SUSE-SU-2025:0857-1
Vulnerability from csaf_suse - Published: 2025-03-13 17:58 - Updated: 2025-03-13 17:58Summary
Security update for build
Notes
Title of the patch
Security update for build
Description of the patch
This update for build fixes the following issues:
- CVE-2024-22038: Fixed DoS attacks, information leaks with crafted Git repositories (bnc#1230469)
Other fixes:
- Fixed behaviour when using '--shell' aka 'osc shell' option
in a VM build. Startup is faster and permissions stay intact
now.
- fixes for POSIX compatibility for obs-docker-support adn
mkbaselibs
- Add support for apk in docker/podman builds
- Add support for 'wget' in Docker images
- Fix debian support for Dockerfile builds
- Fix preinstallimages in containers
- mkosi: add back system-packages used by build-recipe directly
- pbuild: parse the Release files for debian repos
- mkosi: drop most systemd/build-packages deps and use obs_scm
directory as source if present
- improve source copy handling
- Introduce --repos-directory and --containers-directory options
- productcompose: support of building against a baseiso
- preinstallimage: avoid inclusion of build script generated files
- preserve timestamps on sources copy-in for kiwi and productcompose
- alpine package support updates
- tumbleweed config update
- debian: Support installation of foreign architecture packages
(required for armv7l setups)
- Parse unknown timezones as UTC
- Apk (Alpine Linux) format support added
- Implement default value in parameter expansion
- Also support supplements that use & as 'and'
- Add workaround for skopeo's argument parser
- add cap-htm=off on power9
- Fixed usage of chown calls
- Remove leading `go` from `purl` locators
- container related:
* Implement support for the new <containers> element in kiwi recipes
* Fixes for SBOM and dependencies of multi stage container builds
* obs-docker-support: enable dnf and yum substitutions
- Arch Linux:
* fix file path for Arch repo
* exclude unsupported arch
* Use root as download user
- build-vm-qemu: force sv48 satp mode on riscv64
- mkosi:
* Create .sha256 files after mkosi builds
* Always pass --image-version to mkosi
- General improvements and bugfixes (mkosi, pbuild, appimage/livebuild,
obs work detection, documention, SBOM)
- Support slsa v1 in unpack_slsa_provenance
- generate_sbom: do not clobber spdx supplier
- Harden export_debian_orig_from_git (bsc#1230469)
- SBOM generation:
- Adding golang introspection support
- Adding rust binary introspection support
- Keep track of unknwon licenses and add a 'hasExtractedLicensingInfos'
section
- Also normalize licenses for cyclonedx
- Make generate_sbom errors fatal
- general improvements
- Fix noprep building not working because the buildir is removed
- kiwi image: also detect a debian build if /var/lib/dpkg/status is present
- Do not use the Encode module to convert a code point to utf8
- Fix personality syscall number for riscv
- add more required recommendations for KVM builds
- set PACKAGER field in build-recipe-arch
- fix writing _modulemd.yaml
- pbuild: support --release and --baselibs option
- container:
- copy base container information from the annotation into the
containerinfo
- track base containers over multiple stages
- always put the base container last in the dependencies
- providing fileprovides in createdirdeps tool
- Introduce buildflag nochecks
- productcompose: support __all__ option
- config update: tumbleweed using preinstallexpand
- minor improvements
- tumbleweed build config update
- support the %load macro
- improve container filename generation (docker)
- fix hanging curl calls during build (docker)
- productcompose: fix milestone query
- tumbleweed build config update
- 15.6 build config fixes
- sourcerpm & sourcedep handling fixes
- productcompose:
- Fix milestone handling
- Support bcntsynctag
- Adding debian support to generate_sbom
- Add syscall for personality switch on loongarch64 kernel
- vm-build: ext3 & ext4: fix disk space allocation
- mkosi format updates, not fully working yet
- pbuild exception fixes
- Fixes for current fedora and centos distros
- Don't copy original dsc sources if OBS-DCH-RELEASE set
- Unbreak parsing of sources/patches
- Support ForceMultiVersion in the dockerfile parser
- Support %bcond of rpm 4.17.1
- Add a hack for systemd 255.3, creating an empty /etc/os-release
if missing after preinstall.
