Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-20206 (GCVE-0-2021-20206)
Vulnerability from cvelistv5 – Published: 2021-03-26 21:34 – Updated: 2024-08-03 17:30
VLAI
EPSS
Summary
An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Severity
7.2 (High)
CWE
- CWE-20 - >CWE-22
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1919391 | x_refsource_MISC |
| https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAIN… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | containernetworking-cni |
Affected:
containernetworking/cni 0.8.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERNETWORKINGCNIPKGINVOKE-1070549"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "containernetworking-cni",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "containernetworking/cni 0.8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the \u0027type\u0027 field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as \u0027reboot\u0027. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20-\u003eCWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-26T21:34:58.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERNETWORKINGCNIPKGINVOKE-1070549"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "containernetworking-cni",
"version": {
"version_data": [
{
"version_value": "containernetworking/cni 0.8.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the \u0027type\u0027 field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as \u0027reboot\u0027. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20-\u003eCWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919391"
},
{
"name": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERNETWORKINGCNIPKGINVOKE-1070549",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERNETWORKINGCNIPKGINVOKE-1070549"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20206",
"datePublished": "2021-03-26T21:34:58.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:30:07.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-20206",
"date": "2026-06-05",
"epss": "0.00121",
"percentile": "0.30651"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-20206\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2021-03-26T22:15:12.617\",\"lastModified\":\"2024-11-21T05:46:07.850\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the \u0027type\u0027 field in the network configuration, it is possible to use special elements such as \\\"../\\\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as \u0027reboot\u0027. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 una limitaci\u00f3n inapropiada del fallo en el nombre de la ruta en containernetworking/cni en versiones anteriores a 0.8.1.\u0026#xa0;Cuando se especifica el plugin a cargar en el campo \\\"type\\\" en la configuraci\u00f3n de red, es posible usar elementos especiales como separadores \\\"../\\\" para hacer referencia a binarios en otras partes del sistema.\u0026#xa0;Este fallo permite a un atacante ejecutar otros binarios existentes que no sean los plugins y tipos de cni, como \\\"reboot\\\".\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la confidencialidad, la integridad y la disponibilidad del sistema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:container_network_interface:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.8.1\",\"matchCriteriaId\":\"03195E86-5FBC-4A4B-AAE8-B0A4AF78BBFC\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1919391\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERNETWORKINGCNIPKGINVOKE-1070549\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1919391\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERNETWORKINGCNIPKGINVOKE-1070549\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
SUSE-SU-2022:3655-1
Vulnerability from csaf_suse - Published: 2022-10-19 10:34 - Updated: 2022-10-19 10:34Summary
Security update for buildah
Severity
Important
Notes
Title of the patch: Security update for buildah
Description of the patch: This update for buildah fixes the following issues:
Buildah was updated to version 1.27.1:
- CVE-2021-20206: Fixed an issue in libcni that could allow an attacker
to execute arbitrary binaries on the host (bsc#1181961).
- CVE-2020-10696: Fixed an issue that could lead to files being
overwritten during the image building process (bsc#1167864).
- CVE-2022-2990: Fixed a possible information disclosure and modification (bsc#1202812).
Patchnames: SUSE-2022-3655,SUSE-SLE-Module-Containers-15-SP4-2022-3655,openSUSE-SLE-15.4-2022-3655
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.2 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for buildah",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for buildah fixes the following issues:\n \nBuildah was updated to version 1.27.1:\n\n- CVE-2021-20206: Fixed an issue in libcni that could allow an attacker\n to execute arbitrary binaries on the host (bsc#1181961).\n- CVE-2020-10696: Fixed an issue that could lead to files being\n overwritten during the image building process (bsc#1167864).\n- CVE-2022-2990: Fixed a possible information disclosure and modification (bsc#1202812).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-3655,SUSE-SLE-Module-Containers-15-SP4-2022-3655,openSUSE-SLE-15.4-2022-3655",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3655-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:3655-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223655-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:3655-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012578.html"
},
{
"category": "self",
"summary": "SUSE Bug 1167864",
"url": "https://bugzilla.suse.com/1167864"
},
{
"category": "self",
"summary": "SUSE Bug 1181961",
"url": "https://bugzilla.suse.com/1181961"
},
{
"category": "self",
"summary": "SUSE Bug 1202812",
"url": "https://bugzilla.suse.com/1202812"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10696 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10696/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20206 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2990 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2990/"
}
],
"title": "Security update for buildah",
"tracking": {
"current_release_date": "2022-10-19T10:34:23Z",
"generator": {
"date": "2022-10-19T10:34:23Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:3655-1",
"initial_release_date": "2022-10-19T10:34:23Z",
"revision_history": [
{
"date": "2022-10-19T10:34:23Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.27.1-150400.3.8.1.aarch64",
"product": {
"name": "buildah-1.27.1-150400.3.8.1.aarch64",
"product_id": "buildah-1.27.1-150400.3.8.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.27.1-150400.3.8.1.i586",
"product": {
"name": "buildah-1.27.1-150400.3.8.1.i586",
"product_id": "buildah-1.27.1-150400.3.8.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.27.1-150400.3.8.1.ppc64le",
"product": {
"name": "buildah-1.27.1-150400.3.8.1.ppc64le",
"product_id": "buildah-1.27.1-150400.3.8.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.27.1-150400.3.8.1.s390x",
"product": {
"name": "buildah-1.27.1-150400.3.8.1.s390x",
"product_id": "buildah-1.27.1-150400.3.8.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.27.1-150400.3.8.1.x86_64",
"product": {
"name": "buildah-1.27.1-150400.3.8.1.x86_64",
"product_id": "buildah-1.27.1-150400.3.8.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150400.3.8.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64"
},
"product_reference": "buildah-1.27.1-150400.3.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150400.3.8.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le"
},
"product_reference": "buildah-1.27.1-150400.3.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150400.3.8.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x"
},
"product_reference": "buildah-1.27.1-150400.3.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150400.3.8.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64"
},
"product_reference": "buildah-1.27.1-150400.3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150400.3.8.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64"
},
"product_reference": "buildah-1.27.1-150400.3.8.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150400.3.8.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le"
},
"product_reference": "buildah-1.27.1-150400.3.8.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150400.3.8.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x"
},
"product_reference": "buildah-1.27.1-150400.3.8.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150400.3.8.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64"
},
"product_reference": "buildah-1.27.1-150400.3.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-10696",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10696"
}
],
"notes": [
{
"category": "general",
"text": "A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user\u0027s system anywhere that the user has permissions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10696",
"url": "https://www.suse.com/security/cve/CVE-2020-10696"
},
{
"category": "external",
"summary": "SUSE Bug 1167864 for CVE-2020-10696",
"url": "https://bugzilla.suse.com/1167864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-19T10:34:23Z",
"details": "important"
}
],
"title": "CVE-2020-10696"
},
{
"cve": "CVE-2021-20206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20206"
}
],
"notes": [
{
"category": "general",
"text": "An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the \u0027type\u0027 field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as \u0027reboot\u0027. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20206",
"url": "https://www.suse.com/security/cve/CVE-2021-20206"
},
{
"category": "external",
"summary": "SUSE Bug 1181961 for CVE-2021-20206",
"url": "https://bugzilla.suse.com/1181961"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-19T10:34:23Z",
"details": "important"
}
],
"title": "CVE-2021-20206"
},
{
"cve": "CVE-2022-2990",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2990"
}
],
"notes": [
{
"category": "general",
"text": "An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2990",
"url": "https://www.suse.com/security/cve/CVE-2022-2990"
},
{
"category": "external",
"summary": "SUSE Bug 1202812 for CVE-2022-2990",
"url": "https://bugzilla.suse.com/1202812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:buildah-1.27.1-150400.3.8.1.x86_64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.aarch64",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.ppc64le",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.s390x",
"openSUSE Leap 15.4:buildah-1.27.1-150400.3.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-19T10:34:23Z",
"details": "moderate"
}
],
"title": "CVE-2022-2990"
}
]
}
SUSE-SU-2022:3766-1
Vulnerability from csaf_suse - Published: 2022-10-26 09:38 - Updated: 2022-10-26 09:38Summary
Security update for buildah
Severity
Important
Notes
Title of the patch: Security update for buildah
Description of the patch: This update for buildah fixes the following issues:
- CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961).
- CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864).
- CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812
Buildah was updated to version 1.27.1:
* run: add container gid to additional groups
- Add fix for CVE-2022-2990 / bsc#1202812
Update to version 1.27.0:
* Don't try to call runLabelStdioPipes if spec.Linux is not set
* build: support filtering cache by duration using --cache-ttl
* build: support building from commit when using git repo as build context
* build: clean up git repos correctly when using subdirs
* integration tests: quote '?' in shell scripts
* test: manifest inspect should have OCIv1 annotation
* vendor: bump to c/common@87fab4b7019a
* Failure to determine a file or directory should print an error
* refactor: remove unused CommitOptions from generateBuildOutput
* stage_executor: generate output for cases with no commit
* stage_executor, commit: output only if last stage in build
* Use errors.Is() instead of os.Is{Not,}Exist
* Minor test tweak for podman-remote compatibility
* Cirrus: Use the latest imgts container
* imagebuildah: complain about the right Dockerfile
* tests: don't try to wrap `nil` errors
* cmd/buildah.commitCmd: don't shadow 'err'
* cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig
* Fix a copy/paste error message
* Fix a typo in an error message
* build,cache: support pulling/pushing cache layers to/from remote sources
* Update vendor of containers/(common, storage, image)
* Rename chroot/run.go to chroot/run_linux.go
* Don't bother telling codespell to skip files that don't exist
* Set user namespace defaults correctly for the library
* imagebuildah: optimize cache hits for COPY and ADD instructions
* Cirrus: Update VM images w/ updated bats
* docs, run: show SELinux label flag for cache and bind mounts
* imagebuildah, build: remove undefined concurrent writes
* bump github.com/opencontainers/runtime-tools
* Add FreeBSD support for 'buildah info'
* Vendor in latest containers/(storage, common, image)
* Add freebsd cross build targets
* Make the jail package build on 32bit platforms
* Cirrus: Ensure the build-push VM image is labeled
* GHA: Fix dynamic script filename
* Vendor in containers/(common, storage, image)
* Run codespell
* Remove import of github.com/pkg/errors
* Avoid using cgo in pkg/jail
* Rename footypes to fooTypes for naming consistency
* Move cleanupTempVolumes and cleanupRunMounts to run_common.go
* Make the various run mounts work for FreeBSD
* Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go
* Move runSetupRunMounts to run_common.go
* Move cleanableDestinationListFromMounts to run_common.go
* Make setupMounts and runSetupBuiltinVolumes work on FreeBSD
* Move setupMounts and runSetupBuiltinVolumes to run_common.go
* Tidy up - runMakeStdioPipe can't be shared with linux
* Move runAcceptTerminal to run_common.go
* Move stdio copying utilities to run_common.go
* Move runUsingRuntime and runCollectOutput to run_common.go
* Move fileCloser, waitForSync and contains to run_common.go
* Move checkAndOverrideIsolationOptions to run_common.go
* Move DefaultNamespaceOptions to run_common.go
* Move getNetworkInterface to run_common.go
* Move configureEnvironment to run_common.go
* Don't crash in configureUIDGID if Process.Capabilities is nil
* Move configureUIDGID to run_common.go
* Move runLookupPath to run_common.go
* Move setupTerminal to run_common.go
* Move etc file generation utilities to run_common.go
* Add run support for FreeBSD
* Add a simple FreeBSD jail library
* Add FreeBSD support to pkg/chrootuser
* Sync call signature for RunUsingChroot with chroot/run.go
* test: verify feature to resolve basename with args
* vendor: bump openshift/imagebuilder to master@4151e43
* GHA: Remove required reserved-name use
* buildah: set XDG_RUNTIME_DIR before setting default runroot
* imagebuildah: honor build output even if build container is not commited
* chroot: honor DefaultErrnoRet
* [CI:DOCS] improve pull-policy documentation
* tests: retrofit test since --file does not supports dir
* Switch to golang native error wrapping
* BuildDockerfiles: error out if path to containerfile is a directory
* define.downloadToDirectory: fail early if bad HTTP response
* GHA: Allow re-use of Cirrus-Cron fail-mail workflow
* add: fail on bad http response instead of writing to container
* [CI:DOCS] Update buildahimage comment
* lint: inspectable is never nil
* vendor: c/common to common@7e1563b
* build: support OCI hooks for ephemeral build containers
* [CI:BUILD] Install latest buildah instead of compiling
* Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED]
* Make sure cpp is installed in buildah images
* demo: use unshare for rootless invocations
* buildah.spec.rpkg: initial addition
* build: fix test for subid 4
* build, userns: add support for --userns=auto
* Fix building upstream buildah image
* Remove redundant buildahimages-are-sane validation
* Docs: Update multi-arch buildah images readme
* Cirrus: Migrate multiarch build off github actions
* retrofit-tests: we skip unused stages so use stages
* stage_executor: dont rely on stage while looking for additional-context
* buildkit, multistage: skip computing unwanted stages
* More test cleanup
* copier: work around freebsd bug for 'mkdir /'
* Replace $BUILDAH_BINARY with buildah() function
* Fix up buildah images
* Make util and copier build on FreeBSD
* Vendor in latest github.com/sirupsen/logrus
* Makefile: allow building without .git
* run_unix: don't return an error from getNetworkInterface
* run_unix: return a valid DefaultNamespaceOptions
* Update vendor of containers/storage
* chroot: use ActKillThread instead of ActKill
* use resolvconf package from c/common/libnetwork
* update c/common to latest main
* copier: add `NoOverwriteNonDirDir` option
* Sort buildoptions and move cli/build functions to internal
* Fix TODO: de-spaghettify run mounts
* Move options parsing out of build.go and into pkg/cli
* [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps
* build, multiarch: support splitting build logs for --platform
* [CI:BUILD] WIP Cleanup Image Dockerfiles
* cli remove stutter
* docker-parity: ignore sanity check if baseImage history is null
* build, commit: allow disabling image history with --omit-history
* Fix use generic/ambiguous DEBUG name
* Cirrus: use Ubuntu 22.04 LTS
* Fix codespell errors
* Remove util.StringInSlice because it is defined in containers/common
* buildah: add support for renaming a device in rootless setups
* squash: never use build cache when computing last step of last stage
* Update vendor of containers/(common, storage, image)
* buildkit: supports additionalBuildContext in builds via --build-context
* buildah source pull/push: show progress bar
* run: allow resuing secret twice in different RUN steps
* test helpers: default to being rootless-aware
* Add --cpp-flag flag to buildah build
* build: accept branch and subdirectory when context is git repo
* Vendor in latest containers/common
* vendor: update c/storage and c/image
* Fix gentoo install docs
* copier: move NSS load to new process
* Add test for prevention of reusing encrypted layers
* Make `buildah build --label foo` create an empty 'foo' label again
Update to version 1.26.4:
* build, multiarch: support splitting build logs for --platform
* copier: add `NoOverwriteNonDirDir` option
* docker-parity: ignore sanity check if baseImage history is null
* build, commit: allow disabling image history with --omit-history
* buildkit: supports additionalBuildContext in builds via --build-context
* Add --cpp-flag flag to buildah build
Update to version 1.26.3:
* define.downloadToDirectory: fail early if bad HTTP response
* add: fail on bad http response instead of writing to container
* squash: never use build cache when computing last step of last stage
* run: allow resuing secret twice in different RUN steps
* integration tests: update expected error messages
* integration tests: quote '?' in shell scripts
* Use errors.Is() to check for storage errors
* lint: inspectable is never nil
* chroot: use ActKillThread instead of ActKill
* chroot: honor DefaultErrnoRet
* Set user namespace defaults correctly for the library
* contrib/rpm/buildah.spec: fix `rpm` parser warnings
Drop requires on apparmor pattern, should be moved elsewhere
for systems which want AppArmor instead of SELinux.
- Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file
is required to build.
Update to version 1.26.2:
* buildah: add support for renaming a device in rootless setups
Update to version 1.26.1:
* Make `buildah build --label foo` create an empty 'foo' label again
* imagebuildah,build: move deepcopy of args before we spawn goroutine
* Vendor in containers/storage v1.40.2
* buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated
* help output: get more consistent about option usage text
* Handle OS version and features flags
* buildah build: --annotation and --label should remove values
* buildah build: add a --env
* buildah: deep copy options.Args before performing concurrent build/stage
* test: inline platform and builtinargs behaviour
* vendor: bump imagebuilder to master/009dbc6
* build: automatically set correct TARGETPLATFORM where expected
* Vendor in containers/(common, storage, image)
* imagebuildah, executor: process arg variables while populating baseMap
* buildkit: add support for custom build output with --output
* Cirrus: Update CI VMs to F36
* fix staticcheck linter warning for deprecated function
* Fix docs build on FreeBSD
* copier.unwrapError(): update for Go 1.16
* copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit
* copier.Put(): write to read-only directories
* Ed's periodic test cleanup
* using consistent lowercase 'invalid' word in returned err msg
* use etchosts package from c/common
* run: set actual hostname in /etc/hostname to match docker parity
* Update vendor of containers/(common,storage,image)
* manifest-create: allow creating manifest list from local image
* Update vendor of storage,common,image
* Initialize network backend before first pull
* oci spec: change special mount points for namespaces
* tests/helpers.bash: assert handle corner cases correctly
* buildah: actually use containers.conf settings
* integration tests: learn to start a dummy registry
* Fix error check to work on Podman
* buildah build should accept at most one arg
* tests: reduce concurrency for flaky bud-multiple-platform-no-run
* vendor in latest containers/common,image,storage
* manifest-add: allow override arch,variant while adding image
* Remove a stray `\` from .containerenv
* Vendor in latest opencontainers/selinux v1.10.1
* build, commit: allow removing default identity labels
* Create shorter names for containers based on image IDs
* test: skip rootless on cgroupv2 in root env
* fix hang when oci runtime fails
* Set permissions for GitHub actions
* copier test: use correct UID/GID in test archives
* run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM
Patchnames: SUSE-2022-3766,SUSE-SLE-Module-Basesystem-15-SP3-2022-3766,SUSE-SLE-Module-Containers-15-SP3-2022-3766,SUSE-SUSE-MicroOS-5.1-2022-3766,SUSE-SUSE-MicroOS-5.2-2022-3766,openSUSE-Leap-Micro-5.2-2022-3766,openSUSE-SLE-15.3-2022-3766
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.2 (High)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for buildah",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for buildah fixes the following issues:\n\n- CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961).\n- CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864).\n- CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812\n\nBuildah was updated to version 1.27.1:\n\n* run: add container gid to additional groups\n\n- Add fix for CVE-2022-2990 / bsc#1202812\n\n\nUpdate to version 1.27.0:\n\n* Don\u0027t try to call runLabelStdioPipes if spec.Linux is not set\n* build: support filtering cache by duration using --cache-ttl\n* build: support building from commit when using git repo as build context\n* build: clean up git repos correctly when using subdirs\n* integration tests: quote \u0027?\u0027 in shell scripts\n* test: manifest inspect should have OCIv1 annotation\n* vendor: bump to c/common@87fab4b7019a\n* Failure to determine a file or directory should print an error\n* refactor: remove unused CommitOptions from generateBuildOutput\n* stage_executor: generate output for cases with no commit\n* stage_executor, commit: output only if last stage in build\n* Use errors.Is() instead of os.Is{Not,}Exist\n* Minor test tweak for podman-remote compatibility\n* Cirrus: Use the latest imgts container\n* imagebuildah: complain about the right Dockerfile\n* tests: don\u0027t try to wrap `nil` errors\n* cmd/buildah.commitCmd: don\u0027t shadow \u0027err\u0027\n* cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig\n* Fix a copy/paste error message\n* Fix a typo in an error message\n* build,cache: support pulling/pushing cache layers to/from remote sources\n* Update vendor of containers/(common, storage, image)\n* Rename chroot/run.go to chroot/run_linux.go\n* Don\u0027t bother telling codespell to skip files that don\u0027t exist\n* Set user namespace defaults correctly for the library\n* imagebuildah: optimize cache hits for COPY and ADD instructions\n* Cirrus: Update VM images w/ updated bats\n* docs, run: show SELinux label flag for cache and bind mounts\n* imagebuildah, build: remove undefined concurrent writes\n* bump github.com/opencontainers/runtime-tools\n* Add FreeBSD support for \u0027buildah info\u0027\n* Vendor in latest containers/(storage, common, image)\n* Add freebsd cross build targets\n* Make the jail package build on 32bit platforms\n* Cirrus: Ensure the build-push VM image is labeled\n* GHA: Fix dynamic script filename\n* Vendor in containers/(common, storage, image)\n* Run codespell\n* Remove import of github.com/pkg/errors\n* Avoid using cgo in pkg/jail\n* Rename footypes to fooTypes for naming consistency\n* Move cleanupTempVolumes and cleanupRunMounts to run_common.go\n* Make the various run mounts work for FreeBSD\n* Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go\n* Move runSetupRunMounts to run_common.go\n* Move cleanableDestinationListFromMounts to run_common.go\n* Make setupMounts and runSetupBuiltinVolumes work on FreeBSD\n* Move setupMounts and runSetupBuiltinVolumes to run_common.go\n* Tidy up - runMakeStdioPipe can\u0027t be shared with linux\n* Move runAcceptTerminal to run_common.go\n* Move stdio copying utilities to run_common.go\n* Move runUsingRuntime and runCollectOutput to run_common.go\n* Move fileCloser, waitForSync and contains to run_common.go\n* Move checkAndOverrideIsolationOptions to run_common.go\n* Move DefaultNamespaceOptions to run_common.go\n* Move getNetworkInterface to run_common.go\n* Move configureEnvironment to run_common.go\n* Don\u0027t crash in configureUIDGID if Process.Capabilities is nil\n* Move configureUIDGID to run_common.go\n* Move runLookupPath to run_common.go\n* Move setupTerminal to run_common.go\n* Move etc file generation utilities to run_common.go\n* Add run support for FreeBSD\n* Add a simple FreeBSD jail library\n* Add FreeBSD support to pkg/chrootuser\n* Sync call signature for RunUsingChroot with chroot/run.go\n* test: verify feature to resolve basename with args\n* vendor: bump openshift/imagebuilder to master@4151e43\n* GHA: Remove required reserved-name use\n* buildah: set XDG_RUNTIME_DIR before setting default runroot\n* imagebuildah: honor build output even if build container is not commited\n* chroot: honor DefaultErrnoRet\n* [CI:DOCS] improve pull-policy documentation\n* tests: retrofit test since --file does not supports dir\n* Switch to golang native error wrapping\n* BuildDockerfiles: error out if path to containerfile is a directory\n* define.downloadToDirectory: fail early if bad HTTP response\n* GHA: Allow re-use of Cirrus-Cron fail-mail workflow\n* add: fail on bad http response instead of writing to container\n* [CI:DOCS] Update buildahimage comment\n* lint: inspectable is never nil\n* vendor: c/common to common@7e1563b\n* build: support OCI hooks for ephemeral build containers\n* [CI:BUILD] Install latest buildah instead of compiling\n* Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED]\n* Make sure cpp is installed in buildah images\n* demo: use unshare for rootless invocations\n* buildah.spec.rpkg: initial addition\n* build: fix test for subid 4\n* build, userns: add support for --userns=auto\n* Fix building upstream buildah image\n* Remove redundant buildahimages-are-sane validation\n* Docs: Update multi-arch buildah images readme\n* Cirrus: Migrate multiarch build off github actions\n* retrofit-tests: we skip unused stages so use stages\n* stage_executor: dont rely on stage while looking for additional-context\n* buildkit, multistage: skip computing unwanted stages\n* More test cleanup\n* copier: work around freebsd bug for \u0027mkdir /\u0027\n* Replace $BUILDAH_BINARY with buildah() function\n* Fix up buildah images\n* Make util and copier build on FreeBSD\n* Vendor in latest github.com/sirupsen/logrus\n* Makefile: allow building without .git\n* run_unix: don\u0027t return an error from getNetworkInterface\n* run_unix: return a valid DefaultNamespaceOptions\n* Update vendor of containers/storage\n* chroot: use ActKillThread instead of ActKill\n* use resolvconf package from c/common/libnetwork\n* update c/common to latest main\n* copier: add `NoOverwriteNonDirDir` option\n* Sort buildoptions and move cli/build functions to internal\n* Fix TODO: de-spaghettify run mounts\n* Move options parsing out of build.go and into pkg/cli\n* [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps\n* build, multiarch: support splitting build logs for --platform\n* [CI:BUILD] WIP Cleanup Image Dockerfiles\n* cli remove stutter\n* docker-parity: ignore sanity check if baseImage history is null\n* build, commit: allow disabling image history with --omit-history\n* Fix use generic/ambiguous DEBUG name\n* Cirrus: use Ubuntu 22.04 LTS\n* Fix codespell errors\n* Remove util.StringInSlice because it is defined in containers/common\n* buildah: add support for renaming a device in rootless setups\n* squash: never use build cache when computing last step of last stage\n* Update vendor of containers/(common, storage, image)\n* buildkit: supports additionalBuildContext in builds via --build-context\n* buildah source pull/push: show progress bar\n* run: allow resuing secret twice in different RUN steps\n* test helpers: default to being rootless-aware\n* Add --cpp-flag flag to buildah build\n* build: accept branch and subdirectory when context is git repo\n* Vendor in latest containers/common\n* vendor: update c/storage and c/image\n* Fix gentoo install docs\n* copier: move NSS load to new process\n* Add test for prevention of reusing encrypted layers\n* Make `buildah build --label foo` create an empty \u0027foo\u0027 label again\n\n\nUpdate to version 1.26.4:\n\n* build, multiarch: support splitting build logs for --platform\n* copier: add `NoOverwriteNonDirDir` option\n* docker-parity: ignore sanity check if baseImage history is null\n* build, commit: allow disabling image history with --omit-history\n* buildkit: supports additionalBuildContext in builds via --build-context\n* Add --cpp-flag flag to buildah build\n\nUpdate to version 1.26.3:\n\n* define.downloadToDirectory: fail early if bad HTTP response\n* add: fail on bad http response instead of writing to container\n* squash: never use build cache when computing last step of last stage\n* run: allow resuing secret twice in different RUN steps\n* integration tests: update expected error messages\n* integration tests: quote \u0027?\u0027 in shell scripts\n* Use errors.Is() to check for storage errors\n* lint: inspectable is never nil\n* chroot: use ActKillThread instead of ActKill\n* chroot: honor DefaultErrnoRet\n* Set user namespace defaults correctly for the library\n* contrib/rpm/buildah.spec: fix `rpm` parser warnings\n\nDrop requires on apparmor pattern, should be moved elsewhere\nfor systems which want AppArmor instead of SELinux.\n\n- Update BuildRequires to libassuan-devel \u003e= 2.5.2, pkgconfig file\n is required to build.\n\nUpdate to version 1.26.2:\n\n* buildah: add support for renaming a device in rootless setups\n\nUpdate to version 1.26.1:\n\n* Make `buildah build --label foo` create an empty \u0027foo\u0027 label again\n* imagebuildah,build: move deepcopy of args before we spawn goroutine\n* Vendor in containers/storage v1.40.2\n* buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated\n* help output: get more consistent about option usage text\n* Handle OS version and features flags\n* buildah build: --annotation and --label should remove values\n* buildah build: add a --env\n* buildah: deep copy options.Args before performing concurrent build/stage\n* test: inline platform and builtinargs behaviour\n* vendor: bump imagebuilder to master/009dbc6\n* build: automatically set correct TARGETPLATFORM where expected\n* Vendor in containers/(common, storage, image)\n* imagebuildah, executor: process arg variables while populating baseMap\n* buildkit: add support for custom build output with --output\n* Cirrus: Update CI VMs to F36\n* fix staticcheck linter warning for deprecated function\n* Fix docs build on FreeBSD\n* copier.unwrapError(): update for Go 1.16\n* copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit\n* copier.Put(): write to read-only directories\n* Ed\u0027s periodic test cleanup\n* using consistent lowercase \u0027invalid\u0027 word in returned err msg\n* use etchosts package from c/common\n* run: set actual hostname in /etc/hostname to match docker parity\n* Update vendor of containers/(common,storage,image)\n* manifest-create: allow creating manifest list from local image\n* Update vendor of storage,common,image\n* Initialize network backend before first pull\n* oci spec: change special mount points for namespaces\n* tests/helpers.bash: assert handle corner cases correctly\n* buildah: actually use containers.conf settings\n* integration tests: learn to start a dummy registry\n* Fix error check to work on Podman\n* buildah build should accept at most one arg\n* tests: reduce concurrency for flaky bud-multiple-platform-no-run\n* vendor in latest containers/common,image,storage\n* manifest-add: allow override arch,variant while adding image\n* Remove a stray `\\` from .containerenv\n* Vendor in latest opencontainers/selinux v1.10.1\n* build, commit: allow removing default identity labels\n* Create shorter names for containers based on image IDs\n* test: skip rootless on cgroupv2 in root env\n* fix hang when oci runtime fails\n* Set permissions for GitHub actions\n* copier test: use correct UID/GID in test archives\n* run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-3766,SUSE-SLE-Module-Basesystem-15-SP3-2022-3766,SUSE-SLE-Module-Containers-15-SP3-2022-3766,SUSE-SUSE-MicroOS-5.1-2022-3766,SUSE-SUSE-MicroOS-5.2-2022-3766,openSUSE-Leap-Micro-5.2-2022-3766,openSUSE-SLE-15.3-2022-3766",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3766-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:3766-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223766-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:3766-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012703.html"
