Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-27191 (GCVE-0-2022-27191)
Vulnerability from cvelistv5 – Published: 2022-03-18 06:03 – Updated: 2024-08-03 05:25
VLAI
EPSS
VEX
Summary
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.
Severity
7.5 (High)
CWE
- n/a
Assigner
References
14 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:25:31.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s"
},
{
"name": "FEDORA-2022-a4c9009f3e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/"
},
{
"name": "FEDORA-2022-d37fb34309",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/"
},
{
"name": "FEDORA-2022-3a63897745",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/"
},
{
"name": "FEDORA-2022-5cbd6de569",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/"
},
{
"name": "FEDORA-2022-c87047f163",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220429-0002/"
},
{
"name": "FEDORA-2022-14712f9699",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O/"
},
{
"name": "FEDORA-2022-08ae2dd481",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP/"
},
{
"name": "FEDORA-2022-5e637f6cc6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/"
},
{
"name": "FEDORA-2022-fae3ecee19",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/"
},
{
"name": "FEDORA-2022-ba365d3703",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/"
},
{
"name": "FEDORA-2022-30c5ed5625",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-17T03:11:23.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/golang-announce"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s"
},
{
"name": "FEDORA-2022-a4c9009f3e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/"
},
{
"name": "FEDORA-2022-d37fb34309",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/"
},
{
"name": "FEDORA-2022-3a63897745",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/"
},
{
"name": "FEDORA-2022-5cbd6de569",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/"
},
{
"name": "FEDORA-2022-c87047f163",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220429-0002/"
},
{
"name": "FEDORA-2022-14712f9699",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O/"
},
{
"name": "FEDORA-2022-08ae2dd481",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP/"
},
{
"name": "FEDORA-2022-5e637f6cc6",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/"
},
{
"name": "FEDORA-2022-fae3ecee19",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/"
},
{
"name": "FEDORA-2022-ba365d3703",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/"
},
{
"name": "FEDORA-2022-30c5ed5625",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-27191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/golang-announce",
"refsource": "MISC",
"url": "https://groups.google.com/g/golang-announce"
},
{
"name": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s",
"refsource": "CONFIRM",
"url": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s"
},
{
"name": "FEDORA-2022-a4c9009f3e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/"
},
{
"name": "FEDORA-2022-d37fb34309",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/"
},
{
"name": "FEDORA-2022-3a63897745",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/"
},
{
"name": "FEDORA-2022-5cbd6de569",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/"
},
{
"name": "FEDORA-2022-c87047f163",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220429-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220429-0002/"
},
{
"name": "FEDORA-2022-14712f9699",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O/"
},
{
"name": "FEDORA-2022-08ae2dd481",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP/"
},
{
"name": "FEDORA-2022-5e637f6cc6",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/"
},
{
"name": "FEDORA-2022-fae3ecee19",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/"
},
{
"name": "FEDORA-2022-ba365d3703",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/"
},
{
"name": "FEDORA-2022-30c5ed5625",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-27191",
"datePublished": "2022-03-18T06:03:34.000Z",
"dateReserved": "2022-03-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T05:25:31.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-27191",
"date": "2026-07-18",
"epss": "0.03931",
"percentile": "0.89208"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:golang:ssh:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"0.0.0-20220314234659-1baeb1ce4c0b\", \"matchCriteriaId\": \"04A5DBFD-CC3C-4C2F-A094-EB3AA52F9ADE\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB176AC3-3CDA-4DDA-9089-C67B2F73AA62\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A930E247-0B43-43CB-98FF-6CE7B8189835\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B0E6B4B-BAA6-474E-A18C-72C9719CEC1F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.\"}, {\"lang\": \"es\", \"value\": \"El paquete golang.org/x/crypto/ssh anterior a 0.0.0-20220314234659-1baeb1ce4c0b para Go permite a un atacante bloquear un servidor en ciertas circunstancias que implican AddHostKey\"}]",
"id": "CVE-2022-27191",
"lastModified": "2024-11-21T06:55:22.620",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:P\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2022-03-18T07:15:06.750",
"references": "[{\"url\": \"https://groups.google.com/g/golang-announce\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/-cp44ypCT5s\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220429-0002/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://groups.google.com/g/golang-announce\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://groups.google.com/g/golang-announce/c/-cp44ypCT5s\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220429-0002/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-27191\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-03-18T07:15:06.750\",\"lastModified\":\"2026-06-17T04:36:28.267\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.\"},{\"lang\":\"es\",\"value\":\"El paquete golang.org/x/crypto/ssh anterior a 0.0.0-20220314234659-1baeb1ce4c0b para Go permite a un atacante bloquear un servidor en ciertas circunstancias que implican AddHostKey\"}],\"affected\":[{\"source\":\"cve@mitre.org\",\"affectedData\":[{\"vendor\":\"n/a\",\"product\":\"n/a\",\"versions\":[{\"version\":\"n/a\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:ssh:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.0.0-20220314234659-1baeb1ce4c0b\",\"matchCriteriaId\":\"04A5DBFD-CC3C-4C2F-A094-EB3AA52F9ADE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB176AC3-3CDA-4DDA-9089-C67B2F73AA62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B0E6B4B-BAA6-474E-A18C-72C9719CEC1F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]}],\"references\":[{\"url\":\"https://groups.google.com/g/golang-announce\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/-cp44ypCT5s\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20220429-0002/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/-cp44ypCT5s\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20220429-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"redhat_vex": {
"aggregate_severity": "Moderate",
"current_release_date": "2026-07-17T20:49:12+00:00",
"cve": "CVE-2022-27191",
"id": "CVE-2022-27191",
"initial_release_date": "2022-03-15T00:00:00+00:00",
"product_status:fixed": "808",
"product_status:known_affected": "82",
"product_status:known_not_affected": "4981",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "golang: crash in a golang.org/x/crypto/ssh server",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2022/cve-2022-27191.json",
"version": "3"
}
}
}
cleanstart-2026-rr97166
Vulnerability from cleanstart
Published
2026-06-08 14:19
Modified
2026-06-03 10:25
Summary
Security fixes for CVE-2021-38561, CVE-2022-27191 applied in versions: 3.1.2-r3, 3.1.2-r4
Details
Multiple security vulnerabilities affect the git-lfs package. These issues are resolved in later releases. See references for individual vulnerability details.
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "git-lfs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.2-r4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the git-lfs package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-RR97166",
"modified": "2026-06-03T10:25:19Z",
"published": "2026-06-08T14:19:27.617592Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-RR97166.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-38561"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27191"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38561"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27191"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2021-38561, CVE-2022-27191 applied in versions: 3.1.2-r3, 3.1.2-r4",
"upstream": [
"CVE-2021-38561",
"CVE-2022-27191"
]
}
FKIE_CVE-2022-27191
Vulnerability from fkie_nvd - Published: 2022-03-18 07:15 - Updated: 2026-06-17 04:36
Severity
Summary
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| golang | ssh | * | |
| fedoraproject | extra_packages_for_enterprise_linux | 8.0 | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| redhat | advanced_cluster_management_for_kubernetes | 2.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 |
{
"affected": [
{
"affectedData": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"source": "cve@mitre.org"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:golang:ssh:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04A5DBFD-CC3C-4C2F-A094-EB3AA52F9ADE",
"versionEndExcluding": "0.0.0-20220314234659-1baeb1ce4c0b",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB176AC3-3CDA-4DDA-9089-C67B2F73AA62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B0E6B4B-BAA6-474E-A18C-72C9719CEC1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey."
},
{
"lang": "es",
"value": "El paquete golang.org/x/crypto/ssh anterior a 0.0.0-20220314234659-1baeb1ce4c0b para Go permite a un atacante bloquear un servidor en ciertas circunstancias que implican AddHostKey"
}
],
"id": "CVE-2022-27191",
"lastModified": "2026-06-17T04:36:28.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-18T07:15:06.750",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/golang-announce"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220429-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/golang-announce"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220429-0002/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-8C26-WMH5-6G9V
Vulnerability from github – Published: 2022-03-19 00:01 – Updated: 2023-08-30 13:52
VLAI
Summary
golang.org/x/crypto/ssh Denial of service via crafted Signer
Details
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.