- docker: Fix HEAD request in dummyhttpserver
- pbuild: Make docker-nobasepackages expand flag the default
- rpm: Support a couple of builtin rpm macros
- rpm: Implement argument expansion for define/with/bcond...
- Fix multiline macro handling
- Accept -N parameter of %autosetup
- documentation updates
- various code cleanup and speedup work.
- ProductCompose: multiple improvements
- Add buildflags:define_specfile support
- Fix copy-in of git subdirectory sources
- pbuild: Speed up XML parsing
- pubild: product compose support
- generate_sbom: add help option
- podman: enforce runtime=runc
- Implement direct conflicts from the distro config
- changelog2spec: fix time zone handling
- Do not unmount /proc/sys/fs/binfmt_misc before runnint the check scripts
- spec file cleanup
- documentation updates
- productcompose:
- support schema 0.1
- support milestones
- Leap 15.6 config
- SLE 15 SP6 config
- productcompose: follow incompatible flavor syntax change
- pbuild: support for zstd
- fixed handling for cmdline parameters via kernel packages
- productcompose:
* BREAKING: support new schema
* adapt flavor architecture parsing
- productcompose:
* support filtered package lists
* support default architecture listing
* fix copy in binaries in VM builds^
- obsproduct build type got renamed to productcompose
- Support zstd compressed rpm-md meta data (bsc#1217269)
- Added Debian 12 configuration
- First ObsProduct build format support
- fix SLE 15 SP5 build configuration
- Improve user agent handling for obs repositories
- Docker:
- Support flavor specific build descriptions via Dockerfile.$flavor
- support 'PlusRecommended' hint to also provide recommended packages
- use the name/version as filename if both are known
- Produce docker format containers by default
- pbuild: Support for signature authentification of OBS resources
- Fix wiping build root for --vm-type podman
- Put BUILD_RELEASE and BUILD_CHANGELOG_TIMESTAMP in the /.buildenv
- build-vm-kvm: use -cpu host on riscv64
- small fixes and cleanups
- Added parser for BcntSyncTag in sources
- pbuild:
* fix dependency expansion for build types other than spec
* Reworked cycle handling code
* add --extra-packs option
* add debugflags option
- Pass-through --buildtool-opt
- Parse Patch and Source lines more accurately
- fix tunefs functionality
- minor bugfixes
- --vm-type=podman added (supports also root-less builds)
- Also support build constraints in the Dockerfile
- minor fixes
- Add SUSE ALP build config
- BREAKING: Record errors when parsing the project config
former behaviour was undefined
- container: Support compression format configuration option
- Don't setup ccache with --no-init
- improved loongarch64 support
- sbom: SPDX supplier tag added
- kiwi: support different versions per profile
- preinstallimage: fail when recompression fails
- Add support for recommends and supplements dependencies
- Support the 'keepfilerequires' expand flag
- add '--buildtool-opt=OPTIONS' to pass options to the used build tool
- distro config updates
* ArchLinux
* Tumbleweed
- documentation updates
- openSUSE Tumbleweed: sync config and move to suse_version 1699.
