-3253", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2015-3253", }, { cve: "CVE-2015-4852", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2015-4852", }, { cve: "CVE-2015-7940", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2015-7940", }, { cve: "CVE-2016-10750", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2016-10750", }, { cve: "CVE-2016-3092", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2016-3092", }, { cve: "CVE-2016-3674", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2016-3674", }, { cve: "CVE-2016-6501", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2016-6501", }, { cve: "CVE-2016-8735", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2016-8735", }, { cve: "CVE-2016-8745", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2016-8745", }, { cve: "CVE-2017-1000487", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2017-1000487", }, { cve: "CVE-2017-15095", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2017-15095", }, { cve: "CVE-2017-17485", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2017-17485", }, { cve: "CVE-2017-18214", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2017-18214", }, { cve: "CVE-2017-18640", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2017-18640", }, { cve: "CVE-2017-7525", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2017-7525", }, { cve: "CVE-2017-7657", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2017-7657", }, { cve: "CVE-2017-7957", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2017-7957", }, { cve: "CVE-2017-9506", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2017-9506", }, { cve: "CVE-2018-1000206", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2018-1000206", }, { cve: "CVE-2018-9116", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2018-9116", }, { cve: "CVE-2019-10219", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2019-10219", }, { cve: "CVE-2019-12402", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2019-12402", }, { cve: "CVE-2019-17359", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2019-17359", }, { cve: "CVE-2019-17571", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2019-17571", }, { cve: "CVE-2019-20104", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2019-20104", }, { cve: "CVE-2020-11996", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2020-11996", }, { cve: "CVE-2020-13934", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2020-13934", }, { cve: "CVE-2020-13935", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2020-13935", }, { cve: "CVE-2020-13949", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2020-13949", }, { cve: "CVE-2020-14340", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2020-14340", }, { cve: "CVE-2020-15586", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2020-15586", }, { cve: "CVE-2020-1745", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2020-1745", }, { cve: "CVE-2020-17521", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2020-17521", }, { cve: "CVE-2020-25649", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2020-25649", }, { cve: "CVE-2020-28500", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2020-28500", }, { cve: "CVE-2020-29582", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2020-29582", }, { cve: "CVE-2020-36518", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2020-36518", }, { cve: "CVE-2020-7226", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2020-7226", }, { cve: "CVE-2020-7692", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2020-7692", }, { cve: "CVE-2020-8203", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2020-8203", }, { cve: "CVE-2021-13936", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-13936", }, { cve: "CVE-2021-21290", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-21290", }, { cve: "CVE-2021-22060", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-22060", }, { cve: "CVE-2021-22112", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-22112", }, { cve: "CVE-2021-22119", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-22119", }, { cve: "CVE-2021-22147", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-22147", }, { cve: "CVE-2021-22148", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-22148", }, { cve: "CVE-2021-22149", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-22149", }, { cve: "CVE-2021-22573", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-22573", }, { cve: "CVE-2021-23337", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-23337", }, { cve: "CVE-2021-25122", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-25122", }, { cve: "CVE-2021-26291", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-26291", }, { cve: "CVE-2021-27568", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-27568", }, { cve: "CVE-2021-29505", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-29505", }, { cve: "CVE-2021-30129", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-30129", }, { cve: "CVE-2021-33037", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-33037", }, { cve: "CVE-2021-35550", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-35550", }, { cve: "CVE-2021-35556", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-35556", }, { cve: "CVE-2021-35560", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-35560", }, { cve: "CVE-2021-35561", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-35561", }, { cve: "CVE-2021-35564", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-35564", }, { cve: "CVE-2021-35565", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-35565", }, { cve: "CVE-2021-35567", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-35567", }, { cve: "CVE-2021-35578", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-35578", }, { cve: "CVE-2021-35586", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-35586", }, { cve: "CVE-2021-35588", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-35588", }, { cve: "CVE-2021-35603", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-35603", }, { cve: "CVE-2021-36374", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-36374", }, { cve: "CVE-2021-3765", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-3765", }, { cve: "CVE-2021-3807", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-3807", }, { cve: "CVE-2021-38561", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-38561", }, { cve: "CVE-2021-3859", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-3859", }, { cve: "CVE-2021-41090", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-41090", }, { cve: "CVE-2021-41091", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-41091", }, { cve: "CVE-2021-42340", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-42340", }, { cve: "CVE-2021-42550", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-42550", }, { cve: "CVE-2021-43797", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2021-43797", }, { cve: "CVE-2022-0536", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2022-0536", }, { cve: "CVE-2022-22963", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2022-22963", }, { cve: "CVE-2022-23632", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2022-23632", }, { cve: "CVE-2022-23648", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2022-23648", }, { cve: "CVE-2022-23806", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2022-23806", }, { cve: "CVE-2022-24769", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2022-24769", }, { cve: "CVE-2022-24823", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2022-24823", }, { cve: "CVE-2022-27191", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2022-27191", }, { cve: "CVE-2022-29153", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2022-29153", }, { cve: "CVE-2022-32212", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2022-32212", }, { cve: "CVE-2022-32213", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2022-32213", }, { cve: "CVE-2022-32214", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2022-32214", }, { cve: "CVE-2022-32215", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2022-32215", }, { cve: "CVE-2022-32223", notes: [ { category: "description", text: "In JFrog Artifactory existieren Zahlreiche Schwachstellen in verschiedenen Komponenten von Drittanbietern. Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen und einen Denial-of-Service-Zustand auszulösen. Das erfolgreiche Ausnutzen einiger dieser Schwachstellen erfordert eine Benutzerinteraktion und erhöhte Rechte.", }, ], product_status: { known_affected: [ "T024527", "67646", "T000126", "T024764", ], }, release_date: "2022-09-11T22:00:00.000+00:00", title: "CVE-2022-32223", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.