Severity
7.5 (High)
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "golang.org/x/crypto"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.0-20220314234659-1baeb1ce4c0b"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-27191"
],
"database_specific": {
"cwe_ids": [
"CWE-327"
],
"github_reviewed": true,
"github_reviewed_at": "2022-03-30T18:48:41Z",
"nvd_published_at": "2022-03-18T07:15:00Z",
"severity": "HIGH"
},
"details": "The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.",
"id": "GHSA-8c26-wmh5-6g9v",
"modified": "2023-08-30T13:52:18Z",
"published": "2022-03-19T00:01:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27191"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220429-0002"
},
{
"type": "WEB",
"url": "https://raw.githubusercontent.com/golang/vulndb/df2d3d326300e2ae768f00351ffa96cc2c56cf54/reports/GO-2021-0356.yaml"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2021-0356"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-announce"
},
{
"type": "WEB",
"url": "https://go.googlesource.com/crypto/+/1baeb1ce4c0b006eff0f294c47cb7617598dfb3d"
},
{
"type": "WEB",
"url": "https://go.dev/cl/392355"
},
{
"type": "PACKAGE",
"url": "https://cs.opensource.google/go/x/crypto"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "golang.org/x/crypto/ssh Denial of service via crafted Signer"
}
GSD-2022-27191
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-27191",
"description": "golang.org/x/crypto/ssh before 0.0.0-20220314234659-1baeb1ce4c0b in Go through 1.16.15 and 1.17.x through 1.17.8 allows an attacker to crash a server in certain circumstances involving AddHostKey.",
"id": "GSD-2022-27191",
"references": [
"https://www.suse.com/security/cve/CVE-2022-27191.html",
"https://access.redhat.com/errata/RHSA-2022:1476",
"https://access.redhat.com/errata/RHSA-2022:4956",
"https://access.redhat.com/errata/RHSA-2022:5068",
"https://access.redhat.com/errata/RHSA-2022:5069",
"https://alas.aws.amazon.com/cve/html/CVE-2022-27191.html",
"https://access.redhat.com/errata/RHSA-2022:6347",
"https://access.redhat.com/errata/RHSA-2022:6526",
"https://access.redhat.com/errata/RHSA-2022:6527",
"https://access.redhat.com/errata/RHSA-2022:7457",
"https://access.redhat.com/errata/RHSA-2022:7469",
"https://access.redhat.com/errata/RHSA-2022:7954",
"https://access.redhat.com/errata/RHSA-2022:8008",
"https://access.redhat.com/errata/RHSA-2022:8634",
"https://access.redhat.com/errata/RHSA-2022:8893",
"https://access.redhat.com/errata/RHSA-2022:8932",
"https://access.redhat.com/errata/RHSA-2022:8938",
"https://access.redhat.com/errata/RHSA-2022:9107",
"https://access.redhat.com/errata/RHSA-2022:7401",
"https://access.redhat.com/errata/RHSA-2022:9096"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-27191"
],
"details": "The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.",
"id": "GSD-2022-27191",
"modified": "2023-12-13T01:19:41.280136Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-27191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/golang-announce",
"refsource": "MISC",
"url": "https://groups.google.com/g/golang-announce"
},
{
"name": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s",
"refsource": "CONFIRM",
"url": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s"
},
{
"name": "FEDORA-2022-a4c9009f3e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/"
},
{
"name": "FEDORA-2022-d37fb34309",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/"
},
{
"name": "FEDORA-2022-3a63897745",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/"
},
{
"name": "FEDORA-2022-5cbd6de569",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/"
},
{
"name": "FEDORA-2022-c87047f163",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220429-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220429-0002/"
},
{
"name": "FEDORA-2022-14712f9699",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O/"
},
{
"name": "FEDORA-2022-08ae2dd481",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP/"
},
{
"name": "FEDORA-2022-5e637f6cc6",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/"
},
{
"name": "FEDORA-2022-fae3ecee19",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/"
},
{
"name": "FEDORA-2022-ba365d3703",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/"
},
{
"name": "FEDORA-2022-30c5ed5625",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c0.0.0-20220314234659-1baeb1ce4c0b",
"affected_versions": "All versions before 0.0.0-20220314234659-1baeb1ce4c0b",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-327",
"CWE-937"
],
"date": "2023-02-17",
"description": "The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.",
"fixed_versions": [
"0.0.0-20220314234659-1baeb1ce4c0b"
],
"identifier": "CVE-2022-27191",
"identifiers": [
"GHSA-8c26-wmh5-6g9v",
"CVE-2022-27191"
],
"not_impacted": "All versions starting from 0.0.0-20220314234659-1baeb1ce4c0b",
"package_slug": "go/golang.org/x/crypto",
"pubdate": "2022-03-19",
"solution": "Upgrade to version 0.0.0-20220314234659-1baeb1ce4c0b or above.",
"title": "Use of a Broken or Risky Cryptographic Algorithm",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-27191",
"https://groups.google.com/g/golang-announce",
"https://groups.google.com/g/golang-announce/c/-cp44ypCT5s",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/",
"https://security.netapp.com/advisory/ntap-20220429-0002/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/",
"https://raw.githubusercontent.com/golang/vulndb/df2d3d326300e2ae768f00351ffa96cc2c56cf54/reports/GO-2021-0356.yaml",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/",
"https://go.dev/cl/392355",
"https://go.googlesource.com/crypto/+/1baeb1ce4c0b006eff0f294c47cb7617598dfb3d",
"https://pkg.go.dev/vuln/GO-2021-0356",
"https://github.com/advisories/GHSA-8c26-wmh5-6g9v"
],
"uuid": "34db488c-8cde-4eca-ab9c-4411a88e5e15"
},
{
"affected_range": "\u003c=0.0.0-20220214200702-86341886e292",
"affected_versions": "All versions up to 0.0.0-20220214200702-86341886e292",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-327",
"CWE-937"
],
"date": "2022-03-30",
"description": "golang.org/x/crypto/ssh before 0.0.0-20220314234659-1baeb1ce4c0b in Go through 1.16.15 and 1.17.x through 1.17.8 allows an attacker to crash a server in certain circumstances involving AddHostKey.",
"fixed_versions": [
"0.0.0-20220315160706-3147a52a75dd"
],
"identifier": "CVE-2022-27191",
"identifiers": [
"GHSA-8c26-wmh5-6g9v",
"CVE-2022-27191"
],
"not_impacted": "All versions after 0.0.0-20220214200702-86341886e292",
"package_slug": "go/golang.org/x/crypto/ssh",
"pubdate": "2022-03-19",
"solution": "Upgrade to version 0.0.0-20220315160706-3147a52a75dd or above.",
"title": "Use of a Broken or Risky Cryptographic Algorithm",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-27191",
"https://groups.google.com/g/golang-announce",
"https://groups.google.com/g/golang-announce/c/-cp44ypCT5s",
"https://github.com/advisories/GHSA-8c26-wmh5-6g9v"
],
"uuid": "eea7ef9b-c821-4e05-9a95-e9ddeac7fafa"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:golang:ssh:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "0.0.0-20220314234659-1baeb1ce4c0b",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:advanced_cluster_management_for_kubernetes:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-27191"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s",
"refsource": "CONFIRM",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/golang-announce/c/-cp44ypCT5s"
},
{
"name": "https://groups.google.com/g/golang-announce",
"refsource": "MISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/golang-announce"
},
{
"name": "FEDORA-2022-a4c9009f3e",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HHGBEGJ54DZZGTXFUQNS7ZIG3E624YAF/"
},
{
"name": "FEDORA-2022-d37fb34309",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QTFOIDHQRGNI4P6LYN6ILH5G443RYYKB/"
},
{
"name": "FEDORA-2022-5cbd6de569",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQNPPQWSTP2IX7SHE6TS4SP4EVMI5EZK/"
},
{
"name": "FEDORA-2022-3a63897745",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHYRQB7TRMHDB3NEHW5XBRG7PPMUTPGV/"
},
{
"name": "FEDORA-2022-c87047f163",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220429-0002/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220429-0002/"
},
{
"name": "FEDORA-2022-14712f9699",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZ3S7LB65N54HXXBCB67P4TTOHTNPP5O/"
},
{
"name": "FEDORA-2022-08ae2dd481",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFUNHFHQVJSADNH7EZ3B53CYDZVEEPBP/"
},
{
"name": "FEDORA-2022-5e637f6cc6",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/"
},
{
"name": "FEDORA-2022-fae3ecee19",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/"
},
{
"name": "FEDORA-2022-ba365d3703",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/"
},
{
"name": "FEDORA-2022-30c5ed5625",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-10-26T17:52Z",
"publishedDate": "2022-03-18T07:15Z"
}
}
}
OPENSUSE-SU-2024:0319-1
Vulnerability from csaf_opensuse - Published: 2024-09-27 14:01 - Updated: 2024-09-27 14:01Summary
Security update for coredns
Severity
Moderate
Notes
Title of the patch: Security update for coredns
Description of the patch: This update for coredns fixes the following issues:
Update to version 1.11.3:
* optimize the performance for high qps (#6767)
* bump deps
* Fix zone parser error handling (#6680)
* Add alternate option to forward plugin (#6681)
* fix: plugin/file: return error when parsing the file fails (#6699)
* [fix:documentation] Clarify autopath README (#6750)
* Fix outdated test (#6747)
* Bump go version from 1.21.8 to 1.21.11 (#6755)
* Generate zplugin.go correctly with third-party plugins (#6692)
* dnstap: uses pointer receiver for small response writer (#6644)
* chore: fix function name in comment (#6608)
* [plugin/forward] Strip local zone from IPV6 nameservers (#6635)
- fixes CVE-2023-30464
- fixes CVE-2023-28452
Update to upstream head (git commit #5a52707):
* bump deps to address security issue CVE-2024-22189
* Return RcodeServerFailure when DNS64 has no next plugin (#6590)
* add plusserver to adopters (#6565)
* Change the log flags to be a variable that can be set prior to calling Run (#6546)
* Enable Prometheus native histograms (#6524)
* forward: respect context (#6483)
* add client labels to k8s plugin metadata (#6475)
* fix broken link in webpage (#6488)
* Repo controlled Go version (#6526)
* removed the mutex locks with atomic bool (#6525)
Update to version 1.11.2:
* rewrite: fix multi request concurrency issue in cname rewrite (#6407)
* plugin/tls: respect the path specified by root plugin (#6138)
* plugin/auto: warn when auto is unable to read elements of the directory tree (#6333)
* fix: make the codeowners link relative (#6397)
* plugin/etcd: the etcd client adds the DialKeepAliveTime parameter (#6351)
* plugin/cache: key cache on Checking Disabled (CD) bit (#6354)
* Use the correct root domain name in the proxy plugin's TestHealthX tests (#6395)
* Add PITS Global Data Recovery Services as an adopter (#6304)
* Handle UDP responses that overflow with TC bit with test case (#6277)
* plugin/rewrite: add rcode as a rewrite option (#6204)
- CVE-2024-0874: coredns: CD bit response is cached and served later
- Update to version 1.11.1:
* Revert “plugin/forward: Continue waiting after receiving malformed responses
* plugin/dnstap: add support for “extra” field in payload
* plugin/cache: fix keepttl parsing
- Update to version 1.11.0:
* Adds support for accepting DNS connections over QUIC (doq).