- universal post-build hook, just place a file in /usr/lib/build/post_build.d/
- mkbaselibs/hwcaps, fix pattern name once again (x86_64_v3)
- KiwiProduct: add --use-newest-package hint if the option is set
- Dockerfile support:
* export multibuild flavor as argument
* allow parameters in FROM .. scratch lines
* include OS name in build result if != linux
- Workaround directory->symlink usrmerge problems for cross arch sysroot
- multiple fixes for SBOM support
- KIWI VM image SBOM support added
Patchnames
SUSE-2025-857,SUSE-SLE-Module-Development-Tools-15-SP6-2025-857,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-857,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-857,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-857,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-857,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-857,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-857,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-857,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-857,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-857,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-857,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-857,SUSE-Storage-7.1-2025-857,openSUSE-SLE-15.6-2025-857
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for build",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for build fixes the following issues:\n- CVE-2024-22038: Fixed DoS attacks, information leaks with crafted Git repositories (bnc#1230469) \n\nOther fixes:\n- Fixed behaviour when using \u0027--shell\u0027 aka \u0027osc shell\u0027 option\n in a VM build. Startup is faster and permissions stay intact\n now.\n\n- fixes for POSIX compatibility for obs-docker-support adn\n mkbaselibs\n- Add support for apk in docker/podman builds\n- Add support for \u0027wget\u0027 in Docker images\n- Fix debian support for Dockerfile builds\n- Fix preinstallimages in containers\n- mkosi: add back system-packages used by build-recipe directly\n- pbuild: parse the Release files for debian repos\n\n- mkosi: drop most systemd/build-packages deps and use obs_scm\n directory as source if present\n- improve source copy handling\n- Introduce --repos-directory and --containers-directory options\n\n- productcompose: support of building against a baseiso\n- preinstallimage: avoid inclusion of build script generated files\n- preserve timestamps on sources copy-in for kiwi and productcompose\n- alpine package support updates\n- tumbleweed config update\n\n- debian: Support installation of foreign architecture packages\n (required for armv7l setups)\n- Parse unknown timezones as UTC\n- Apk (Alpine Linux) format support added\n- Implement default value in parameter expansion\n- Also support supplements that use \u0026 as \u0027and\u0027\n- Add workaround for skopeo\u0027s argument parser\n- add cap-htm=off on power9\n- Fixed usage of chown calls\n- Remove leading `go` from `purl` locators\n\n- container related:\n * Implement support for the new \u003ccontainers\u003e element in kiwi recipes\n * Fixes for SBOM and dependencies of multi stage container builds\n * obs-docker-support: enable dnf and yum substitutions\n- Arch Linux:\n * fix file path for Arch repo\n * exclude unsupported arch\n * Use root as download user\n- build-vm-qemu: force sv48 satp mode on riscv64\n- mkosi:\n * Create .sha256 files after mkosi builds\n * Always pass --image-version to mkosi\n- General improvements and bugfixes (mkosi, pbuild, appimage/livebuild,\n obs work detection, documention, SBOM)\n- Support slsa v1 in unpack_slsa_provenance\n- generate_sbom: do not clobber spdx supplier\n- Harden export_debian_orig_from_git (bsc#1230469)\n\n- SBOM generation:\n - Adding golang introspection support\n - Adding rust binary introspection support\n - Keep track of unknwon licenses and add a \u0027hasExtractedLicensingInfos\u0027\n section\n - Also normalize licenses for cyclonedx\n - Make generate_sbom errors fatal\n - general improvements\n- Fix noprep building not working because the buildir is removed\n- kiwi image: also detect a debian build if /var/lib/dpkg/status is present\n- Do not use the Encode module to convert a code point to utf8\n- Fix personality syscall number for riscv\n- add more required recommendations for KVM builds\n- set PACKAGER field in build-recipe-arch\n- fix writing _modulemd.yaml\n- pbuild: support --release and --baselibs option\n- container:\n - copy base container information from the annotation into the\n containerinfo\n - track base containers over multiple stages\n - always put the base container last in the dependencies\n\n- providing fileprovides in createdirdeps tool\n- Introduce buildflag nochecks\n\n- productcompose: support __all__ option\n- config update: tumbleweed using preinstallexpand\n- minor improvements\n\n- tumbleweed build config update\n- support the %load macro\n- improve container filename generation (docker)\n- fix hanging curl calls during build (docker)\n- productcompose: fix milestone query\n\n- tumbleweed build config update\n- 15.6 build config fixes\n- sourcerpm \u0026 sourcedep handling fixes\n- productcompose:\n - Fix milestone handling\n - Support bcntsynctag\n- Adding debian support to generate_sbom\n- Add syscall for personality switch on loongarch64 kernel\n- vm-build: ext3 \u0026 ext4: fix disk space allocation\n- mkosi format updates, not fully working yet\n- pbuild exception fixes\n- Fixes for current fedora and centos distros\n- Don\u0027t copy original dsc sources if OBS-DCH-RELEASE set\n- Unbreak parsing of sources/patches\n- Support ForceMultiVersion in the dockerfile parser\n- Support %bcond of rpm 4.17.1\n\n- Add a hack for systemd 255.3, creating an empty /etc/os-release\n if missing after preinstall.