},
{
"category": "self",
"summary": "SUSE Bug 1167864",
"url": "https://bugzilla.suse.com/1167864"
},
{
"category": "self",
"summary": "SUSE Bug 1181961",
"url": "https://bugzilla.suse.com/1181961"
},
{
"category": "self",
"summary": "SUSE Bug 1202812",
"url": "https://bugzilla.suse.com/1202812"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10696 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10696/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20206 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2990 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2990/"
}
],
"title": "Security update for buildah",
"tracking": {
"current_release_date": "2022-10-26T09:38:08Z",
"generator": {
"date": "2022-10-26T09:38:08Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:3766-1",
"initial_release_date": "2022-10-26T09:38:08Z",
"revision_history": [
{
"date": "2022-10-26T09:38:08Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.27.1-150300.8.11.1.aarch64",
"product": {
"name": "buildah-1.27.1-150300.8.11.1.aarch64",
"product_id": "buildah-1.27.1-150300.8.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"product": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"product_id": "libgpg-error-devel-1.42-150300.9.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "libgpg-error0-1.42-150300.9.3.1.aarch64",
"product": {
"name": "libgpg-error0-1.42-150300.9.3.1.aarch64",
"product_id": "libgpg-error0-1.42-150300.9.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libgpg-error-devel-64bit-1.42-150300.9.3.1.aarch64_ilp32",
"product": {
"name": "libgpg-error-devel-64bit-1.42-150300.9.3.1.aarch64_ilp32",
"product_id": "libgpg-error-devel-64bit-1.42-150300.9.3.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libgpg-error0-64bit-1.42-150300.9.3.1.aarch64_ilp32",
"product": {
"name": "libgpg-error0-64bit-1.42-150300.9.3.1.aarch64_ilp32",
"product_id": "libgpg-error0-64bit-1.42-150300.9.3.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "libgpg-error-devel-1.42-150300.9.3.1.i586",
"product": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.i586",
"product_id": "libgpg-error-devel-1.42-150300.9.3.1.i586"
}
},
{
"category": "product_version",
"name": "libgpg-error0-1.42-150300.9.3.1.i586",
"product": {
"name": "libgpg-error0-1.42-150300.9.3.1.i586",
"product_id": "libgpg-error0-1.42-150300.9.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.27.1-150300.8.11.1.ppc64le",
"product": {
"name": "buildah-1.27.1-150300.8.11.1.ppc64le",
"product_id": "buildah-1.27.1-150300.8.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"product": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"product_id": "libgpg-error-devel-1.42-150300.9.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libgpg-error0-1.42-150300.9.3.1.ppc64le",
"product": {
"name": "libgpg-error0-1.42-150300.9.3.1.ppc64le",
"product_id": "libgpg-error0-1.42-150300.9.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.27.1-150300.8.11.1.s390x",
"product": {
"name": "buildah-1.27.1-150300.8.11.1.s390x",
"product_id": "buildah-1.27.1-150300.8.11.1.s390x"
}
},
{
"category": "product_version",
"name": "libgpg-error-devel-1.42-150300.9.3.1.s390x",
"product": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.s390x",
"product_id": "libgpg-error-devel-1.42-150300.9.3.1.s390x"
}
},
{
"category": "product_version",
"name": "libgpg-error0-1.42-150300.9.3.1.s390x",
"product": {
"name": "libgpg-error0-1.42-150300.9.3.1.s390x",
"product_id": "libgpg-error0-1.42-150300.9.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.27.1-150300.8.11.1.x86_64",
"product": {
"name": "buildah-1.27.1-150300.8.11.1.x86_64",
"product_id": "buildah-1.27.1-150300.8.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"product": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"product_id": "libgpg-error-devel-1.42-150300.9.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"product": {
"name": "libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"product_id": "libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libgpg-error0-1.42-150300.9.3.1.x86_64",
"product": {
"name": "libgpg-error0-1.42-150300.9.3.1.x86_64",
"product_id": "libgpg-error0-1.42-150300.9.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"product": {
"name": "libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"product_id": "libgpg-error0-32bit-1.42-150300.9.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap Micro 5.2",
"product": {
"name": "openSUSE Leap Micro 5.2",
"product_id": "openSUSE Leap Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap-micro:5.2"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64"
},
"product_reference": "libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le"
},
"product_reference": "libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x"
},
"product_reference": "libgpg-error-devel-1.42-150300.9.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64"
},
"product_reference": "libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-32bit-1.42-150300.9.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64"
},
"product_reference": "libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150300.8.11.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64"
},
"product_reference": "buildah-1.27.1-150300.8.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150300.8.11.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le"
},
"product_reference": "buildah-1.27.1-150300.8.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150300.8.11.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x"
},
"product_reference": "buildah-1.27.1-150300.8.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150300.8.11.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64"
},
"product_reference": "buildah-1.27.1-150300.8.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.aarch64 as component of openSUSE Leap Micro 5.2",
"product_id": "openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.x86_64 as component of openSUSE Leap Micro 5.2",
"product_id": "openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150300.8.11.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64"
},
"product_reference": "buildah-1.27.1-150300.8.11.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150300.8.11.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le"
},
"product_reference": "buildah-1.27.1-150300.8.11.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150300.8.11.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x"
},
"product_reference": "buildah-1.27.1-150300.8.11.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.27.1-150300.8.11.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64"
},
"product_reference": "buildah-1.27.1-150300.8.11.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64"
},
"product_reference": "libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le"
},
"product_reference": "libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x"
},
"product_reference": "libgpg-error-devel-1.42-150300.9.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error-devel-1.42-150300.9.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64"
},
"product_reference": "libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64"
},
"product_reference": "libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-1.42-150300.9.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64"
},
"product_reference": "libgpg-error0-1.42-150300.9.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libgpg-error0-32bit-1.42-150300.9.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64"
},
"product_reference": "libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-10696",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10696"
}
],
"notes": [
{
"category": "general",
"text": "A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user\u0027s system anywhere that the user has permissions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10696",
"url": "https://www.suse.com/security/cve/CVE-2020-10696"
},
{
"category": "external",
"summary": "SUSE Bug 1167864 for CVE-2020-10696",
"url": "https://bugzilla.suse.com/1167864"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-26T09:38:08Z",
"details": "important"
}
],
"title": "CVE-2020-10696"
},
{
"cve": "CVE-2021-20206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20206"
}
],
"notes": [
{
"category": "general",
"text": "An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the \u0027type\u0027 field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as \u0027reboot\u0027. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20206",
"url": "https://www.suse.com/security/cve/CVE-2021-20206"
},
{
"category": "external",
"summary": "SUSE Bug 1181961 for CVE-2021-20206",
"url": "https://bugzilla.suse.com/1181961"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-26T09:38:08Z",
"details": "important"
}
],
"title": "CVE-2021-20206"
},
{
"cve": "CVE-2022-2990",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2990"
}
],
"notes": [
{
"category": "general",
"text": "An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2990",
"url": "https://www.suse.com/security/cve/CVE-2022-2990"
},
{
"category": "external",
"summary": "SUSE Bug 1202812 for CVE-2022-2990",
"url": "https://bugzilla.suse.com/1202812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.1:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.aarch64",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.ppc64le",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.s390x",
"openSUSE Leap 15.3:buildah-1.27.1-150300.8.11.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error-devel-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error-devel-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.ppc64le",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.s390x",
"openSUSE Leap 15.3:libgpg-error0-1.42-150300.9.3.1.x86_64",
"openSUSE Leap 15.3:libgpg-error0-32bit-1.42-150300.9.3.1.x86_64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.aarch64",
"openSUSE Leap Micro 5.2:libgpg-error0-1.42-150300.9.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-10-26T09:38:08Z",
"details": "moderate"
}
],
"title": "CVE-2022-2990"
}
]
}
SUSE-SU-2022:4150-1
Vulnerability from csaf_suse - Published: 2022-11-21 12:21 - Updated: 2022-11-21 12:21Summary
Security update for cni
Severity
Important
Notes
Title of the patch: Security update for cni
Description of the patch: This update for cni fixes the following issues:
- CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961).
Patchnames: SUSE-2022-4150,SUSE-SLE-Module-Public-Cloud-15-2022-4150
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.2 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 15:cni-0.7.1-150000.1.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for cni",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for cni fixes the following issues:\n\n- CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-4150,SUSE-SLE-Module-Public-Cloud-15-2022-4150",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_4150-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:4150-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224150-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:4150-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013052.html"
},
{
"category": "self",
"summary": "SUSE Bug 1181961",
"url": "https://bugzilla.suse.com/1181961"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20206 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20206/"
}
],
"title": "Security update for cni",
"tracking": {
"current_release_date": "2022-11-21T12:21:42Z",
"generator": {
"date": "2022-11-21T12:21:42Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:4150-1",
"initial_release_date": "2022-11-21T12:21:42Z",
"revision_history": [
{
"date": "2022-11-21T12:21:42Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cni-0.7.1-150000.1.7.1.aarch64",
"product": {
"name": "cni-0.7.1-150000.1.7.1.aarch64",
"product_id": "cni-0.7.1-150000.1.7.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cni-0.7.1-150000.1.7.1.i586",
"product": {
"name": "cni-0.7.1-150000.1.7.1.i586",
"product_id": "cni-0.7.1-150000.1.7.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "cni-0.7.1-150000.1.7.1.ppc64le",
"product": {
"name": "cni-0.7.1-150000.1.7.1.ppc64le",
"product_id": "cni-0.7.1-150000.1.7.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cni-0.7.1-150000.1.7.1.s390x",
"product": {
"name": "cni-0.7.1-150000.1.7.1.s390x",
"product_id": "cni-0.7.1-150000.1.7.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cni-0.7.1-150000.1.7.1.x86_64",
"product": {
"name": "cni-0.7.1-150000.1.7.1.x86_64",
"product_id": "cni-0.7.1-150000.1.7.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 15",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 15",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150000.1.7.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15:cni-0.7.1-150000.1.7.1.x86_64"
},
"product_reference": "cni-0.7.1-150000.1.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-20206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20206"
}
],
"notes": [
{
"category": "general",
"text": "An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the \u0027type\u0027 field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as \u0027reboot\u0027. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15:cni-0.7.1-150000.1.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20206",
"url": "https://www.suse.com/security/cve/CVE-2021-20206"
},
{
"category": "external",
"summary": "SUSE Bug 1181961 for CVE-2021-20206",
"url": "https://bugzilla.suse.com/1181961"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15:cni-0.7.1-150000.1.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15:cni-0.7.1-150000.1.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-11-21T12:21:42Z",
"details": "important"
}
],
"title": "CVE-2021-20206"
}
]
}
SUSE-SU-2022:4151-1
Vulnerability from csaf_suse - Published: 2022-11-21 12:21 - Updated: 2022-11-21 12:21Summary
Security update for cni-plugins
Severity
Important
Notes
Title of the patch: Security update for cni-plugins
Description of the patch: This update for cni-plugins fixes the following issues:
- CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961).