* Adds CNAME target rewrites to the rewrite plugin.
* Plus many bug fixes, and some security improvements.
* This release introduces the following backward incompatible changes:
+ In the kubernetes plugin, we have dropped support for watching Endpoint and Endpointslice v1beta,
since all supported K8s versions now use Endpointslice.
+ The bufsize plugin changed its default size limit value to 1232
+ Some changes to forward plugin metrics.
- Update to version 1.10.1:
* Corrected architecture labels in multi-arch image manifest
* A new plugin timeouts that allows configuration of server listener timeout durations
* acl can drop queries as an action
* template supports creating responses with extended DNS errors
* New weighted policy in loadbalance
* Option to serve original record TTLs from cache
- Update to version 1.10.0:
* core: add log listeners for k8s_event plugin (#5451)
* core: log DoH HTTP server error logs in CoreDNS format (#5457)
* core: warn when domain names are not in RFC1035 preferred syntax (#5414)
* plugin/acl: add support for extended DNS errors (#5532)
* plugin/bufsize: do not expand query UDP buffer size if already set to a smaller value (#5602)
* plugin/cache: add cache disable option (#5540)
* plugin/cache: add metadata for wildcard record responses (#5308)
* plugin/cache: add option to adjust SERVFAIL response cache TTL (#5320)
* plugin/cache: correct responses to Authenticated Data requests (#5191)
* plugin/dnstap: add identity and version support for the dnstap plugin (#5555)
* plugin/file: add metadata for wildcard record responses (#5308)
* plugin/forward: enable multiple forward declarations (#5127)
* plugin/forward: health_check needs to normalize a specified domain name (#5543)
* plugin/forward: remove unused coredns_forward_sockets_open metric (#5431)
* plugin/header: add support for query modification (#5556)
* plugin/health: bypass proxy in self health check (#5401)
* plugin/health: don't go lameduck when reloading (#5472)
* plugin/k8s_external: add support for PTR requests (#5435)
* plugin/k8s_external: resolve headless services (#5505)
* plugin/kubernetes: make kubernetes client log in CoreDNS format (#5461)
* plugin/ready: reset list of readiness plugins on startup (#5492)
* plugin/rewrite: add PTR records to supported types (#5565)
* plugin/rewrite: fix a crash in rewrite plugin when rule type is missing (#5459)
* plugin/rewrite: fix out-of-index issue in rewrite plugin (#5462)
* plugin/rewrite: support min and max TTL values (#5508)
* plugin/trace : make zipkin HTTP reporter more configurable using Corefile (#5460)
* plugin/trace: read trace context info from headers for DOH (#5439)
* plugin/tsig: add new plugin TSIG for validating TSIG requests and signing responses (#4957)
* core: update gopkg.in/yaml.v3 to fix CVE-2022-28948
* core: update golang.org/x/crypto to fix CVE-2022-27191
* plugin/acl: adding a check to parse out zone info
* plugin/dnstap: support FQDN TCP endpoint
* plugin/errors: add stacktrace option to log a stacktrace during panic recovery
* plugin/template: return SERVFAIL for zone-match regex-no-match case
Patchnames: openSUSE-2024-319
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
22 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for coredns",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for coredns fixes the following issues:\n\nUpdate to version 1.11.3:\n\n * optimize the performance for high qps (#6767)\n * bump deps\n * Fix zone parser error handling (#6680)\n * Add alternate option to forward plugin (#6681)\n * fix: plugin/file: return error when parsing the file fails (#6699)\n * [fix:documentation] Clarify autopath README (#6750)\n * Fix outdated test (#6747)\n * Bump go version from 1.21.8 to 1.21.11 (#6755)\n * Generate zplugin.go correctly with third-party plugins (#6692)\n * dnstap: uses pointer receiver for small response writer (#6644)\n * chore: fix function name in comment (#6608)\n * [plugin/forward] Strip local zone from IPV6 nameservers (#6635)\n- fixes CVE-2023-30464\n- fixes CVE-2023-28452\n\nUpdate to upstream head (git commit #5a52707):\n\n * bump deps to address security issue CVE-2024-22189\n * Return RcodeServerFailure when DNS64 has no next plugin (#6590)\n * add plusserver to adopters (#6565)\n * Change the log flags to be a variable that can be set prior to calling Run (#6546)\n * Enable Prometheus native histograms (#6524)\n * forward: respect context (#6483)\n * add client labels to k8s plugin metadata (#6475)\n * fix broken link in webpage (#6488)\n * Repo controlled Go version (#6526)\n * removed the mutex locks with atomic bool (#6525)\n\nUpdate to version 1.11.2:\n\n * rewrite: fix multi request concurrency issue in cname rewrite (#6407)\n * plugin/tls: respect the path specified by root plugin (#6138)\n * plugin/auto: warn when auto is unable to read elements of the directory tree (#6333)\n * fix: make the codeowners link relative (#6397)\n * plugin/etcd: the etcd client adds the DialKeepAliveTime parameter (#6351)\n * plugin/cache: key cache on Checking Disabled (CD) bit (#6354)\n * Use the correct root domain name in the proxy plugin\u0027s TestHealthX tests (#6395)\n * Add PITS Global Data Recovery Services as an adopter (#6304)\n * Handle UDP responses that overflow with TC bit with test case (#6277)\n * plugin/rewrite: add rcode as a rewrite option (#6204)\n\n- CVE-2024-0874: coredns: CD bit response is cached and served later\n\n- Update to version 1.11.1:\n\n * Revert \u201cplugin/forward: Continue waiting after receiving malformed responses\n * plugin/dnstap: add support for \u201cextra\u201d field in payload\n * plugin/cache: fix keepttl parsing\n\n- Update to version 1.11.0:\n\n * Adds support for accepting DNS connections over QUIC (doq).\n * Adds CNAME target rewrites to the rewrite plugin.\n * Plus many bug fixes, and some security improvements.\n * This release introduces the following backward incompatible changes:\n + In the kubernetes plugin, we have dropped support for watching Endpoint and Endpointslice v1beta, \n since all supported K8s versions now use Endpointslice.\n + The bufsize plugin changed its default size limit value to 1232\n + Some changes to forward plugin metrics.\n\n- Update to version 1.10.1:\n\n * Corrected architecture labels in multi-arch image manifest\n * A new plugin timeouts that allows configuration of server listener timeout durations\n * acl can drop queries as an action\n * template supports creating responses with extended DNS errors\n * New weighted policy in loadbalance\n * Option to serve original record TTLs from cache\n\n- Update to version 1.10.0:\n\n\t* core: add log listeners for k8s_event plugin (#5451)\n\t* core: log DoH HTTP server error logs in CoreDNS format (#5457)\n\t* core: warn when domain names are not in RFC1035 preferred syntax (#5414)\n\t* plugin/acl: add support for extended DNS errors (#5532)\n\t* plugin/bufsize: do not expand query UDP buffer size if already set to a smaller value (#5602)\n\t* plugin/cache: add cache disable option (#5540)\n\t* plugin/cache: add metadata for wildcard record responses (#5308)\n\t* plugin/cache: add option to adjust SERVFAIL response cache TTL (#5320)\n\t* plugin/cache: correct responses to Authenticated Data requests (#5191)\n\t* plugin/dnstap: add identity and version support for the dnstap plugin (#5555)\n\t* plugin/file: add metadata for wildcard record responses (#5308)\n\t* plugin/forward: enable multiple forward declarations (#5127)\n\t* plugin/forward: health_check needs to normalize a specified domain name (#5543)\n\t* plugin/forward: remove unused coredns_forward_sockets_open metric (#5431)\n\t* plugin/header: add support for query modification (#5556)\n\t* plugin/health: bypass proxy in self health check (#5401)\n\t* plugin/health: don\u0027t go lameduck when reloading (#5472)\n\t* plugin/k8s_external: add support for PTR requests (#5435)\n\t* plugin/k8s_external: resolve headless services (#5505)\n\t* plugin/kubernetes: make kubernetes client log in CoreDNS format (#5461)\n\t* plugin/ready: reset list of readiness plugins on startup (#5492)\n\t* plugin/rewrite: add PTR records to supported types (#5565)\n\t* plugin/rewrite: fix a crash in rewrite plugin when rule type is missing (#5459)\n\t* plugin/rewrite: fix out-of-index issue in rewrite plugin (#5462)\n\t* plugin/rewrite: support min and max TTL values (#5508)\n\t* plugin/trace : make zipkin HTTP reporter more configurable using Corefile (#5460)\n\t* plugin/trace: read trace context info from headers for DOH (#5439)\n\t* plugin/tsig: add new plugin TSIG for validating TSIG requests and signing responses (#4957)\n\t* core: update gopkg.in/yaml.v3 to fix CVE-2022-28948 \n\t* core: update golang.org/x/crypto to fix CVE-2022-27191 \n\t* plugin/acl: adding a check to parse out zone info \n\t* plugin/dnstap: support FQDN TCP endpoint \n\t* plugin/errors: add stacktrace option to log a stacktrace during panic recovery \n\t* plugin/template: return SERVFAIL for zone-match regex-no-match case \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2024-319",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_0319-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2024:0319-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2JLUFKCHWHJJ2MQ6XRREF7D4OOWB23V2/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2024:0319-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2JLUFKCHWHJJ2MQ6XRREF7D4OOWB23V2/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-27191 page",
"url": "https://www.suse.com/security/cve/CVE-2022-27191/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-28948 page",
"url": "https://www.suse.com/security/cve/CVE-2022-28948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-28452 page",
"url": "https://www.suse.com/security/cve/CVE-2023-28452/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-30464 page",
"url": "https://www.suse.com/security/cve/CVE-2023-30464/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-0874 page",
"url": "https://www.suse.com/security/cve/CVE-2024-0874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-22189 page",
"url": "https://www.suse.com/security/cve/CVE-2024-22189/"
}
],
"title": "Security update for coredns",
"tracking": {
"current_release_date": "2024-09-27T14:01:32Z",
"generator": {
"date": "2024-09-27T14:01:32Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:0319-1",
"initial_release_date": "2024-09-27T14:01:32Z",
"revision_history": [
{
"date": "2024-09-27T14:01:32Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "coredns-1.11.3-bp156.4.3.1.aarch64",
"product": {
"name": "coredns-1.11.3-bp156.4.3.1.aarch64",
"product_id": "coredns-1.11.3-bp156.4.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "coredns-1.11.3-bp156.4.3.1.i586",
"product": {
"name": "coredns-1.11.3-bp156.4.3.1.i586",
"product_id": "coredns-1.11.3-bp156.4.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "coredns-extras-1.11.3-bp156.4.3.1.noarch",
"product": {
"name": "coredns-extras-1.11.3-bp156.4.3.1.noarch",
"product_id": "coredns-extras-1.11.3-bp156.4.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "coredns-1.11.3-bp156.4.3.1.x86_64",
"product": {
"name": "coredns-1.11.3-bp156.4.3.1.x86_64",
"product_id": "coredns-1.11.3-bp156.4.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP6",