\n- docker: Fix HEAD request in dummyhttpserver\n- pbuild: Make docker-nobasepackages expand flag the default\n- rpm: Support a couple of builtin rpm macros\n- rpm: Implement argument expansion for define/with/bcond...\n- Fix multiline macro handling\n- Accept -N parameter of %autosetup\n- documentation updates\n- various code cleanup and speedup work.\n\n- ProductCompose: multiple improvements\n- Add buildflags:define_specfile support\n- Fix copy-in of git subdirectory sources\n- pbuild: Speed up XML parsing\n- pubild: product compose support\n- generate_sbom: add help option\n- podman: enforce runtime=runc\n- Implement direct conflicts from the distro config\n- changelog2spec: fix time zone handling\n- Do not unmount /proc/sys/fs/binfmt_misc before runnint the check scripts\n- spec file cleanup\n- documentation updates\n\n- productcompose:\n - support schema 0.1\n - support milestones\n- Leap 15.6 config\n- SLE 15 SP6 config\n\n- productcompose: follow incompatible flavor syntax change\n- pbuild: support for zstd\n\n- fixed handling for cmdline parameters via kernel packages\n\n- productcompose:\n * BREAKING: support new schema\n * adapt flavor architecture parsing\n\n- productcompose:\n * support filtered package lists\n * support default architecture listing\n * fix copy in binaries in VM builds^\n\n- obsproduct build type got renamed to productcompose\n\n- Support zstd compressed rpm-md meta data (bsc#1217269)\n- Added Debian 12 configuration\n- First ObsProduct build format support\n\n- fix SLE 15 SP5 build configuration\n- Improve user agent handling for obs repositories\n\n- Docker:\n - Support flavor specific build descriptions via Dockerfile.$flavor\n - support \u0027PlusRecommended\u0027 hint to also provide recommended packages\n - use the name/version as filename if both are known\n - Produce docker format containers by default\n- pbuild: Support for signature authentification of OBS resources\n- Fix wiping build root for --vm-type podman\n- Put BUILD_RELEASE and BUILD_CHANGELOG_TIMESTAMP in the /.buildenv\n- build-vm-kvm: use -cpu host on riscv64\n- small fixes and cleanups\n\n- Added parser for BcntSyncTag in sources\n\n- pbuild:\n * fix dependency expansion for build types other than spec\n * Reworked cycle handling code\n * add --extra-packs option\n * add debugflags option\n- Pass-through --buildtool-opt\n- Parse Patch and Source lines more accurately\n- fix tunefs functionality\n- minor bugfixes\n\n- --vm-type=podman added (supports also root-less builds)\n- Also support build constraints in the Dockerfile\n- minor fixes\n\n- Add SUSE ALP build config\n\n- BREAKING: Record errors when parsing the project config\n former behaviour was undefined\n- container: Support compression format configuration option\n- Don\u0027t setup ccache with --no-init\n- improved loongarch64 support\n- sbom: SPDX supplier tag added\n- kiwi: support different versions per profile\n- preinstallimage: fail when recompression fails\n- Add support for recommends and supplements dependencies\n- Support the \u0027keepfilerequires\u0027 expand flag\n- add \u0027--buildtool-opt=OPTIONS\u0027 to pass options to the used build tool\n- distro config updates\n * ArchLinux\n * Tumbleweed\n- documentation updates\n\n- openSUSE Tumbleweed: sync config and move to suse_version 1699.\n\n- universal post-build hook, just place a file in /usr/lib/build/post_build.d/\n- mkbaselibs/hwcaps, fix pattern name once again (x86_64_v3)\n- KiwiProduct: add --use-newest-package hint if the option is set\n\n- Dockerfile support:\n * export multibuild flavor as argument\n * allow parameters in FROM .. scratch lines\n * include OS name in build result if != linux\n- Workaround directory-\u003esymlink usrmerge problems for cross arch sysroot\n- multiple fixes for SBOM support\n\n- KIWI VM image SBOM support added\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-857,SUSE-SLE-Module-Development-Tools-15-SP6-2025-857,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-857,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-857,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-857,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-857,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-857,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-857,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-857,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-857,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-857,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-857,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-857,SUSE-Storage-7.1-2025-857,openSUSE-SLE-15.6-2025-857",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0857-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0857-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250857-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0857-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020511.html"