Patchnames: SUSE-2022-4151,SUSE-SLE-Module-Public-Cloud-15-2022-4151
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 15:cni-plugins-0.8.6-150000.1.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.2 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 15:cni-plugins-0.8.6-150000.1.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
13 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for cni-plugins",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for cni-plugins fixes the following issues:\n\n- CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-4151,SUSE-SLE-Module-Public-Cloud-15-2022-4151",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_4151-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:4151-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224151-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:4151-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013051.html"
},
{
"category": "self",
"summary": "SUSE Bug 1172410",
"url": "https://bugzilla.suse.com/1172410"
},
{
"category": "self",
"summary": "SUSE Bug 1181961",
"url": "https://bugzilla.suse.com/1181961"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10749 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10749/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20206 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20206/"
}
],
"title": "Security update for cni-plugins",
"tracking": {
"current_release_date": "2022-11-21T12:21:51Z",
"generator": {
"date": "2022-11-21T12:21:51Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:4151-1",
"initial_release_date": "2022-11-21T12:21:51Z",
"revision_history": [
{
"date": "2022-11-21T12:21:51Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cni-plugins-0.8.6-150000.1.7.1.aarch64",
"product": {
"name": "cni-plugins-0.8.6-150000.1.7.1.aarch64",
"product_id": "cni-plugins-0.8.6-150000.1.7.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cni-plugins-0.8.6-150000.1.7.1.i586",
"product": {
"name": "cni-plugins-0.8.6-150000.1.7.1.i586",
"product_id": "cni-plugins-0.8.6-150000.1.7.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "cni-plugins-0.8.6-150000.1.7.1.ppc64le",
"product": {
"name": "cni-plugins-0.8.6-150000.1.7.1.ppc64le",
"product_id": "cni-plugins-0.8.6-150000.1.7.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cni-plugins-0.8.6-150000.1.7.1.s390x",
"product": {
"name": "cni-plugins-0.8.6-150000.1.7.1.s390x",
"product_id": "cni-plugins-0.8.6-150000.1.7.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cni-plugins-0.8.6-150000.1.7.1.x86_64",
"product": {
"name": "cni-plugins-0.8.6-150000.1.7.1.x86_64",
"product_id": "cni-plugins-0.8.6-150000.1.7.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 15",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 15",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150000.1.7.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15:cni-plugins-0.8.6-150000.1.7.1.x86_64"
},
"product_reference": "cni-plugins-0.8.6-150000.1.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-10749",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10749"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15:cni-plugins-0.8.6-150000.1.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10749",
"url": "https://www.suse.com/security/cve/CVE-2020-10749"
},
{
"category": "external",
"summary": "SUSE Bug 1172375 for CVE-2020-10749",
"url": "https://bugzilla.suse.com/1172375"
},
{
"category": "external",
"summary": "SUSE Bug 1172410 for CVE-2020-10749",
"url": "https://bugzilla.suse.com/1172410"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15:cni-plugins-0.8.6-150000.1.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15:cni-plugins-0.8.6-150000.1.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-11-21T12:21:51Z",
"details": "moderate"
}
],
"title": "CVE-2020-10749"
},
{
"cve": "CVE-2021-20206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20206"
}
],
"notes": [
{
"category": "general",
"text": "An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the \u0027type\u0027 field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as \u0027reboot\u0027. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15:cni-plugins-0.8.6-150000.1.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20206",
"url": "https://www.suse.com/security/cve/CVE-2021-20206"
},
{
"category": "external",
"summary": "SUSE Bug 1181961 for CVE-2021-20206",
"url": "https://bugzilla.suse.com/1181961"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15:cni-plugins-0.8.6-150000.1.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15:cni-plugins-0.8.6-150000.1.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-11-21T12:21:51Z",
"details": "important"
}
],
"title": "CVE-2021-20206"
}
]
}
SUSE-SU-2022:4592-1
Vulnerability from csaf_suse - Published: 2022-12-20 15:52 - Updated: 2022-12-20 15:52Summary
Security update for cni
Severity
Important
Notes
Title of the patch: Security update for cni
Description of the patch: This update for cni fixes the following issues:
- CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961).
Patchnames: SUSE-2022-4592,SUSE-SLE-Micro-5.3-2022-4592,SUSE-SLE-Module-Containers-15-SP3-2022-4592,SUSE-SLE-Module-Containers-15-SP4-2022-4592,SUSE-SLE-Module-Public-Cloud-15-SP1-2022-4592,SUSE-SLE-Module-Public-Cloud-15-SP2-2022-4592,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4592,SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4592,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4592,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4592,SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4592,SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4592,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4592,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4592,SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4592,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4592,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4592,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4592,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4592,SUSE-SUSE-MicroOS-5.1-2022-4592,SUSE-SUSE-MicroOS-5.2-2022-4592,SUSE-Storage-6-2022-4592,SUSE-Storage-7-2022-4592,SUSE-Storage-7.1-2022-4592,openSUSE-Leap-Micro-5.2-2022-4592,openSUSE-Leap-Micro-5.3-2022-4592,openSUSE-SLE-15.3-2022-4592,openSUSE-SLE-15.4-2022-4592
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.2 (High)
Affected products
Recommended
70 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:cni-0.7.1-150100.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:cni-0.7.1-150100.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:cni-0.7.1-150100.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:cni-0.7.1-150100.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:cni-0.7.1-150100.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:cni-0.7.1-150100.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:cni-0.7.1-150100.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:cni-0.7.1-150100.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:cni-0.7.1-150100.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:cni-0.7.1-150100.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:cni-0.7.1-150100.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:cni-0.7.1-150100.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cni-0.7.1-150100.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cni-0.7.1-150100.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:cni-0.7.1-150100.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:cni-0.7.1-150100.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:cni-0.7.1-150100.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:cni-0.7.1-150100.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:cni-0.7.1-150100.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:cni-0.7.1-150100.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:cni-0.7.1-150100.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:cni-0.7.1-150100.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:cni-0.7.1-150100.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:cni-0.7.1-150100.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:cni-0.7.1-150100.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:cni-0.7.1-150100.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:cni-0.7.1-150100.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:cni-0.7.1-150100.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:cni-0.7.1-150100.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:cni-0.7.1-150100.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:cni-0.7.1-150100.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-0.7.1-150100.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-0.7.1-150100.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-0.7.1-150100.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-0.7.1-150100.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-0.7.1-150100.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-0.7.1-150100.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-0.7.1-150100.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-0.7.1-150100.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:cni-0.7.1-150100.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:cni-0.7.1-150100.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:cni-0.7.1-150100.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:cni-0.7.1-150100.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:cni-0.7.1-150100.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:cni-0.7.1-150100.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:cni-0.7.1-150100.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:cni-0.7.1-150100.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:cni-0.7.1-150100.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:cni-0.7.1-150100.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:cni-0.7.1-150100.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:cni-0.7.1-150100.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:cni-0.7.1-150100.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:cni-0.7.1-150100.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:cni-0.7.1-150100.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:cni-0.7.1-150100.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:cni-0.7.1-150100.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:cni-0.7.1-150100.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:cni-0.7.1-150100.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:cni-0.7.1-150100.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:cni-0.7.1-150100.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:cni-0.7.1-150100.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:cni-0.7.1-150100.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:cni-0.7.1-150100.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:cni-0.7.1-150100.3.8.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:cni-0.7.1-150100.3.8.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:cni-0.7.1-150100.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:cni-0.7.1-150100.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:cni-0.7.1-150100.3.8.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.3:cni-0.7.1-150100.3.8.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.3:cni-0.7.1-150100.3.8.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for cni",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for cni fixes the following issues:\n\n- CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-4592,SUSE-SLE-Micro-5.3-2022-4592,SUSE-SLE-Module-Containers-15-SP3-2022-4592,SUSE-SLE-Module-Containers-15-SP4-2022-4592,SUSE-SLE-Module-Public-Cloud-15-SP1-2022-4592,SUSE-SLE-Module-Public-Cloud-15-SP2-2022-4592,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4592,SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4592,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4592,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4592,SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4592,SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4592,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4592,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4592,SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4592,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4592,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4592,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4592,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4592,SUSE-SUSE-MicroOS-5.1-2022-4592,SUSE-SUSE-MicroOS-5.2-2022-4592,SUSE-Storage-6-2022-4592,SUSE-Storage-7-2022-4592,SUSE-Storage-7.1-2022-4592,openSUSE-Leap-Micro-5.2-2022-4592,openSUSE-Leap-Micro-5.3-2022-4592,openSUSE-SLE-15.3-2022-4592,openSUSE-SLE-15.4-2022-4592",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_4592-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:4592-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224592-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:4592-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013299.html"
},
{
"category": "self",
"summary": "SUSE Bug 1181961",
"url": "https://bugzilla.suse.com/1181961"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20206 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20206/"
}
],
"title": "Security update for cni",
"tracking": {
"current_release_date": "2022-12-20T15:52:04Z",
"generator": {
"date": "2022-12-20T15:52:04Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:4592-1",
"initial_release_date": "2022-12-20T15:52:04Z",
"revision_history": [
{
"date": "2022-12-20T15:52:04Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cni-0.7.1-150100.3.8.1.aarch64",
"product": {
"name": "cni-0.7.1-150100.3.8.1.aarch64",
"product_id": "cni-0.7.1-150100.3.8.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cni-0.7.1-150100.3.8.1.i586",
"product": {
"name": "cni-0.7.1-150100.3.8.1.i586",
"product_id": "cni-0.7.1-150100.3.8.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "cni-0.7.1-150100.3.8.1.ppc64le",
"product": {
"name": "cni-0.7.1-150100.3.8.1.ppc64le",
"product_id": "cni-0.7.1-150100.3.8.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cni-0.7.1-150100.3.8.1.s390x",
"product": {
"name": "cni-0.7.1-150100.3.8.1.s390x",
"product_id": "cni-0.7.1-150100.3.8.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cni-0.7.1-150100.3.8.1.x86_64",
"product": {
"name": "cni-0.7.1-150100.3.8.1.x86_64",
"product_id": "cni-0.7.1-150100.3.8.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_bcl:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_bcl:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.1",
"product": {
"name": "SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Retail Branch Server 4.1",
"product": {
"name": "SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-retail-branch-server:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.1",
"product": {
"name": "SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 6",
"product": {
"name": "SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:6"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7",
"product": {
"name": "SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap Micro 5.2",
"product": {
"name": "openSUSE Leap Micro 5.2",
"product_id": "openSUSE Leap Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap-micro:5.2"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap Micro 5.3",
"product": {
"name": "openSUSE Leap Micro 5.3",
"product_id": "openSUSE Leap Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:cni-0.7.1-150100.3.8.1.aarch64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:cni-0.7.1-150100.3.8.1.s390x"
},
"product_reference": "cni-0.7.1-150100.3.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:cni-0.7.1-150100.3.8.1.x86_64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:cni-0.7.1-150100.3.8.1.aarch64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:cni-0.7.1-150100.3.8.1.ppc64le"
},
"product_reference": "cni-0.7.1-150100.3.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:cni-0.7.1-150100.3.8.1.s390x"
},
"product_reference": "cni-0.7.1-150100.3.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:cni-0.7.1-150100.3.8.1.x86_64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:cni-0.7.1-150100.3.8.1.aarch64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:cni-0.7.1-150100.3.8.1.ppc64le"
},
"product_reference": "cni-0.7.1-150100.3.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:cni-0.7.1-150100.3.8.1.s390x"
},