"product": {
"name": "SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.11.3-bp156.4.3.1.aarch64 as component of SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64"
},
"product_reference": "coredns-1.11.3-bp156.4.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.11.3-bp156.4.3.1.i586 as component of SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586"
},
"product_reference": "coredns-1.11.3-bp156.4.3.1.i586",
"relates_to_product_reference": "SUSE Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.11.3-bp156.4.3.1.x86_64 as component of SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64"
},
"product_reference": "coredns-1.11.3-bp156.4.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-extras-1.11.3-bp156.4.3.1.noarch as component of SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
},
"product_reference": "coredns-extras-1.11.3-bp156.4.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.11.3-bp156.4.3.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64"
},
"product_reference": "coredns-1.11.3-bp156.4.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.11.3-bp156.4.3.1.i586 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586"
},
"product_reference": "coredns-1.11.3-bp156.4.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.11.3-bp156.4.3.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64"
},
"product_reference": "coredns-1.11.3-bp156.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-extras-1.11.3-bp156.4.3.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
},
"product_reference": "coredns-extras-1.11.3-bp156.4.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-27191",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-27191"
}
],
"notes": [
{
"category": "general",
"text": "The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64",
"SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64",
"openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-27191",
"url": "https://www.suse.com/security/cve/CVE-2022-27191"
},
{
"category": "external",
"summary": "SUSE Bug 1197284 for CVE-2022-27191",
"url": "https://bugzilla.suse.com/1197284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64",
"SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64",
"openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64",
"SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64",
"openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-27T14:01:32Z",
"details": "important"
}
],
"title": "CVE-2022-27191"
},
{
"cve": "CVE-2022-28948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-28948"
}
],
"notes": [
{
"category": "general",
"text": "An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64",
"SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64",
"openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-28948",
"url": "https://www.suse.com/security/cve/CVE-2022-28948"
},
{
"category": "external",
"summary": "SUSE Bug 1199772 for CVE-2022-28948",
"url": "https://bugzilla.suse.com/1199772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64",
"SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64",
"openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64",
"SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64",
"openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-27T14:01:32Z",
"details": "moderate"
}
],
"title": "CVE-2022-28948"
},
{
"cve": "CVE-2023-28452",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-28452"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in CoreDNS through 1.10.1. There is a vulnerability in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing denial of service for normal resolution. In an exploit, the attacker could just forge a response targeting the source port of a vulnerable resolver without the need to guess the correct TXID.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64",
"SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64",
"openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-28452",
"url": "https://www.suse.com/security/cve/CVE-2023-28452"
},
{
"category": "external",
"summary": "SUSE Bug 1230760 for CVE-2023-28452",
"url": "https://bugzilla.suse.com/1230760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64",
"SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64",
"openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64",
"SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64",
"openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-27T14:01:32Z",
"details": "important"
}
],
"title": "CVE-2023-28452"
},
{
"cve": "CVE-2023-30464",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-30464"
}
],
"notes": [
{
"category": "general",
"text": "CoreDNS through 1.10.1 enables attackers to achieve DNS cache poisoning and inject fake responses via a birthday attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64",
"SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64",
"openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-30464",
"url": "https://www.suse.com/security/cve/CVE-2023-30464"
},
{
"category": "external",
"summary": "SUSE Bug 1230757 for CVE-2023-30464",
"url": "https://bugzilla.suse.com/1230757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64",
"SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64",
"openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-27T14:01:32Z",
"details": "important"
}
],
"title": "CVE-2023-30464"
},
{
"cve": "CVE-2024-0874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-0874"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in coredns. This issue could lead to invalid cache entries returning due to incorrectly implemented caching.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64",
"SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64",
"openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-0874",
"url": "https://www.suse.com/security/cve/CVE-2024-0874"
},
{
"category": "external",
"summary": "SUSE Bug 1219167 for CVE-2024-0874",
"url": "https://bugzilla.suse.com/1219167"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64",
"SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64",
"openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-27T14:01:32Z",
"details": "moderate"
}
],
"title": "CVE-2024-0874"
},
{
"cve": "CVE-2024-22189",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-22189"
}
],
"notes": [
{
"category": "general",
"text": "quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of `NEW_CONNECTION_ID` frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a `RETIRE_CONNECTION_ID` frame. The attacker can prevent the receiver from sending out (the vast majority of) these `RETIRE_CONNECTION_ID` frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer\u0027s RTT estimate. Version 0.42.0 contains a patch for the issue. No known workarounds are available.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64",
"SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64",
"openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-22189",
"url": "https://www.suse.com/security/cve/CVE-2024-22189"
},
{
"category": "external",
"summary": "SUSE Bug 1222461 for CVE-2024-22189",
"url": "https://bugzilla.suse.com/1222461"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64",
"SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64",
"openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.aarch64",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.i586",
"SUSE Package Hub 15 SP6:coredns-1.11.3-bp156.4.3.1.x86_64",
"SUSE Package Hub 15 SP6:coredns-extras-1.11.3-bp156.4.3.1.noarch",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.aarch64",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.i586",
"openSUSE Leap 15.6:coredns-1.11.3-bp156.4.3.1.x86_64",
"openSUSE Leap 15.6:coredns-extras-1.11.3-bp156.4.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-27T14:01:32Z",
"details": "important"
}
],
"title": "CVE-2024-22189"
}
]
}
OPENSUSE-SU-2024:12400-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
podman-4.2.1-2.1 on GA media
Severity
Moderate
Notes
Title of the patch: podman-4.2.1-2.1 on GA media
Description of the patch: These are all security issues fixed in the podman-4.2.1-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-12400
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:podman-4.2.1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-4.2.1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-4.2.1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-4.2.1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-docker-4.2.1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-docker-4.2.1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-docker-4.2.1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-docker-4.2.1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-remote-4.2.1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-remote-4.2.1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-remote-4.2.1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-remote-4.2.1-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:podman-4.2.1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-4.2.1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-4.2.1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-4.2.1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-docker-4.2.1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-docker-4.2.1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-docker-4.2.1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-docker-4.2.1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-remote-4.2.1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-remote-4.2.1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-remote-4.2.1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-remote-4.2.1-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:podman-4.2.1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-4.2.1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-4.2.1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-4.2.1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-docker-4.2.1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-docker-4.2.1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-docker-4.2.1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-docker-4.2.1-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-remote-4.2.1-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-remote-4.2.1-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-remote-4.2.1-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:podman-remote-4.2.1-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "podman-4.2.1-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the podman-4.2.1-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12400",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12400-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1227 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1227/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21698 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21698/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-27191 page",
"url": "https://www.suse.com/security/cve/CVE-2022-27191/"
}
],