},
{
"category": "self",
"summary": "SUSE Bug 1217269",
"url": "https://bugzilla.suse.com/1217269"
},
{
"category": "self",
"summary": "SUSE Bug 1230469",
"url": "https://bugzilla.suse.com/1230469"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-22038 page",
"url": "https://www.suse.com/security/cve/CVE-2024-22038/"
}
],
"title": "Security update for build",
"tracking": {
"current_release_date": "2025-03-13T17:58:06Z",
"generator": {
"date": "2025-03-13T17:58:06Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0857-1",
"initial_release_date": "2025-03-13T17:58:06Z",
"revision_history": [
{
"date": "2025-03-13T17:58:06Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "build-20250306-150200.19.1.noarch",
"product": {
"name": "build-20250306-150200.19.1.noarch",
"product_id": "build-20250306-150200.19.1.noarch"
}
},
{
"category": "product_version",
"name": "build-initvm-aarch64-20250306-150200.19.1.noarch",
"product": {
"name": "build-initvm-aarch64-20250306-150200.19.1.noarch",
"product_id": "build-initvm-aarch64-20250306-150200.19.1.noarch"
}
},
{
"category": "product_version",
"name": "build-initvm-i586-20250306-150200.19.1.noarch",
"product": {
"name": "build-initvm-i586-20250306-150200.19.1.noarch",
"product_id": "build-initvm-i586-20250306-150200.19.1.noarch"
}
},
{
"category": "product_version",
"name": "build-initvm-powerpc64le-20250306-150200.19.1.noarch",
"product": {
"name": "build-initvm-powerpc64le-20250306-150200.19.1.noarch",
"product_id": "build-initvm-powerpc64le-20250306-150200.19.1.noarch"
}
},
{
"category": "product_version",
"name": "build-initvm-s390x-20250306-150200.19.1.noarch",
"product": {
"name": "build-initvm-s390x-20250306-150200.19.1.noarch",
"product_id": "build-initvm-s390x-20250306-150200.19.1.noarch"
}
},
{
"category": "product_version",
"name": "build-initvm-x86_64-20250306-150200.19.1.noarch",
"product": {
"name": "build-initvm-x86_64-20250306-150200.19.1.noarch",
"product_id": "build-initvm-x86_64-20250306-150200.19.1.noarch"
}
},
{
"category": "product_version",
"name": "build-mkbaselibs-20250306-150200.19.1.noarch",
"product": {
"name": "build-mkbaselibs-20250306-150200.19.1.noarch",
"product_id": "build-mkbaselibs-20250306-150200.19.1.noarch"
}
},
{
"category": "product_version",
"name": "build-mkdrpms-20250306-150200.19.1.noarch",
"product": {
"name": "build-mkdrpms-20250306-150200.19.1.noarch",
"product_id": "build-mkdrpms-20250306-150200.19.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "build-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:build-20250306-150200.19.1.noarch"
},
"product_reference": "build-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-mkbaselibs-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:build-mkbaselibs-20250306-150200.19.1.noarch"
},
"product_reference": "build-mkbaselibs-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:build-20250306-150200.19.1.noarch"
},
"product_reference": "build-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-mkbaselibs-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch"
},
"product_reference": "build-mkbaselibs-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:build-20250306-150200.19.1.noarch"
},
"product_reference": "build-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-mkbaselibs-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:build-mkbaselibs-20250306-150200.19.1.noarch"
},
"product_reference": "build-mkbaselibs-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:build-20250306-150200.19.1.noarch"
},
"product_reference": "build-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-mkbaselibs-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch"
},
"product_reference": "build-mkbaselibs-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:build-20250306-150200.19.1.noarch"
},
"product_reference": "build-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-mkbaselibs-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:build-mkbaselibs-20250306-150200.19.1.noarch"
},
"product_reference": "build-mkbaselibs-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:build-20250306-150200.19.1.noarch"
},
"product_reference": "build-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-mkbaselibs-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch"
},
"product_reference": "build-mkbaselibs-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:build-20250306-150200.19.1.noarch"
},
"product_reference": "build-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-mkbaselibs-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch"
},
"product_reference": "build-mkbaselibs-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:build-20250306-150200.19.1.noarch"
},
"product_reference": "build-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-mkbaselibs-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch"
},
"product_reference": "build-mkbaselibs-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:build-20250306-150200.19.1.noarch"
},
"product_reference": "build-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-mkbaselibs-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch"
},
"product_reference": "build-mkbaselibs-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:build-20250306-150200.19.1.noarch"
},