"product_reference": "cni-0.7.1-150100.3.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:cni-0.7.1-150100.3.8.1.x86_64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-0.7.1-150100.3.8.1.aarch64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.ppc64le as component of SUSE Linux Enterprise Module for Public Cloud 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-0.7.1-150100.3.8.1.ppc64le"
},
"product_reference": "cni-0.7.1-150100.3.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.s390x as component of SUSE Linux Enterprise Module for Public Cloud 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-0.7.1-150100.3.8.1.s390x"
},
"product_reference": "cni-0.7.1-150100.3.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-0.7.1-150100.3.8.1.x86_64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-0.7.1-150100.3.8.1.aarch64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.ppc64le as component of SUSE Linux Enterprise Module for Public Cloud 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-0.7.1-150100.3.8.1.ppc64le"
},
"product_reference": "cni-0.7.1-150100.3.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.s390x as component of SUSE Linux Enterprise Module for Public Cloud 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-0.7.1-150100.3.8.1.s390x"
},
"product_reference": "cni-0.7.1-150100.3.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-0.7.1-150100.3.8.1.x86_64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:cni-0.7.1-150100.3.8.1.aarch64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:cni-0.7.1-150100.3.8.1.x86_64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:cni-0.7.1-150100.3.8.1.aarch64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:cni-0.7.1-150100.3.8.1.x86_64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:cni-0.7.1-150100.3.8.1.aarch64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:cni-0.7.1-150100.3.8.1.x86_64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cni-0.7.1-150100.3.8.1.aarch64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cni-0.7.1-150100.3.8.1.x86_64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:cni-0.7.1-150100.3.8.1.x86_64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:cni-0.7.1-150100.3.8.1.aarch64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:cni-0.7.1-150100.3.8.1.ppc64le"
},
"product_reference": "cni-0.7.1-150100.3.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:cni-0.7.1-150100.3.8.1.s390x"
},
"product_reference": "cni-0.7.1-150100.3.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:cni-0.7.1-150100.3.8.1.x86_64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:cni-0.7.1-150100.3.8.1.x86_64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:cni-0.7.1-150100.3.8.1.aarch64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:cni-0.7.1-150100.3.8.1.ppc64le"
},
"product_reference": "cni-0.7.1-150100.3.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:cni-0.7.1-150100.3.8.1.s390x"
},
"product_reference": "cni-0.7.1-150100.3.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:cni-0.7.1-150100.3.8.1.x86_64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:cni-0.7.1-150100.3.8.1.ppc64le"
},
"product_reference": "cni-0.7.1-150100.3.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:cni-0.7.1-150100.3.8.1.x86_64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:cni-0.7.1-150100.3.8.1.ppc64le"
},
"product_reference": "cni-0.7.1-150100.3.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:cni-0.7.1-150100.3.8.1.x86_64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.x86_64 as component of SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1:cni-0.7.1-150100.3.8.1.x86_64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.x86_64 as component of SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1:cni-0.7.1-150100.3.8.1.x86_64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.ppc64le as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:cni-0.7.1-150100.3.8.1.ppc64le"
},
"product_reference": "cni-0.7.1-150100.3.8.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.s390x as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:cni-0.7.1-150100.3.8.1.s390x"
},
"product_reference": "cni-0.7.1-150100.3.8.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.x86_64 as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:cni-0.7.1-150100.3.8.1.x86_64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:cni-0.7.1-150100.3.8.1.aarch64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:cni-0.7.1-150100.3.8.1.s390x"
},
"product_reference": "cni-0.7.1-150100.3.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:cni-0.7.1-150100.3.8.1.x86_64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:cni-0.7.1-150100.3.8.1.aarch64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:cni-0.7.1-150100.3.8.1.s390x"
},
"product_reference": "cni-0.7.1-150100.3.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:cni-0.7.1-150100.3.8.1.x86_64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.aarch64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:cni-0.7.1-150100.3.8.1.aarch64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:cni-0.7.1-150100.3.8.1.x86_64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.aarch64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:cni-0.7.1-150100.3.8.1.aarch64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.x86_64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:cni-0.7.1-150100.3.8.1.x86_64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:cni-0.7.1-150100.3.8.1.aarch64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:cni-0.7.1-150100.3.8.1.x86_64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.aarch64 as component of openSUSE Leap Micro 5.2",
"product_id": "openSUSE Leap Micro 5.2:cni-0.7.1-150100.3.8.1.aarch64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.aarch64",
"relates_to_product_reference": "openSUSE Leap Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.x86_64 as component of openSUSE Leap Micro 5.2",
"product_id": "openSUSE Leap Micro 5.2:cni-0.7.1-150100.3.8.1.x86_64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.aarch64 as component of openSUSE Leap Micro 5.3",
"product_id": "openSUSE Leap Micro 5.3:cni-0.7.1-150100.3.8.1.aarch64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.aarch64",
"relates_to_product_reference": "openSUSE Leap Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.x86_64 as component of openSUSE Leap Micro 5.3",
"product_id": "openSUSE Leap Micro 5.3:cni-0.7.1-150100.3.8.1.x86_64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:cni-0.7.1-150100.3.8.1.aarch64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:cni-0.7.1-150100.3.8.1.ppc64le"
},
"product_reference": "cni-0.7.1-150100.3.8.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:cni-0.7.1-150100.3.8.1.s390x"
},
"product_reference": "cni-0.7.1-150100.3.8.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:cni-0.7.1-150100.3.8.1.x86_64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:cni-0.7.1-150100.3.8.1.aarch64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:cni-0.7.1-150100.3.8.1.ppc64le"
},
"product_reference": "cni-0.7.1-150100.3.8.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:cni-0.7.1-150100.3.8.1.s390x"
},
"product_reference": "cni-0.7.1-150100.3.8.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-0.7.1-150100.3.8.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:cni-0.7.1-150100.3.8.1.x86_64"
},
"product_reference": "cni-0.7.1-150100.3.8.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-20206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20206"
}
],
"notes": [
{
"category": "general",
"text": "An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the \u0027type\u0027 field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as \u0027reboot\u0027. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Enterprise Storage 6:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Enterprise Storage 7.1:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Enterprise Storage 7.1:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Enterprise Storage 7:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Enterprise Storage 7:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:cni-0.7.1-150100.3.8.1.s390x",
"SUSE Linux Enterprise Micro 5.1:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:cni-0.7.1-150100.3.8.1.s390x",
"SUSE Linux Enterprise Micro 5.2:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:cni-0.7.1-150100.3.8.1.s390x",
"SUSE Linux Enterprise Micro 5.3:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:cni-0.7.1-150100.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:cni-0.7.1-150100.3.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP4:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:cni-0.7.1-150100.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:cni-0.7.1-150100.3.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-0.7.1-150100.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-0.7.1-150100.3.8.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-0.7.1-150100.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-0.7.1-150100.3.8.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:cni-0.7.1-150100.3.8.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:cni-0.7.1-150100.3.8.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cni-0.7.1-150100.3.8.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cni-0.7.1-150100.3.8.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:cni-0.7.1-150100.3.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cni-0.7.1-150100.3.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Manager Proxy 4.1:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Manager Server 4.1:cni-0.7.1-150100.3.8.1.ppc64le",
"SUSE Manager Server 4.1:cni-0.7.1-150100.3.8.1.s390x",
"SUSE Manager Server 4.1:cni-0.7.1-150100.3.8.1.x86_64",
"openSUSE Leap 15.3:cni-0.7.1-150100.3.8.1.aarch64",
"openSUSE Leap 15.3:cni-0.7.1-150100.3.8.1.ppc64le",
"openSUSE Leap 15.3:cni-0.7.1-150100.3.8.1.s390x",
"openSUSE Leap 15.3:cni-0.7.1-150100.3.8.1.x86_64",
"openSUSE Leap 15.4:cni-0.7.1-150100.3.8.1.aarch64",
"openSUSE Leap 15.4:cni-0.7.1-150100.3.8.1.ppc64le",
"openSUSE Leap 15.4:cni-0.7.1-150100.3.8.1.s390x",
"openSUSE Leap 15.4:cni-0.7.1-150100.3.8.1.x86_64",
"openSUSE Leap Micro 5.2:cni-0.7.1-150100.3.8.1.aarch64",
"openSUSE Leap Micro 5.2:cni-0.7.1-150100.3.8.1.x86_64",
"openSUSE Leap Micro 5.3:cni-0.7.1-150100.3.8.1.aarch64",
"openSUSE Leap Micro 5.3:cni-0.7.1-150100.3.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20206",
"url": "https://www.suse.com/security/cve/CVE-2021-20206"
},
{
"category": "external",
"summary": "SUSE Bug 1181961 for CVE-2021-20206",
"url": "https://bugzilla.suse.com/1181961"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Enterprise Storage 6:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Enterprise Storage 7.1:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Enterprise Storage 7.1:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Enterprise Storage 7:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Enterprise Storage 7:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:cni-0.7.1-150100.3.8.1.s390x",
"SUSE Linux Enterprise Micro 5.1:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:cni-0.7.1-150100.3.8.1.s390x",
"SUSE Linux Enterprise Micro 5.2:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:cni-0.7.1-150100.3.8.1.s390x",
"SUSE Linux Enterprise Micro 5.3:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:cni-0.7.1-150100.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:cni-0.7.1-150100.3.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP4:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:cni-0.7.1-150100.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:cni-0.7.1-150100.3.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-0.7.1-150100.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-0.7.1-150100.3.8.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-0.7.1-150100.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-0.7.1-150100.3.8.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:cni-0.7.1-150100.3.8.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:cni-0.7.1-150100.3.8.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cni-0.7.1-150100.3.8.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cni-0.7.1-150100.3.8.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:cni-0.7.1-150100.3.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cni-0.7.1-150100.3.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Manager Proxy 4.1:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Manager Server 4.1:cni-0.7.1-150100.3.8.1.ppc64le",
"SUSE Manager Server 4.1:cni-0.7.1-150100.3.8.1.s390x",
"SUSE Manager Server 4.1:cni-0.7.1-150100.3.8.1.x86_64",
"openSUSE Leap 15.3:cni-0.7.1-150100.3.8.1.aarch64",
"openSUSE Leap 15.3:cni-0.7.1-150100.3.8.1.ppc64le",
"openSUSE Leap 15.3:cni-0.7.1-150100.3.8.1.s390x",
"openSUSE Leap 15.3:cni-0.7.1-150100.3.8.1.x86_64",
"openSUSE Leap 15.4:cni-0.7.1-150100.3.8.1.aarch64",
"openSUSE Leap 15.4:cni-0.7.1-150100.3.8.1.ppc64le",
"openSUSE Leap 15.4:cni-0.7.1-150100.3.8.1.s390x",
"openSUSE Leap 15.4:cni-0.7.1-150100.3.8.1.x86_64",
"openSUSE Leap Micro 5.2:cni-0.7.1-150100.3.8.1.aarch64",
"openSUSE Leap Micro 5.2:cni-0.7.1-150100.3.8.1.x86_64",
"openSUSE Leap Micro 5.3:cni-0.7.1-150100.3.8.1.aarch64",
"openSUSE Leap Micro 5.3:cni-0.7.1-150100.3.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Enterprise Storage 6:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Enterprise Storage 7.1:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Enterprise Storage 7.1:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Enterprise Storage 7:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Enterprise Storage 7:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:cni-0.7.1-150100.3.8.1.s390x",
"SUSE Linux Enterprise Micro 5.1:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:cni-0.7.1-150100.3.8.1.s390x",
"SUSE Linux Enterprise Micro 5.2:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:cni-0.7.1-150100.3.8.1.s390x",
"SUSE Linux Enterprise Micro 5.3:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:cni-0.7.1-150100.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:cni-0.7.1-150100.3.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP4:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:cni-0.7.1-150100.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:cni-0.7.1-150100.3.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-0.7.1-150100.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-0.7.1-150100.3.8.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-0.7.1-150100.3.8.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-0.7.1-150100.3.8.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:cni-0.7.1-150100.3.8.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:cni-0.7.1-150100.3.8.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cni-0.7.1-150100.3.8.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cni-0.7.1-150100.3.8.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cni-0.7.1-150100.3.8.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:cni-0.7.1-150100.3.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cni-0.7.1-150100.3.8.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Manager Proxy 4.1:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:cni-0.7.1-150100.3.8.1.x86_64",
"SUSE Manager Server 4.1:cni-0.7.1-150100.3.8.1.ppc64le",
"SUSE Manager Server 4.1:cni-0.7.1-150100.3.8.1.s390x",
"SUSE Manager Server 4.1:cni-0.7.1-150100.3.8.1.x86_64",
"openSUSE Leap 15.3:cni-0.7.1-150100.3.8.1.aarch64",
"openSUSE Leap 15.3:cni-0.7.1-150100.3.8.1.ppc64le",
"openSUSE Leap 15.3:cni-0.7.1-150100.3.8.1.s390x",
"openSUSE Leap 15.3:cni-0.7.1-150100.3.8.1.x86_64",
"openSUSE Leap 15.4:cni-0.7.1-150100.3.8.1.aarch64",
"openSUSE Leap 15.4:cni-0.7.1-150100.3.8.1.ppc64le",
"openSUSE Leap 15.4:cni-0.7.1-150100.3.8.1.s390x",
"openSUSE Leap 15.4:cni-0.7.1-150100.3.8.1.x86_64",
"openSUSE Leap Micro 5.2:cni-0.7.1-150100.3.8.1.aarch64",
"openSUSE Leap Micro 5.2:cni-0.7.1-150100.3.8.1.x86_64",
"openSUSE Leap Micro 5.3:cni-0.7.1-150100.3.8.1.aarch64",
"openSUSE Leap Micro 5.3:cni-0.7.1-150100.3.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-20T15:52:04Z",
"details": "important"
}
],
"title": "CVE-2021-20206"
}
]
}
SUSE-SU-2022:4593-1
Vulnerability from csaf_suse - Published: 2022-12-20 15:55 - Updated: 2022-12-20 15:55Summary
Security update for cni-plugins
Severity
Important
Notes
Title of the patch: Security update for cni-plugins
Description of the patch: This update for cni-plugins fixes the following issues:
- CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961).