"title": "podman-4.2.1-2.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12400-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "podman-4.2.1-2.1.aarch64",
"product": {
"name": "podman-4.2.1-2.1.aarch64",
"product_id": "podman-4.2.1-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "podman-cni-config-4.2.1-2.1.aarch64",
"product": {
"name": "podman-cni-config-4.2.1-2.1.aarch64",
"product_id": "podman-cni-config-4.2.1-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "podman-docker-4.2.1-2.1.aarch64",
"product": {
"name": "podman-docker-4.2.1-2.1.aarch64",
"product_id": "podman-docker-4.2.1-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "podman-remote-4.2.1-2.1.aarch64",
"product": {
"name": "podman-remote-4.2.1-2.1.aarch64",
"product_id": "podman-remote-4.2.1-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-4.2.1-2.1.ppc64le",
"product": {
"name": "podman-4.2.1-2.1.ppc64le",
"product_id": "podman-4.2.1-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "podman-cni-config-4.2.1-2.1.ppc64le",
"product": {
"name": "podman-cni-config-4.2.1-2.1.ppc64le",
"product_id": "podman-cni-config-4.2.1-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "podman-docker-4.2.1-2.1.ppc64le",
"product": {
"name": "podman-docker-4.2.1-2.1.ppc64le",
"product_id": "podman-docker-4.2.1-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "podman-remote-4.2.1-2.1.ppc64le",
"product": {
"name": "podman-remote-4.2.1-2.1.ppc64le",
"product_id": "podman-remote-4.2.1-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-4.2.1-2.1.s390x",
"product": {
"name": "podman-4.2.1-2.1.s390x",
"product_id": "podman-4.2.1-2.1.s390x"
}
},
{
"category": "product_version",
"name": "podman-cni-config-4.2.1-2.1.s390x",
"product": {
"name": "podman-cni-config-4.2.1-2.1.s390x",
"product_id": "podman-cni-config-4.2.1-2.1.s390x"
}
},
{
"category": "product_version",
"name": "podman-docker-4.2.1-2.1.s390x",
"product": {
"name": "podman-docker-4.2.1-2.1.s390x",
"product_id": "podman-docker-4.2.1-2.1.s390x"
}
},
{
"category": "product_version",
"name": "podman-remote-4.2.1-2.1.s390x",
"product": {
"name": "podman-remote-4.2.1-2.1.s390x",
"product_id": "podman-remote-4.2.1-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-4.2.1-2.1.x86_64",
"product": {
"name": "podman-4.2.1-2.1.x86_64",
"product_id": "podman-4.2.1-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "podman-cni-config-4.2.1-2.1.x86_64",
"product": {
"name": "podman-cni-config-4.2.1-2.1.x86_64",
"product_id": "podman-cni-config-4.2.1-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "podman-docker-4.2.1-2.1.x86_64",
"product": {
"name": "podman-docker-4.2.1-2.1.x86_64",
"product_id": "podman-docker-4.2.1-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "podman-remote-4.2.1-2.1.x86_64",
"product": {
"name": "podman-remote-4.2.1-2.1.x86_64",
"product_id": "podman-remote-4.2.1-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.2.1-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:podman-4.2.1-2.1.aarch64"
},
"product_reference": "podman-4.2.1-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.2.1-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:podman-4.2.1-2.1.ppc64le"
},
"product_reference": "podman-4.2.1-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.2.1-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:podman-4.2.1-2.1.s390x"
},
"product_reference": "podman-4.2.1-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.2.1-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:podman-4.2.1-2.1.x86_64"
},
"product_reference": "podman-4.2.1-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-cni-config-4.2.1-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.aarch64"
},
"product_reference": "podman-cni-config-4.2.1-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-cni-config-4.2.1-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.ppc64le"
},
"product_reference": "podman-cni-config-4.2.1-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-cni-config-4.2.1-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.s390x"
},
"product_reference": "podman-cni-config-4.2.1-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-cni-config-4.2.1-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.x86_64"
},
"product_reference": "podman-cni-config-4.2.1-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-4.2.1-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:podman-docker-4.2.1-2.1.aarch64"
},
"product_reference": "podman-docker-4.2.1-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-4.2.1-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:podman-docker-4.2.1-2.1.ppc64le"
},
"product_reference": "podman-docker-4.2.1-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-4.2.1-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:podman-docker-4.2.1-2.1.s390x"
},
"product_reference": "podman-docker-4.2.1-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-4.2.1-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:podman-docker-4.2.1-2.1.x86_64"
},
"product_reference": "podman-docker-4.2.1-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.2.1-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:podman-remote-4.2.1-2.1.aarch64"
},
"product_reference": "podman-remote-4.2.1-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.2.1-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:podman-remote-4.2.1-2.1.ppc64le"
},
"product_reference": "podman-remote-4.2.1-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.2.1-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:podman-remote-4.2.1-2.1.s390x"
},
"product_reference": "podman-remote-4.2.1-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.2.1-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:podman-remote-4.2.1-2.1.x86_64"
},
"product_reference": "podman-remote-4.2.1-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1227",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1227"
}
],
"notes": [
{
"category": "general",
"text": "A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the \u0027podman top\u0027 command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:podman-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-4.2.1-2.1.x86_64",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.x86_64",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.x86_64",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1227",
"url": "https://www.suse.com/security/cve/CVE-2022-1227"
},
{
"category": "external",
"summary": "SUSE Bug 1182428 for CVE-2022-1227",
"url": "https://bugzilla.suse.com/1182428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:podman-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-4.2.1-2.1.x86_64",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.x86_64",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.x86_64",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:podman-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-4.2.1-2.1.x86_64",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.x86_64",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.x86_64",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-1227"
},
{
"cve": "CVE-2022-21698",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21698"
}
],
"notes": [
{
"category": "general",
"text": "client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:podman-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-4.2.1-2.1.x86_64",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.x86_64",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.x86_64",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21698",
"url": "https://www.suse.com/security/cve/CVE-2022-21698"
},
{
"category": "external",
"summary": "SUSE Bug 1196338 for CVE-2022-21698",
"url": "https://bugzilla.suse.com/1196338"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:podman-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-4.2.1-2.1.x86_64",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.x86_64",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.x86_64",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:podman-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-4.2.1-2.1.x86_64",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.x86_64",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.x86_64",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-21698"
},
{
"cve": "CVE-2022-27191",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-27191"
}
],
"notes": [
{
"category": "general",
"text": "The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:podman-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-4.2.1-2.1.x86_64",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.x86_64",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.x86_64",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-27191",
"url": "https://www.suse.com/security/cve/CVE-2022-27191"
},
{
"category": "external",
"summary": "SUSE Bug 1197284 for CVE-2022-27191",
"url": "https://bugzilla.suse.com/1197284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:podman-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-4.2.1-2.1.x86_64",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.x86_64",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.x86_64",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:podman-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-4.2.1-2.1.x86_64",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-cni-config-4.2.1-2.1.x86_64",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-docker-4.2.1-2.1.x86_64",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.aarch64",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.ppc64le",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.s390x",
"openSUSE Tumbleweed:podman-remote-4.2.1-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-27191"
}
]
}
OPENSUSE-SU-2024:12490-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
coredns-1.10.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: coredns-1.10.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the coredns-1.10.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-12490
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:coredns-1.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:coredns-1.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:coredns-1.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:coredns-1.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:coredns-1.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:coredns-1.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:coredns-1.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:coredns-1.10.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "coredns-1.10.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the coredns-1.10.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12490",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12490-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-27191 page",
"url": "https://www.suse.com/security/cve/CVE-2022-27191/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-28948 page",
"url": "https://www.suse.com/security/cve/CVE-2022-28948/"
}
],
"title": "coredns-1.10.0-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12490-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "coredns-1.10.0-1.1.aarch64",