"product_reference": "build-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-mkbaselibs-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:build-mkbaselibs-20250306-150200.19.1.noarch"
},
"product_reference": "build-mkbaselibs-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:build-20250306-150200.19.1.noarch"
},
"product_reference": "build-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-mkbaselibs-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:build-mkbaselibs-20250306-150200.19.1.noarch"
},
"product_reference": "build-mkbaselibs-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:build-20250306-150200.19.1.noarch"
},
"product_reference": "build-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-mkbaselibs-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:build-mkbaselibs-20250306-150200.19.1.noarch"
},
"product_reference": "build-mkbaselibs-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-20250306-150200.19.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:build-20250306-150200.19.1.noarch"
},
"product_reference": "build-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-mkbaselibs-20250306-150200.19.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:build-mkbaselibs-20250306-150200.19.1.noarch"
},
"product_reference": "build-mkbaselibs-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-20250306-150200.19.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:build-20250306-150200.19.1.noarch"
},
"product_reference": "build-20250306-150200.19.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-initvm-aarch64-20250306-150200.19.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:build-initvm-aarch64-20250306-150200.19.1.noarch"
},
"product_reference": "build-initvm-aarch64-20250306-150200.19.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-initvm-powerpc64le-20250306-150200.19.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:build-initvm-powerpc64le-20250306-150200.19.1.noarch"
},
"product_reference": "build-initvm-powerpc64le-20250306-150200.19.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-initvm-s390x-20250306-150200.19.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:build-initvm-s390x-20250306-150200.19.1.noarch"
},
"product_reference": "build-initvm-s390x-20250306-150200.19.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-initvm-x86_64-20250306-150200.19.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:build-initvm-x86_64-20250306-150200.19.1.noarch"
},
"product_reference": "build-initvm-x86_64-20250306-150200.19.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-mkbaselibs-20250306-150200.19.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:build-mkbaselibs-20250306-150200.19.1.noarch"
},
"product_reference": "build-mkbaselibs-20250306-150200.19.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-mkdrpms-20250306-150200.19.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:build-mkdrpms-20250306-150200.19.1.noarch"
},
"product_reference": "build-mkdrpms-20250306-150200.19.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-22038",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-22038"
}
],
"notes": [
{
"category": "general",
"text": "Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:build-20250306-150200.19.1.noarch",
"SUSE Enterprise Storage 7.1:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:build-mkbaselibs-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-initvm-aarch64-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-initvm-powerpc64le-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-initvm-s390x-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-initvm-x86_64-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-mkbaselibs-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-mkdrpms-20250306-150200.19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-22038",
"url": "https://www.suse.com/security/cve/CVE-2024-22038"
},
{
"category": "external",
"summary": "SUSE Bug 1230469 for CVE-2024-22038",
"url": "https://bugzilla.suse.com/1230469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:build-20250306-150200.19.1.noarch",
"SUSE Enterprise Storage 7.1:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:build-mkbaselibs-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-initvm-aarch64-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-initvm-powerpc64le-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-initvm-s390x-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-initvm-x86_64-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-mkbaselibs-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-mkdrpms-20250306-150200.19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:build-20250306-150200.19.1.noarch",
"SUSE Enterprise Storage 7.1:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:build-mkbaselibs-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-initvm-aarch64-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-initvm-powerpc64le-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-initvm-s390x-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-initvm-x86_64-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-mkbaselibs-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-mkdrpms-20250306-150200.19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T17:58:06Z",
"details": "important"
}
],
"title": "CVE-2024-22038"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…