Patchnames: SUSE-2022-4593,SUSE-SLE-Micro-5.3-2022-4593,SUSE-SLE-Module-Containers-15-SP3-2022-4593,SUSE-SLE-Module-Containers-15-SP4-2022-4593,SUSE-SLE-Module-Public-Cloud-15-SP1-2022-4593,SUSE-SLE-Module-Public-Cloud-15-SP2-2022-4593,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4593,SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4593,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4593,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4593,SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4593,SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4593,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4593,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4593,SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4593,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4593,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4593,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4593,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4593,SUSE-SUSE-MicroOS-5.1-2022-4593,SUSE-SUSE-MicroOS-5.2-2022-4593,SUSE-Storage-6-2022-4593,SUSE-Storage-7-2022-4593,SUSE-Storage-7.1-2022-4593,openSUSE-Leap-Micro-5.2-2022-4593,openSUSE-Leap-Micro-5.3-2022-4593,openSUSE-SLE-15.3-2022-4593,openSUSE-SLE-15.4-2022-4593
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.2 (High)
Affected products
Recommended
70 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 6:cni-plugins-0.8.6-150100.3.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 6:cni-plugins-0.8.6-150100.3.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:cni-plugins-0.8.6-150100.3.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:cni-plugins-0.8.6-150100.3.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:cni-plugins-0.8.6-150100.3.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7:cni-plugins-0.8.6-150100.3.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:cni-plugins-0.8.6-150100.3.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:cni-plugins-0.8.6-150100.3.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:cni-plugins-0.8.6-150100.3.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:cni-plugins-0.8.6-150100.3.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:cni-plugins-0.8.6-150100.3.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:cni-plugins-0.8.6-150100.3.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cni-plugins-0.8.6-150100.3.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cni-plugins-0.8.6-150100.3.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:cni-plugins-0.8.6-150100.3.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:cni-plugins-0.8.6-150100.3.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:cni-plugins-0.8.6-150100.3.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:cni-plugins-0.8.6-150100.3.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:cni-plugins-0.8.6-150100.3.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:cni-plugins-0.8.6-150100.3.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:cni-plugins-0.8.6-150100.3.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:cni-plugins-0.8.6-150100.3.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:cni-plugins-0.8.6-150100.3.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:cni-plugins-0.8.6-150100.3.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:cni-plugins-0.8.6-150100.3.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:cni-plugins-0.8.6-150100.3.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP3:cni-plugins-0.8.6-150100.3.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:cni-plugins-0.8.6-150100.3.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:cni-plugins-0.8.6-150100.3.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:cni-plugins-0.8.6-150100.3.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:cni-plugins-0.8.6-150100.3.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-plugins-0.8.6-150100.3.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-plugins-0.8.6-150100.3.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-plugins-0.8.6-150100.3.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-plugins-0.8.6-150100.3.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-plugins-0.8.6-150100.3.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-plugins-0.8.6-150100.3.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-plugins-0.8.6-150100.3.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-plugins-0.8.6-150100.3.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-BCL:cni-plugins-0.8.6-150100.3.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:cni-plugins-0.8.6-150100.3.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:cni-plugins-0.8.6-150100.3.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:cni-plugins-0.8.6-150100.3.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:cni-plugins-0.8.6-150100.3.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-BCL:cni-plugins-0.8.6-150100.3.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:cni-plugins-0.8.6-150100.3.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:cni-plugins-0.8.6-150100.3.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:cni-plugins-0.8.6-150100.3.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:cni-plugins-0.8.6-150100.3.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:cni-plugins-0.8.6-150100.3.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:cni-plugins-0.8.6-150100.3.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:cni-plugins-0.8.6-150100.3.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:cni-plugins-0.8.6-150100.3.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.1:cni-plugins-0.8.6-150100.3.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.1:cni-plugins-0.8.6-150100.3.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:cni-plugins-0.8.6-150100.3.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:cni-plugins-0.8.6-150100.3.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.1:cni-plugins-0.8.6-150100.3.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:cni-plugins-0.8.6-150100.3.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:cni-plugins-0.8.6-150100.3.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:cni-plugins-0.8.6-150100.3.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.3:cni-plugins-0.8.6-150100.3.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:cni-plugins-0.8.6-150100.3.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:cni-plugins-0.8.6-150100.3.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:cni-plugins-0.8.6-150100.3.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:cni-plugins-0.8.6-150100.3.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:cni-plugins-0.8.6-150100.3.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:cni-plugins-0.8.6-150100.3.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.3:cni-plugins-0.8.6-150100.3.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.3:cni-plugins-0.8.6-150100.3.11.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for cni-plugins",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for cni-plugins fixes the following issues:\n\n- CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-4593,SUSE-SLE-Micro-5.3-2022-4593,SUSE-SLE-Module-Containers-15-SP3-2022-4593,SUSE-SLE-Module-Containers-15-SP4-2022-4593,SUSE-SLE-Module-Public-Cloud-15-SP1-2022-4593,SUSE-SLE-Module-Public-Cloud-15-SP2-2022-4593,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4593,SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4593,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4593,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4593,SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4593,SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4593,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4593,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4593,SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4593,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4593,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4593,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4593,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4593,SUSE-SUSE-MicroOS-5.1-2022-4593,SUSE-SUSE-MicroOS-5.2-2022-4593,SUSE-Storage-6-2022-4593,SUSE-Storage-7-2022-4593,SUSE-Storage-7.1-2022-4593,openSUSE-Leap-Micro-5.2-2022-4593,openSUSE-Leap-Micro-5.3-2022-4593,openSUSE-SLE-15.3-2022-4593,openSUSE-SLE-15.4-2022-4593",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_4593-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:4593-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224593-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:4593-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-December/013297.html"
},
{
"category": "self",
"summary": "SUSE Bug 1181961",
"url": "https://bugzilla.suse.com/1181961"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20206 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20206/"
}
],
"title": "Security update for cni-plugins",
"tracking": {
"current_release_date": "2022-12-20T15:55:47Z",
"generator": {
"date": "2022-12-20T15:55:47Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:4593-1",
"initial_release_date": "2022-12-20T15:55:47Z",
"revision_history": [
{
"date": "2022-12-20T15:55:47Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cni-plugins-0.8.6-150100.3.11.1.aarch64",
"product": {
"name": "cni-plugins-0.8.6-150100.3.11.1.aarch64",
"product_id": "cni-plugins-0.8.6-150100.3.11.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cni-plugins-0.8.6-150100.3.11.1.i586",
"product": {
"name": "cni-plugins-0.8.6-150100.3.11.1.i586",
"product_id": "cni-plugins-0.8.6-150100.3.11.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"product": {
"name": "cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"product_id": "cni-plugins-0.8.6-150100.3.11.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cni-plugins-0.8.6-150100.3.11.1.s390x",
"product": {
"name": "cni-plugins-0.8.6-150100.3.11.1.s390x",
"product_id": "cni-plugins-0.8.6-150100.3.11.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cni-plugins-0.8.6-150100.3.11.1.x86_64",
"product": {
"name": "cni-plugins-0.8.6-150100.3.11.1.x86_64",
"product_id": "cni-plugins-0.8.6-150100.3.11.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_bcl:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_bcl:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.1",
"product": {
"name": "SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Retail Branch Server 4.1",
"product": {
"name": "SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-retail-branch-server:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.1",
"product": {
"name": "SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 6",
"product": {
"name": "SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:6"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7",
"product": {
"name": "SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap Micro 5.2",
"product": {
"name": "openSUSE Leap Micro 5.2",
"product_id": "openSUSE Leap Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap-micro:5.2"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap Micro 5.3",
"product": {
"name": "openSUSE Leap Micro 5.3",
"product_id": "openSUSE Leap Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:cni-plugins-0.8.6-150100.3.11.1.aarch64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:cni-plugins-0.8.6-150100.3.11.1.s390x"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:cni-plugins-0.8.6-150100.3.11.1.x86_64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:cni-plugins-0.8.6-150100.3.11.1.aarch64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:cni-plugins-0.8.6-150100.3.11.1.ppc64le"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:cni-plugins-0.8.6-150100.3.11.1.s390x"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP3:cni-plugins-0.8.6-150100.3.11.1.x86_64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:cni-plugins-0.8.6-150100.3.11.1.aarch64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:cni-plugins-0.8.6-150100.3.11.1.ppc64le"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:cni-plugins-0.8.6-150100.3.11.1.s390x"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:cni-plugins-0.8.6-150100.3.11.1.x86_64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-plugins-0.8.6-150100.3.11.1.aarch64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.ppc64le as component of SUSE Linux Enterprise Module for Public Cloud 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-plugins-0.8.6-150100.3.11.1.ppc64le"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.s390x as component of SUSE Linux Enterprise Module for Public Cloud 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-plugins-0.8.6-150100.3.11.1.s390x"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-plugins-0.8.6-150100.3.11.1.x86_64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-plugins-0.8.6-150100.3.11.1.aarch64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.ppc64le as component of SUSE Linux Enterprise Module for Public Cloud 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-plugins-0.8.6-150100.3.11.1.ppc64le"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.s390x as component of SUSE Linux Enterprise Module for Public Cloud 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-plugins-0.8.6-150100.3.11.1.s390x"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15 SP2",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-plugins-0.8.6-150100.3.11.1.x86_64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:cni-plugins-0.8.6-150100.3.11.1.aarch64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:cni-plugins-0.8.6-150100.3.11.1.x86_64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:cni-plugins-0.8.6-150100.3.11.1.aarch64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:cni-plugins-0.8.6-150100.3.11.1.x86_64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:cni-plugins-0.8.6-150100.3.11.1.aarch64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:cni-plugins-0.8.6-150100.3.11.1.x86_64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cni-plugins-0.8.6-150100.3.11.1.aarch64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cni-plugins-0.8.6-150100.3.11.1.x86_64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:cni-plugins-0.8.6-150100.3.11.1.x86_64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:cni-plugins-0.8.6-150100.3.11.1.aarch64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:cni-plugins-0.8.6-150100.3.11.1.ppc64le"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:cni-plugins-0.8.6-150100.3.11.1.s390x"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:cni-plugins-0.8.6-150100.3.11.1.x86_64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:cni-plugins-0.8.6-150100.3.11.1.x86_64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:cni-plugins-0.8.6-150100.3.11.1.aarch64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:cni-plugins-0.8.6-150100.3.11.1.ppc64le"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:cni-plugins-0.8.6-150100.3.11.1.s390x"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:cni-plugins-0.8.6-150100.3.11.1.x86_64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:cni-plugins-0.8.6-150100.3.11.1.ppc64le"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:cni-plugins-0.8.6-150100.3.11.1.x86_64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:cni-plugins-0.8.6-150100.3.11.1.ppc64le"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:cni-plugins-0.8.6-150100.3.11.1.x86_64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.x86_64 as component of SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1:cni-plugins-0.8.6-150100.3.11.1.x86_64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.x86_64 as component of SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1:cni-plugins-0.8.6-150100.3.11.1.x86_64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.ppc64le as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:cni-plugins-0.8.6-150100.3.11.1.ppc64le"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.s390x as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:cni-plugins-0.8.6-150100.3.11.1.s390x"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.x86_64 as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:cni-plugins-0.8.6-150100.3.11.1.x86_64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:cni-plugins-0.8.6-150100.3.11.1.aarch64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:cni-plugins-0.8.6-150100.3.11.1.s390x"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:cni-plugins-0.8.6-150100.3.11.1.x86_64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:cni-plugins-0.8.6-150100.3.11.1.aarch64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:cni-plugins-0.8.6-150100.3.11.1.s390x"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:cni-plugins-0.8.6-150100.3.11.1.x86_64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.aarch64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:cni-plugins-0.8.6-150100.3.11.1.aarch64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:cni-plugins-0.8.6-150100.3.11.1.x86_64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.aarch64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:cni-plugins-0.8.6-150100.3.11.1.aarch64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.x86_64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:cni-plugins-0.8.6-150100.3.11.1.x86_64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:cni-plugins-0.8.6-150100.3.11.1.aarch64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:cni-plugins-0.8.6-150100.3.11.1.x86_64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.aarch64 as component of openSUSE Leap Micro 5.2",