"product": {
"name": "coredns-1.10.0-1.1.aarch64",
"product_id": "coredns-1.10.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "coredns-extras-1.10.0-1.1.aarch64",
"product": {
"name": "coredns-extras-1.10.0-1.1.aarch64",
"product_id": "coredns-extras-1.10.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "coredns-1.10.0-1.1.ppc64le",
"product": {
"name": "coredns-1.10.0-1.1.ppc64le",
"product_id": "coredns-1.10.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "coredns-extras-1.10.0-1.1.ppc64le",
"product": {
"name": "coredns-extras-1.10.0-1.1.ppc64le",
"product_id": "coredns-extras-1.10.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "coredns-1.10.0-1.1.s390x",
"product": {
"name": "coredns-1.10.0-1.1.s390x",
"product_id": "coredns-1.10.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "coredns-extras-1.10.0-1.1.s390x",
"product": {
"name": "coredns-extras-1.10.0-1.1.s390x",
"product_id": "coredns-extras-1.10.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "coredns-1.10.0-1.1.x86_64",
"product": {
"name": "coredns-1.10.0-1.1.x86_64",
"product_id": "coredns-1.10.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "coredns-extras-1.10.0-1.1.x86_64",
"product": {
"name": "coredns-extras-1.10.0-1.1.x86_64",
"product_id": "coredns-extras-1.10.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.10.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-1.10.0-1.1.aarch64"
},
"product_reference": "coredns-1.10.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.10.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-1.10.0-1.1.ppc64le"
},
"product_reference": "coredns-1.10.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.10.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-1.10.0-1.1.s390x"
},
"product_reference": "coredns-1.10.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.10.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-1.10.0-1.1.x86_64"
},
"product_reference": "coredns-1.10.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-extras-1.10.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.aarch64"
},
"product_reference": "coredns-extras-1.10.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-extras-1.10.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.ppc64le"
},
"product_reference": "coredns-extras-1.10.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-extras-1.10.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.s390x"
},
"product_reference": "coredns-extras-1.10.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-extras-1.10.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.x86_64"
},
"product_reference": "coredns-extras-1.10.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-27191",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-27191"
}
],
"notes": [
{
"category": "general",
"text": "The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:coredns-1.10.0-1.1.aarch64",
"openSUSE Tumbleweed:coredns-1.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:coredns-1.10.0-1.1.s390x",
"openSUSE Tumbleweed:coredns-1.10.0-1.1.x86_64",
"openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.aarch64",
"openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.s390x",
"openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-27191",
"url": "https://www.suse.com/security/cve/CVE-2022-27191"
},
{
"category": "external",
"summary": "SUSE Bug 1197284 for CVE-2022-27191",
"url": "https://bugzilla.suse.com/1197284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:coredns-1.10.0-1.1.aarch64",
"openSUSE Tumbleweed:coredns-1.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:coredns-1.10.0-1.1.s390x",
"openSUSE Tumbleweed:coredns-1.10.0-1.1.x86_64",
"openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.aarch64",
"openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.s390x",
"openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:coredns-1.10.0-1.1.aarch64",
"openSUSE Tumbleweed:coredns-1.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:coredns-1.10.0-1.1.s390x",
"openSUSE Tumbleweed:coredns-1.10.0-1.1.x86_64",
"openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.aarch64",
"openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.s390x",
"openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-27191"
},
{
"cve": "CVE-2022-28948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-28948"
}
],
"notes": [
{
"category": "general",
"text": "An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:coredns-1.10.0-1.1.aarch64",
"openSUSE Tumbleweed:coredns-1.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:coredns-1.10.0-1.1.s390x",
"openSUSE Tumbleweed:coredns-1.10.0-1.1.x86_64",
"openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.aarch64",
"openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.s390x",
"openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-28948",
"url": "https://www.suse.com/security/cve/CVE-2022-28948"
},
{
"category": "external",
"summary": "SUSE Bug 1199772 for CVE-2022-28948",
"url": "https://bugzilla.suse.com/1199772"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:coredns-1.10.0-1.1.aarch64",
"openSUSE Tumbleweed:coredns-1.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:coredns-1.10.0-1.1.s390x",
"openSUSE Tumbleweed:coredns-1.10.0-1.1.x86_64",
"openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.aarch64",
"openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.s390x",
"openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:coredns-1.10.0-1.1.aarch64",
"openSUSE Tumbleweed:coredns-1.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:coredns-1.10.0-1.1.s390x",
"openSUSE Tumbleweed:coredns-1.10.0-1.1.x86_64",
"openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.aarch64",
"openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.ppc64le",
"openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.s390x",
"openSUSE Tumbleweed:coredns-extras-1.10.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-28948"
}
]
}
OPENSUSE-SU-2024:12550-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
containerd-1.6.9-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: containerd-1.6.9-1.1 on GA media
Description of the patch: These are all security issues fixed in the containerd-1.6.9-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-12550
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.6.9-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.6.9-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.6.9-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-1.6.9-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.6.9-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.6.9-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.6.9-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-ctr-1.6.9-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-devel-1.6.9-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-devel-1.6.9-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-devel-1.6.9-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:containerd-devel-1.6.9-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "containerd-1.6.9-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the containerd-1.6.9-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12550",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12550-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-27191 page",
"url": "https://www.suse.com/security/cve/CVE-2022-27191/"
}
],
"title": "containerd-1.6.9-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12550-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.6.9-1.1.aarch64",
"product": {
"name": "containerd-1.6.9-1.1.aarch64",
"product_id": "containerd-1.6.9-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.6.9-1.1.aarch64",
"product": {
"name": "containerd-ctr-1.6.9-1.1.aarch64",
"product_id": "containerd-ctr-1.6.9-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "containerd-devel-1.6.9-1.1.aarch64",
"product": {
"name": "containerd-devel-1.6.9-1.1.aarch64",
"product_id": "containerd-devel-1.6.9-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.6.9-1.1.ppc64le",
"product": {
"name": "containerd-1.6.9-1.1.ppc64le",
"product_id": "containerd-1.6.9-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.6.9-1.1.ppc64le",
"product": {
"name": "containerd-ctr-1.6.9-1.1.ppc64le",
"product_id": "containerd-ctr-1.6.9-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "containerd-devel-1.6.9-1.1.ppc64le",
"product": {
"name": "containerd-devel-1.6.9-1.1.ppc64le",
"product_id": "containerd-devel-1.6.9-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.6.9-1.1.s390x",
"product": {
"name": "containerd-1.6.9-1.1.s390x",
"product_id": "containerd-1.6.9-1.1.s390x"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.6.9-1.1.s390x",
"product": {
"name": "containerd-ctr-1.6.9-1.1.s390x",
"product_id": "containerd-ctr-1.6.9-1.1.s390x"
}
},
{
"category": "product_version",
"name": "containerd-devel-1.6.9-1.1.s390x",
"product": {
"name": "containerd-devel-1.6.9-1.1.s390x",
"product_id": "containerd-devel-1.6.9-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.6.9-1.1.x86_64",
"product": {
"name": "containerd-1.6.9-1.1.x86_64",
"product_id": "containerd-1.6.9-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.6.9-1.1.x86_64",
"product": {
"name": "containerd-ctr-1.6.9-1.1.x86_64",
"product_id": "containerd-ctr-1.6.9-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "containerd-devel-1.6.9-1.1.x86_64",
"product": {
"name": "containerd-devel-1.6.9-1.1.x86_64",
"product_id": "containerd-devel-1.6.9-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.6.9-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:containerd-1.6.9-1.1.aarch64"
},
"product_reference": "containerd-1.6.9-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.6.9-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:containerd-1.6.9-1.1.ppc64le"
},
"product_reference": "containerd-1.6.9-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.6.9-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:containerd-1.6.9-1.1.s390x"
},
"product_reference": "containerd-1.6.9-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.6.9-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:containerd-1.6.9-1.1.x86_64"
},
"product_reference": "containerd-1.6.9-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-ctr-1.6.9-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:containerd-ctr-1.6.9-1.1.aarch64"
},
"product_reference": "containerd-ctr-1.6.9-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-ctr-1.6.9-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:containerd-ctr-1.6.9-1.1.ppc64le"
},
"product_reference": "containerd-ctr-1.6.9-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-ctr-1.6.9-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:containerd-ctr-1.6.9-1.1.s390x"
},
"product_reference": "containerd-ctr-1.6.9-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-ctr-1.6.9-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:containerd-ctr-1.6.9-1.1.x86_64"
},
"product_reference": "containerd-ctr-1.6.9-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-devel-1.6.9-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:containerd-devel-1.6.9-1.1.aarch64"
},