"product_id": "openSUSE Leap Micro 5.2:cni-plugins-0.8.6-150100.3.11.1.aarch64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.aarch64",
"relates_to_product_reference": "openSUSE Leap Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.x86_64 as component of openSUSE Leap Micro 5.2",
"product_id": "openSUSE Leap Micro 5.2:cni-plugins-0.8.6-150100.3.11.1.x86_64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.x86_64",
"relates_to_product_reference": "openSUSE Leap Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.aarch64 as component of openSUSE Leap Micro 5.3",
"product_id": "openSUSE Leap Micro 5.3:cni-plugins-0.8.6-150100.3.11.1.aarch64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.aarch64",
"relates_to_product_reference": "openSUSE Leap Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.x86_64 as component of openSUSE Leap Micro 5.3",
"product_id": "openSUSE Leap Micro 5.3:cni-plugins-0.8.6-150100.3.11.1.x86_64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.x86_64",
"relates_to_product_reference": "openSUSE Leap Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:cni-plugins-0.8.6-150100.3.11.1.aarch64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:cni-plugins-0.8.6-150100.3.11.1.ppc64le"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:cni-plugins-0.8.6-150100.3.11.1.s390x"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:cni-plugins-0.8.6-150100.3.11.1.x86_64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:cni-plugins-0.8.6-150100.3.11.1.aarch64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:cni-plugins-0.8.6-150100.3.11.1.ppc64le"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:cni-plugins-0.8.6-150100.3.11.1.s390x"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cni-plugins-0.8.6-150100.3.11.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:cni-plugins-0.8.6-150100.3.11.1.x86_64"
},
"product_reference": "cni-plugins-0.8.6-150100.3.11.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-20206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20206"
}
],
"notes": [
{
"category": "general",
"text": "An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the \u0027type\u0027 field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as \u0027reboot\u0027. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Enterprise Storage 6:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Enterprise Storage 7.1:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Enterprise Storage 7.1:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Enterprise Storage 7:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Enterprise Storage 7:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:cni-plugins-0.8.6-150100.3.11.1.s390x",
"SUSE Linux Enterprise Micro 5.1:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:cni-plugins-0.8.6-150100.3.11.1.s390x",
"SUSE Linux Enterprise Micro 5.2:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:cni-plugins-0.8.6-150100.3.11.1.s390x",
"SUSE Linux Enterprise Micro 5.3:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:cni-plugins-0.8.6-150100.3.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP4:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:cni-plugins-0.8.6-150100.3.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-plugins-0.8.6-150100.3.11.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-plugins-0.8.6-150100.3.11.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:cni-plugins-0.8.6-150100.3.11.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cni-plugins-0.8.6-150100.3.11.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Manager Proxy 4.1:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Manager Server 4.1:cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"SUSE Manager Server 4.1:cni-plugins-0.8.6-150100.3.11.1.s390x",
"SUSE Manager Server 4.1:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"openSUSE Leap 15.3:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"openSUSE Leap 15.3:cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"openSUSE Leap 15.3:cni-plugins-0.8.6-150100.3.11.1.s390x",
"openSUSE Leap 15.3:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"openSUSE Leap 15.4:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"openSUSE Leap 15.4:cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"openSUSE Leap 15.4:cni-plugins-0.8.6-150100.3.11.1.s390x",
"openSUSE Leap 15.4:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"openSUSE Leap Micro 5.2:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"openSUSE Leap Micro 5.2:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"openSUSE Leap Micro 5.3:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"openSUSE Leap Micro 5.3:cni-plugins-0.8.6-150100.3.11.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20206",
"url": "https://www.suse.com/security/cve/CVE-2021-20206"
},
{
"category": "external",
"summary": "SUSE Bug 1181961 for CVE-2021-20206",
"url": "https://bugzilla.suse.com/1181961"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Enterprise Storage 6:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Enterprise Storage 7.1:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Enterprise Storage 7.1:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Enterprise Storage 7:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Enterprise Storage 7:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:cni-plugins-0.8.6-150100.3.11.1.s390x",
"SUSE Linux Enterprise Micro 5.1:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:cni-plugins-0.8.6-150100.3.11.1.s390x",
"SUSE Linux Enterprise Micro 5.2:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:cni-plugins-0.8.6-150100.3.11.1.s390x",
"SUSE Linux Enterprise Micro 5.3:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:cni-plugins-0.8.6-150100.3.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP4:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:cni-plugins-0.8.6-150100.3.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-plugins-0.8.6-150100.3.11.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-plugins-0.8.6-150100.3.11.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:cni-plugins-0.8.6-150100.3.11.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cni-plugins-0.8.6-150100.3.11.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Manager Proxy 4.1:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Manager Server 4.1:cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"SUSE Manager Server 4.1:cni-plugins-0.8.6-150100.3.11.1.s390x",
"SUSE Manager Server 4.1:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"openSUSE Leap 15.3:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"openSUSE Leap 15.3:cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"openSUSE Leap 15.3:cni-plugins-0.8.6-150100.3.11.1.s390x",
"openSUSE Leap 15.3:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"openSUSE Leap 15.4:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"openSUSE Leap 15.4:cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"openSUSE Leap 15.4:cni-plugins-0.8.6-150100.3.11.1.s390x",
"openSUSE Leap 15.4:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"openSUSE Leap Micro 5.2:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"openSUSE Leap Micro 5.2:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"openSUSE Leap Micro 5.3:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"openSUSE Leap Micro 5.3:cni-plugins-0.8.6-150100.3.11.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Enterprise Storage 6:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Enterprise Storage 7.1:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Enterprise Storage 7.1:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Enterprise Storage 7:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Enterprise Storage 7:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:cni-plugins-0.8.6-150100.3.11.1.s390x",
"SUSE Linux Enterprise Micro 5.1:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:cni-plugins-0.8.6-150100.3.11.1.s390x",
"SUSE Linux Enterprise Micro 5.2:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:cni-plugins-0.8.6-150100.3.11.1.s390x",
"SUSE Linux Enterprise Micro 5.3:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP3:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP3:cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP3:cni-plugins-0.8.6-150100.3.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP3:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP4:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:cni-plugins-0.8.6-150100.3.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-plugins-0.8.6-150100.3.11.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP1:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-plugins-0.8.6-150100.3.11.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 15 SP2:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:cni-plugins-0.8.6-150100.3.11.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cni-plugins-0.8.6-150100.3.11.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Manager Proxy 4.1:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"SUSE Manager Server 4.1:cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"SUSE Manager Server 4.1:cni-plugins-0.8.6-150100.3.11.1.s390x",
"SUSE Manager Server 4.1:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"openSUSE Leap 15.3:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"openSUSE Leap 15.3:cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"openSUSE Leap 15.3:cni-plugins-0.8.6-150100.3.11.1.s390x",
"openSUSE Leap 15.3:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"openSUSE Leap 15.4:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"openSUSE Leap 15.4:cni-plugins-0.8.6-150100.3.11.1.ppc64le",
"openSUSE Leap 15.4:cni-plugins-0.8.6-150100.3.11.1.s390x",
"openSUSE Leap 15.4:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"openSUSE Leap Micro 5.2:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"openSUSE Leap Micro 5.2:cni-plugins-0.8.6-150100.3.11.1.x86_64",
"openSUSE Leap Micro 5.3:cni-plugins-0.8.6-150100.3.11.1.aarch64",
"openSUSE Leap Micro 5.3:cni-plugins-0.8.6-150100.3.11.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-12-20T15:55:47Z",
"details": "important"
}
],
"title": "CVE-2021-20206"
}
]
}
SUSE-SU-2023:0187-1
Vulnerability from csaf_suse - Published: 2023-01-27 10:27 - Updated: 2023-01-27 10:27Summary
Security update for podman
Severity
Important
Notes
Title of the patch: Security update for podman
Description of the patch: This update for podman fixes the following issues:
podman was updated to version 4.3.1:
4.3.1:
* Bugfixes
- Fixed a deadlock between the `podman ps` and `podman container inspect` commands
* Misc
- Updated the containers/image library to v5.23.1
4.3.0:
* Features
- A new command, `podman generate spec`, has been added, which creates a JSON struct based on a given container that can be used with the Podman REST API to create containers.
- A new command, `podman update`, has been added,which makes changes to the resource limits of existing containers. Please note that these changes do not persist if the container is restarted
- A new command, `podman kube down`, has been added, which removes pods and containers created by the given Kubernetes YAML (functionality is identical to `podman kube play --down`, but it now has its own command).
- The `podman kube play` command now supports Kubernetes secrets using Podman's secrets backend.
- Systemd-managed pods created by the `podman kube play` command now integrate with sd-notify, using the `io.containers.sdnotify` annotation (or `io.containers.sdnotify/$name` for specific containers).
- Systemd-managed pods created by `podman kube play` can now be auto-updated, using the `io.containers.auto-update` annotation (or `io.containers.auto-update/$name` for specific containers).
- The `podman kube play` command can now read YAML from URLs, e.g. `podman kube play https://example.com/demo.yml`
- The `podman kube play` command now supports the `emptyDir` volume type
- The `podman kube play` command now supports the `HostUsers` field in the pod spec.
- The `podman play kube` command now supports `binaryData` in ConfigMaps.
- The `podman pod create` command can now set additional resource limits for pods using the new `--memory-swap`, `--cpuset-mems`, `--device-read-bps`, `--device-write-bps`, `--blkio-weight`, `--blkio-weight-device`, and `--cpu-shares` options.
- The `podman machine init` command now supports a new option, `--username`, to set the username that will be used to connect to the VM as a non-root user
- The `podman volume create` command's `-o timeout=` option can now set a timeout of 0, indicating volume plugin operations will never time out.
- Added support for a new volume driver, `image`, which allows volumes to be created that are backed by images.
- The `podman run` and `podman create` commands support a new option, `--env-merge`, allowing environment variables to be specified relative to other environment variables in the image (e.g. `podman run --env-merge 'PATH=$PATH:/my/app' ...`)
- The `podman run` and `podman create` commands support a new option, `--on-failure`, to allow action to be taken when a container fails health checks, with the following supported actions: `none` (take no action, the default), `kill` (kill the container), `restart` (restart the container), and `stop` (stop the container).
- The `--keep-id` option to `podman create` and `podman run` now supports new options, `uid` and `gid`, to set the UID and GID of the user in the container that will be mapped to the user running Podman (e.g. `--userns=keep-id:uid=11` will made the user running Podman to UID 11 in the container)
- The `podman generate systemd` command now supports a new option, `--env`/`-e`, to set environment variables in the generated unit file
- The `podman pause` and `podman unpause` commands now support the `--latest`, `--cidfile`, and `--filter` options.
- The `podman restart` command now supports the `--cidfile` and `--filter` options.
- The `podman rm` command now supports the `--filter` option to select which containers will be removed.
- The `podman rmi` command now supports a new option, `--no-prune`, to prevent the removal of dangling parents of removed images.
- The `--dns-opt` option to `podman create`, `podman run`, and `podman pod create` has received a new alias, `--dns-option`, to improve Docker compatibility.
- The `podman` command now features a new global flag, `--debug`/`-D`, which enables debug-level logging (identical to `--log-level=debug`), improving Docker compatibility.
- The `podman` command now features a new global flag, `--config`. This flag is ignored, and is only included for Docker compatibility
- The `podman manifest create` command now accepts a new option, `--amend`/`-a`.
- The `podman manifest create`, `podman manifest add` and `podman manifest push` commands now accept a new option, `--insecure` (identical to `--tls-verify=false`), improving Docker compatibility.
- The `podman secret create` command's `--driver` and `--format` options now have new aliases, `-d` for `--driver` and `-f` for `--format`.
- The `podman secret create` command now supports a new option, `--label`/`-l`, to add labels to created secrets.
- The `podman secret ls` command now accepts the `--quiet`/`-q` option.
- The `podman secret inspect` command now accepts a new option, `--pretty`, to print output in human-readable format.
- The `podman stats` command now accepts the `--no-trunc` option.
- The `podman save` command now accepts the `--signature-policy` option
- The `podman pod inspect` command now allows multiple arguments to be passed. If so, it will return a JSON array of the inspected pods
- A series of new hidden commands have been added under `podman context` as aliases to existing `podman system connection` commands, to improve Docker compatibility.
- The remote Podman client now supports proxying signals for attach sessions when the `--sig-proxy` option is set
### Changes
- Duplicate volume mounts are now allowed with the `-v` option to `podman run`, `podman create`, and `podman pod create`, so long as source, destination, and options all match
- The `podman generate kube` and `podman play kube` commands have been renamed to `podman kube generate` and `podman kube play` to group Kubernetes-related commands. Aliases have been added to ensure the old command names still function.
- A number of Podman commands (`podman init`, `podman container checkpoint`, `podman container restore`, `podman container cleanup`) now print the user-inputted name of the container, instead of its full ID, on success.
- When an unsupported option (e.g. resource limit) is specified for a rootless container on a cgroups v1 system, a warning message is now printed that the limit will not be honored.
- The installer for the Windows Podman client has been improved.
- The `--cpu-rt-period` and `--cpu-rt-runtime` options to `podman run` and `podman create` now print a warning and are ignored on cgroups v2 systems (cgroups v2 having dropped support for these controllers)
- Privileged containers running systemd will no longer mount `/dev/tty*` devices other than `/dev/tty` itself into the container
- Events for containers that are part of a pod now include the ID of the pod in the event.