"product_reference": "containerd-devel-1.6.9-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-devel-1.6.9-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:containerd-devel-1.6.9-1.1.ppc64le"
},
"product_reference": "containerd-devel-1.6.9-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-devel-1.6.9-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:containerd-devel-1.6.9-1.1.s390x"
},
"product_reference": "containerd-devel-1.6.9-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-devel-1.6.9-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:containerd-devel-1.6.9-1.1.x86_64"
},
"product_reference": "containerd-devel-1.6.9-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-27191",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-27191"
}
],
"notes": [
{
"category": "general",
"text": "The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:containerd-1.6.9-1.1.aarch64",
"openSUSE Tumbleweed:containerd-1.6.9-1.1.ppc64le",
"openSUSE Tumbleweed:containerd-1.6.9-1.1.s390x",
"openSUSE Tumbleweed:containerd-1.6.9-1.1.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.6.9-1.1.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.6.9-1.1.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.6.9-1.1.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.6.9-1.1.x86_64",
"openSUSE Tumbleweed:containerd-devel-1.6.9-1.1.aarch64",
"openSUSE Tumbleweed:containerd-devel-1.6.9-1.1.ppc64le",
"openSUSE Tumbleweed:containerd-devel-1.6.9-1.1.s390x",
"openSUSE Tumbleweed:containerd-devel-1.6.9-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-27191",
"url": "https://www.suse.com/security/cve/CVE-2022-27191"
},
{
"category": "external",
"summary": "SUSE Bug 1197284 for CVE-2022-27191",
"url": "https://bugzilla.suse.com/1197284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:containerd-1.6.9-1.1.aarch64",
"openSUSE Tumbleweed:containerd-1.6.9-1.1.ppc64le",
"openSUSE Tumbleweed:containerd-1.6.9-1.1.s390x",
"openSUSE Tumbleweed:containerd-1.6.9-1.1.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.6.9-1.1.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.6.9-1.1.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.6.9-1.1.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.6.9-1.1.x86_64",
"openSUSE Tumbleweed:containerd-devel-1.6.9-1.1.aarch64",
"openSUSE Tumbleweed:containerd-devel-1.6.9-1.1.ppc64le",
"openSUSE Tumbleweed:containerd-devel-1.6.9-1.1.s390x",
"openSUSE Tumbleweed:containerd-devel-1.6.9-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:containerd-1.6.9-1.1.aarch64",
"openSUSE Tumbleweed:containerd-1.6.9-1.1.ppc64le",
"openSUSE Tumbleweed:containerd-1.6.9-1.1.s390x",
"openSUSE Tumbleweed:containerd-1.6.9-1.1.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.6.9-1.1.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.6.9-1.1.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.6.9-1.1.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.6.9-1.1.x86_64",
"openSUSE Tumbleweed:containerd-devel-1.6.9-1.1.aarch64",
"openSUSE Tumbleweed:containerd-devel-1.6.9-1.1.ppc64le",
"openSUSE Tumbleweed:containerd-devel-1.6.9-1.1.s390x",
"openSUSE Tumbleweed:containerd-devel-1.6.9-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-27191"
}
]
}
OPENSUSE-SU-2024:12637-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
golang-github-prometheus-node_exporter-1.5.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: golang-github-prometheus-node_exporter-1.5.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the golang-github-prometheus-node_exporter-1.5.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-12637
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "golang-github-prometheus-node_exporter-1.5.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the golang-github-prometheus-node_exporter-1.5.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12637",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12637-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-27191 page",
"url": "https://www.suse.com/security/cve/CVE-2022-27191/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-46146 page",
"url": "https://www.suse.com/security/cve/CVE-2022-46146/"
}
],
"title": "golang-github-prometheus-node_exporter-1.5.0-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12637-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.5.0-1.1.aarch64",
"product": {
"name": "golang-github-prometheus-node_exporter-1.5.0-1.1.aarch64",
"product_id": "golang-github-prometheus-node_exporter-1.5.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.5.0-1.1.ppc64le",
"product": {
"name": "golang-github-prometheus-node_exporter-1.5.0-1.1.ppc64le",
"product_id": "golang-github-prometheus-node_exporter-1.5.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.5.0-1.1.s390x",
"product": {
"name": "golang-github-prometheus-node_exporter-1.5.0-1.1.s390x",
"product_id": "golang-github-prometheus-node_exporter-1.5.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.5.0-1.1.x86_64",
"product": {
"name": "golang-github-prometheus-node_exporter-1.5.0-1.1.x86_64",
"product_id": "golang-github-prometheus-node_exporter-1.5.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.5.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.aarch64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.5.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.5.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.ppc64le"
},
"product_reference": "golang-github-prometheus-node_exporter-1.5.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.5.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.s390x"
},
"product_reference": "golang-github-prometheus-node_exporter-1.5.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.5.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.x86_64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.5.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-27191",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-27191"
}
],
"notes": [
{
"category": "general",
"text": "The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.aarch64",
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.ppc64le",
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.s390x",
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-27191",
"url": "https://www.suse.com/security/cve/CVE-2022-27191"
},
{
"category": "external",
"summary": "SUSE Bug 1197284 for CVE-2022-27191",
"url": "https://bugzilla.suse.com/1197284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.aarch64",
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.ppc64le",
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.s390x",
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.aarch64",
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.ppc64le",
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.s390x",
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-27191"
},
{
"cve": "CVE-2022-46146",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-46146"
}
],
"notes": [
{
"category": "general",
"text": "Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users\u0027 bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix for the issue. There is no workaround, but attacker must have access to the hashed password to use this functionality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.aarch64",
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.ppc64le",
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.s390x",
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-46146",
"url": "https://www.suse.com/security/cve/CVE-2022-46146"
},
{
"category": "external",
"summary": "SUSE Bug 1208046 for CVE-2022-46146",
"url": "https://bugzilla.suse.com/1208046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.aarch64",
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.ppc64le",
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.s390x",
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.aarch64",
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.ppc64le",
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.s390x",
"openSUSE Tumbleweed:golang-github-prometheus-node_exporter-1.5.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-46146"
}
]
}
OPENSUSE-SU-2024:13225-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
velero-1.11.1-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: velero-1.11.1-1.1 on GA media
Description of the patch: These are all security issues fixed in the velero-1.11.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-13225
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velero-1.11.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velero-1.11.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velero-1.11.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velero-1.11.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velero-1.11.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velero-1.11.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velero-1.11.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velero-1.11.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "velero-1.11.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the velero-1.11.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13225",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13225-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-27191 page",
"url": "https://www.suse.com/security/cve/CVE-2022-27191/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-41717 page",
"url": "https://www.suse.com/security/cve/CVE-2022-41717/"
}
],
"title": "velero-1.11.1-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13225-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "velero-1.11.1-1.1.aarch64",
"product": {
"name": "velero-1.11.1-1.1.aarch64",
"product_id": "velero-1.11.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "velero-bash-completion-1.11.1-1.1.aarch64",
"product": {
"name": "velero-bash-completion-1.11.1-1.1.aarch64",
"product_id": "velero-bash-completion-1.11.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "velero-fish-completion-1.11.1-1.1.aarch64",
"product": {
"name": "velero-fish-completion-1.11.1-1.1.aarch64",
"product_id": "velero-fish-completion-1.11.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "velero-zsh-completion-1.11.1-1.1.aarch64",
"product": {
"name": "velero-zsh-completion-1.11.1-1.1.aarch64",
"product_id": "velero-zsh-completion-1.11.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "velero-1.11.1-1.1.ppc64le",
"product": {
"name": "velero-1.11.1-1.1.ppc64le",
"product_id": "velero-1.11.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "velero-bash-completion-1.11.1-1.1.ppc64le",
"product": {
"name": "velero-bash-completion-1.11.1-1.1.ppc64le",
"product_id": "velero-bash-completion-1.11.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "velero-fish-completion-1.11.1-1.1.ppc64le",
"product": {
"name": "velero-fish-completion-1.11.1-1.1.ppc64le",
"product_id": "velero-fish-completion-1.11.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "velero-zsh-completion-1.11.1-1.1.ppc64le",
"product": {
"name": "velero-zsh-completion-1.11.1-1.1.ppc64le",
"product_id": "velero-zsh-completion-1.11.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "velero-1.11.1-1.1.s390x",
"product": {
"name": "velero-1.11.1-1.1.s390x",
"product_id": "velero-1.11.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "velero-bash-completion-1.11.1-1.1.s390x",
"product": {
"name": "velero-bash-completion-1.11.1-1.1.s390x",
"product_id": "velero-bash-completion-1.11.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "velero-fish-completion-1.11.1-1.1.s390x",
"product": {
"name": "velero-fish-completion-1.11.1-1.1.s390x",
"product_id": "velero-fish-completion-1.11.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "velero-zsh-completion-1.11.1-1.1.s390x",
"product": {
"name": "velero-zsh-completion-1.11.1-1.1.s390x",
"product_id": "velero-zsh-completion-1.11.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "velero-1.11.1-1.1.x86_64",
"product": {
"name": "velero-1.11.1-1.1.x86_64",
"product_id": "velero-1.11.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "velero-bash-completion-1.11.1-1.1.x86_64",
"product": {
"name": "velero-bash-completion-1.11.1-1.1.x86_64",
"product_id": "velero-bash-completion-1.11.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "velero-fish-completion-1.11.1-1.1.x86_64",
"product": {
"name": "velero-fish-completion-1.11.1-1.1.x86_64",
"product_id": "velero-fish-completion-1.11.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "velero-zsh-completion-1.11.1-1.1.x86_64",
"product": {
"name": "velero-zsh-completion-1.11.1-1.1.x86_64",
"product_id": "velero-zsh-completion-1.11.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "velero-1.11.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velero-1.11.1-1.1.aarch64"
},
"product_reference": "velero-1.11.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velero-1.11.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velero-1.11.1-1.1.ppc64le"
},
"product_reference": "velero-1.11.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velero-1.11.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velero-1.11.1-1.1.s390x"
},
"product_reference": "velero-1.11.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velero-1.11.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velero-1.11.1-1.1.x86_64"
},
"product_reference": "velero-1.11.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velero-bash-completion-1.11.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.aarch64"
},
"product_reference": "velero-bash-completion-1.11.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velero-bash-completion-1.11.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.ppc64le"
},
"product_reference": "velero-bash-completion-1.11.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velero-bash-completion-1.11.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.s390x"
},
"product_reference": "velero-bash-completion-1.11.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velero-bash-completion-1.11.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.x86_64"
},
"product_reference": "velero-bash-completion-1.11.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velero-fish-completion-1.11.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.aarch64"
},
"product_reference": "velero-fish-completion-1.11.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velero-fish-completion-1.11.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.ppc64le"
},
"product_reference": "velero-fish-completion-1.11.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velero-fish-completion-1.11.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.s390x"
},
"product_reference": "velero-fish-completion-1.11.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velero-fish-completion-1.11.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.x86_64"
},
"product_reference": "velero-fish-completion-1.11.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velero-zsh-completion-1.11.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.aarch64"
},
"product_reference": "velero-zsh-completion-1.11.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velero-zsh-completion-1.11.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.ppc64le"
},
"product_reference": "velero-zsh-completion-1.11.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velero-zsh-completion-1.11.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.s390x"
},
"product_reference": "velero-zsh-completion-1.11.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velero-zsh-completion-1.11.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.x86_64"
},
"product_reference": "velero-zsh-completion-1.11.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-27191",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-27191"
}
],
"notes": [
{
"category": "general",
"text": "The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velero-1.11.1-1.1.aarch64",
"openSUSE Tumbleweed:velero-1.11.1-1.1.ppc64le",
"openSUSE Tumbleweed:velero-1.11.1-1.1.s390x",
"openSUSE Tumbleweed:velero-1.11.1-1.1.x86_64",
"openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.aarch64",
"openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.ppc64le",
"openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.s390x",
"openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.x86_64",
"openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.aarch64",
"openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.ppc64le",
"openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.s390x",
"openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.x86_64",
"openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.aarch64",
"openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.ppc64le",
"openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.s390x",
"openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-27191",
"url": "https://www.suse.com/security/cve/CVE-2022-27191"
},
{
"category": "external",
"summary": "SUSE Bug 1197284 for CVE-2022-27191",
"url": "https://bugzilla.suse.com/1197284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velero-1.11.1-1.1.aarch64",
"openSUSE Tumbleweed:velero-1.11.1-1.1.ppc64le",
"openSUSE Tumbleweed:velero-1.11.1-1.1.s390x",
"openSUSE Tumbleweed:velero-1.11.1-1.1.x86_64",
"openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.aarch64",
"openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.ppc64le",
"openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.s390x",
"openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.x86_64",
"openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.aarch64",
"openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.ppc64le",
"openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.s390x",
"openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.x86_64",
"openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.aarch64",
"openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.ppc64le",
"openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.s390x",
"openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velero-1.11.1-1.1.aarch64",
"openSUSE Tumbleweed:velero-1.11.1-1.1.ppc64le",
"openSUSE Tumbleweed:velero-1.11.1-1.1.s390x",
"openSUSE Tumbleweed:velero-1.11.1-1.1.x86_64",
"openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.aarch64",
"openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.ppc64le",
"openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.s390x",
"openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.x86_64",
"openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.aarch64",
"openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.ppc64le",
"openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.s390x",
"openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.x86_64",
"openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.aarch64",
"openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.ppc64le",
"openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.s390x",
"openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-27191"
},
{
"cve": "CVE-2022-41717",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-41717"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velero-1.11.1-1.1.aarch64",
"openSUSE Tumbleweed:velero-1.11.1-1.1.ppc64le",
"openSUSE Tumbleweed:velero-1.11.1-1.1.s390x",
"openSUSE Tumbleweed:velero-1.11.1-1.1.x86_64",
"openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.aarch64",
"openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.ppc64le",
"openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.s390x",
"openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.x86_64",
"openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.aarch64",
"openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.ppc64le",
"openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.s390x",
"openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.x86_64",
"openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.aarch64",
"openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.ppc64le",
"openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.s390x",
"openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-41717",
"url": "https://www.suse.com/security/cve/CVE-2022-41717"
},
{
"category": "external",
"summary": "SUSE Bug 1206135 for CVE-2022-41717",
"url": "https://bugzilla.suse.com/1206135"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velero-1.11.1-1.1.aarch64",
"openSUSE Tumbleweed:velero-1.11.1-1.1.ppc64le",
"openSUSE Tumbleweed:velero-1.11.1-1.1.s390x",
"openSUSE Tumbleweed:velero-1.11.1-1.1.x86_64",
"openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.aarch64",
"openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.ppc64le",
"openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.s390x",
"openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.x86_64",
"openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.aarch64",
"openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.ppc64le",
"openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.s390x",
"openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.x86_64",
"openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.aarch64",
"openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.ppc64le",
"openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.s390x",
"openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velero-1.11.1-1.1.aarch64",
"openSUSE Tumbleweed:velero-1.11.1-1.1.ppc64le",
"openSUSE Tumbleweed:velero-1.11.1-1.1.s390x",
"openSUSE Tumbleweed:velero-1.11.1-1.1.x86_64",
"openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.aarch64",
"openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.ppc64le",
"openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.s390x",
"openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1.x86_64",
"openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.aarch64",
"openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.ppc64le",
"openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.s390x",
"openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1.x86_64",
"openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.aarch64",
"openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.ppc64le",
"openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.s390x",
"openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-41717"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…