- SSH functionality for `podman machine` commands has seen a thorough rework, addressing many issues about authentication.
- The `--network` option to `podman kube play` now allows passing `host` to set the pod to use host networking, even if the YAML does not request this.
- The `podman inspect` command on containers now includes the digest of the image used to create the container.
- Pods created by `podman play kube` are now, by default, placed into a network named `podman-kube`. If the `podman-kube` network does not exist, it will be created. This ensures pods can connect to each other by their names, as the network has DNS enabled.
Update to version 4.2.0:
* Features
- Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines.
- A new command has been added, podman pod clone, to create a copy of an existing pod. It supports several options, including --start to start the new pod, --destroy to remove the original pod, and --name to change the name of the new pod
- A new command has been added, podman volume reload, to sync changes in state between Podman's database and any configured volume plugins
- A new command has been added, podman machine info, which displays information about the host and the versions of various machine components.
- Pods created by podman play kube can now be managed by systemd unit files. This can be done via a new systemd service, podman-kube@.service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the Kubernetes pod or deployment contained in my.yaml under systemd.
- The podman play kube command now honors the RunAsUser, RunAsGroup, and SupplementalGroups setting from the Kubernetes pod's security context.
- The podman play kube command now supports volumes with the BlockDevice and CharDevice types
- The podman play kube command now features a new flag, --userns, to set the user namespace of created pods. Two values are allowed at present: host and auto
- The podman play kube command now supports setting the type of created init containers via the io.podman.annotations.init.container.type annotation.
- Pods now have include an exit policy (configurable via the --exit-policy option to podman pod create), which determines what will happen to the pod's infra container when the entire pod stops. The default, continue, acts as Podman currently does, while a new option, stop, stops the infra container after the last container in the pod stops, and is used by default for pods from podman play kube
- The podman pod create command now allows the pod's name to be specified as an argument, instead of using the --name option - for example, podman pod create mypod instead of the prior podman pod create --name mypod. Please note that the --name option is not deprecated and will continue to work.
- The podman pod create command's --share option now supports adding namespaces to the set by prefacing them with + (as opposed to specifying all namespaces that should be shared)
- The podman pod create command has a new option, --shm-size, to specify the size of the /dev/shm mount that will be shared if the pod shares its UTS namespace (#14609).
- The podman pod create command has a new option, --uts, to configure the UTS namespace that will be shared by containers in the pod.
- The podman pod create command now supports setting pod-level resource limits via the --cpus, --cpuset-cpus, and --memory options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release!
- The podman create and podman run commands now include the -c short option for the --cpu-shares option.
- The podman create and podman run commands can now create containers from a manifest list (and not an image) as long as the --platform option is specified (#14773).
- The podman build command now supports a new option, --cpp-flag, to specify options for the C preprocessor when using Containerfile.in files that require preprocessing.
- The podman build command now supports a new option, --build-context, allowing the user to specify an additional build context.
- The podman machine inspect command now prints the location of the VM's Podman API socket on the host (#14231).
- The podman machine init command on Windows now fetches an image with packages pre-installed (#14698).
- Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change (#14697).
- The default for the --image-volume option to podman run and podman create can now have its default set through the image_volume_mode setting in containers.conf (#14230).
- Overlay volumes now support two new options, workdir and upperdir, to allow multiple overlay volumes from different containers to reuse the same workdir or upperdir (#14427).
- The podman volume create command now supports two new options, copy and nocopy, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up).
- Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the --opt o=timeout= option to podman volume create (BZ 2080458).
- The podman volume ls command's --filter name= option now supports regular expression matching for volume names (#14583).
- When used with a podman machine VM, volumes now support specification of the 9p security model using the security_model option to podman create -v and podman run -v.
- The remote Podman client's podman push command now supports the --remove-signatures option (#14558).
- The remote Podman client now supports the podman image scp command.
- The podman image scp command now supports tagging the transferred image with a new name.
- The podman network ls command supports a new filter, --filter dangling=, to list networks not presently used by any containers (#14595).
- The --condition option to podman wait can now be specified multiple times to wait on any one of multiple conditions.
- The podman events command now includes the -f short option for the --filter option.
- The podman pull command now includes the -a short option for the --all-tags option.
- The podman stop command now includes a new flag, --filter, to filter which containers will be stopped (e.g. podman stop --all --filter label=COM.MY.APP).
- The Podman global option --url now has two aliases: -H and --host.
- The podman network create command now supports a new option with the default bridge driver, --opt isolate=, which isolates the network by blocking any traffic from it to any other network with the isolate option enabled. This option is enabled by default for networks created using the Docker-compatible API.
- Added the ability to create sigstore signatures in podman push and podman manifest push.
- Added an option to read image signing passphrase from a file.
* Changes
- Paused containers can now be killed with the podman kill command.
- The podman system prune command now removes unused networks.
- The --userns=keep-id and --userns=nomap options to the podman run and podman create commands are no longer allowed (instead of simply being ignored) with root Podman.
- If the /run directory for a container is part of a volume, Podman will not create the /run/.containerenv file (#14577).
- The podman machine stop command on macOS now waits for the machine to be completely stopped to exit (#14148).
- All podman machine commands now only support being run as rootless, given that VMs only functioned when run rootless.
- The podman unpause --all command will now only attempt to unpause containers that are paused, not all containers.
- Init containers created with podman play kube now default to the once type (#14877).
- Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested (#15048).
- The podman create, podman run, and podman cp commands can now autocomplete paths in the image or container via the shell completion.
- The libpod/common package has been removed as it's not used anywhere.
- The --userns option to podman create and podman run is no longer accepted when an explicit UID or GID mapping is specified (#15233).
* Misc
- Podman will now check for nameservers in /run/NetworkManager/no-stub-resolv.conf if the /etc/resolv.conf file only contains a localhost server.
- The podman build command now supports caching with builds that specify --squash-all by allowing the --layers flag to be used at the same time.
- Podman Machine support for QEMU installations at non-default paths has been improved.
- The podman machine ssh command no longer prints spurious warnings every time it is run.
- When accessing the WSL prompt on Windows, the rootless user will be preferred.
- The podman info command now includes a field for information on supported authentication plugins for improved Docker compatibility. Authentication plugins are not presently supported by Podman, so this field is always empty.
- The podman system prune command now no longer prints the Deleted Images header if no images were pruned.
- The podman system service command now automatically creates and moves to a sub-cgroup when running in the root cgroup (#14573).
- Updated Buildah to v1.27.0 (fixes CVE-2022-21698 / bsc#1196338)
- Updated the containers/image library to v5.22.0
- Updated the containers/storage library to v1.42.0 (fixes bsc#1196751)
- Updated the containers/common library to v0.49.1
- Podman will automatically create a sub-cgroup and move itself into it when it detects that it is running inside a container (#14884).
- Fixed an incorrect release note about regexp.
- A new MacOS installer (via pkginstaller) is now supported.
Update to version 4.1.1:
* The output of the podman load command now mirrors that of docker load.
* Podman now supports Docker Compose v2.2 and higher. Please note that it may be necessary to disable the use of Buildkit by setting the environment variable DOCKER_BUILDKIT=0.
* A new container command has been added, podman container clone. This command makes a copy of an existing container, with the ability to change some settings (e.g. resource limits) while doing so.
* Podman now supports sending JSON events related to machines to a Unix socket named machine_events.*\.sock in XDG_RUNTIME_DIR/podman or to a socket whose path is set in the PODMAN_MACHINE_EVENTS_SOCK environment variable.
* Two new volume commands have been added, podman volume mount and podman volume unmount. These allow for Podman-managed named volumes to be mounted and accessed from outside containers.
* The podman container checkpoint and podman container restore options now support checkpointing to and restoring from OCI images. This allows checkpoints to be distributed via standard image registries.
* The podman play kube command now supports environment variables that are specified using the fieldRef and resourceFieldRef sources.
* The podman play kube command will now set default resource limits when the provided YAML does not include them.
* The podman play kube command now supports a new option, --annotation, to add annotations to created containers.
* The podman play kube --build command now supports a new option, --context-dir, which allows the user to specify the context directory to use when building the Containerfile.
* The podman container commit command now supports a new option, --squash, which squashes the generated image into a single layer.
* The podman pod logs command now supports two new options, --names, which identifies which container generated a log message by name, instead of ID and --color, which colors messages based on what container generated them.
* The podman rmi command now supports a new option, --ignore, which will ignore errors caused by missing images.
* The podman network create command now features a new option, --ipam-driver, to specify details about how IP addresses are assigned to containers in the network.
* The podman machine list command now features a new option, --quiet, to print only the names of configured VMs and no other information.
* The --ipc option to the podman create, podman run, and podman pod create commands now supports three new modes: none, private, and shareable. The default IPC mode is now shareable, indicating the the IPC namespace can be shared with other containers.
* The --mount option to the podman create and podman run commands can now set options for created named volumes via the volume-opt parameter.
* The --mount option to the podman create and podman run commands now allows parameters to be passed in CSV format.
* The --userns option to the podman create and podman run commands now supports a new option, nomap, that (only for rootless containers) does not map the UID of the user that started the container into the container, increasing security.
* The podman import command now supports three new options, --arch, --os, and --variant, to specify what system the imported image was built for.
* The podman inspect command now includes information on the network configuration of containers that joined a pre-configured network namespace with the --net ns: option to podman run, podman create, and podman pod create.
* The podman run and podman create commands now support a new option, --chrootdirs, which specifies additional locations where container-specific files managed by Podman (e.g. /etc/hosts, `/etc/resolv.conf, etc) will be mounted inside the container (#12961).
* The podman run and podman create commands now support a new option, --passwd-entry, allowing entries to be added to the container's /etc/passwd file.
* The podman images --format command now accepts two new format directives: {{.CreatedAt}} and {{.CreatedSince}}.
* The podman volume create command's -o option now accepts a new argument, o=noquota, to disable XFS quotas entirely and avoid potential issues when Podman is run on an XFS filesystem with existing quotas defined.
* The podman info command now includes additional information on the machine Podman is running on, including disk utilization on the drive Podman is storing containers and images on, and CPU utilization.
* Fix CVE-2022-27191 / bsc#1197284
- Require catatonit >= 0.1.7 for pause functionality needed by pods
Update to version 4.0.3:
* Security
- This release fixes CVE-2022-27649, where containers run by Podman would have excess inheritable capabilities set.
* Changes
- The podman machine rm --force command will now remove running machines as well (such machines are shut down first, then removed) (#13448).
- When a podman machine VM is started that is using a too-old VM image, it will now start in a reduced functionality mode, and provide instructions on how to recreate it (previously, VMs were effectively unusable) (#13510).
- Updated the containers/common library to v0.47.5
- This release addresses CVE-2021-4024 / bsc#1193166, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777.
- This release addresses CVE-2021-41190 / bsc#1193273, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients.
Update to version 3.1.0: (bsc#1181961, CVE-2021-20206)
- A fix for CVE-2021-20199 / bsc#1181640 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue.
Patchnames: SUSE-2023-187,SUSE-SLE-Micro-5.3-2023-187,SUSE-SLE-Module-Containers-15-SP4-2023-187,openSUSE-Leap-Micro-5.3-2023-187,openSUSE-SLE-15.4-2023-187
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-cni-config-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-docker-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-cni-config-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-docker-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
Threats
Impact
low
7.2 (High)
Affected products
Recommended
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-cni-config-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-docker-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-cni-config-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-docker-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
4.8 (Medium)
Affected products
Recommended
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-cni-config-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-docker-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-cni-config-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-docker-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5 (Medium)
Affected products
Recommended
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-cni-config-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-docker-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-cni-config-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-docker-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
4.8 (Medium)
Affected products
Recommended
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-cni-config-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-docker-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-cni-config-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-docker-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-cni-config-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-docker-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-cni-config-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-docker-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for podman",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for podman fixes the following issues:\n\npodman was updated to version 4.3.1:\n\n4.3.1:\n\n* Bugfixes\n\n- Fixed a deadlock between the `podman ps` and `podman container inspect` commands\n\n* Misc\n\n- Updated the containers/image library to v5.23.1\n \n4.3.0:\n\n* Features\n\n- A new command, `podman generate spec`, has been added, which creates a JSON struct based on a given container that can be used with the Podman REST API to create containers.\n- A new command, `podman update`, has been added,which makes changes to the resource limits of existing containers. Please note that these changes do not persist if the container is restarted\n- A new command, `podman kube down`, has been added, which removes pods and containers created by the given Kubernetes YAML (functionality is identical to `podman kube play --down`, but it now has its own command).\n- The `podman kube play` command now supports Kubernetes secrets using Podman\u0027s secrets backend.\n- Systemd-managed pods created by the `podman kube play` command now integrate with sd-notify, using the `io.containers.sdnotify` annotation (or `io.containers.sdnotify/$name` for specific containers).\n- Systemd-managed pods created by `podman kube play` can now be auto-updated, using the `io.containers.auto-update` annotation (or `io.containers.auto-update/$name` for specific containers).\n- The `podman kube play` command can now read YAML from URLs, e.g. `podman kube play https://example.com/demo.yml`\n- The `podman kube play` command now supports the `emptyDir` volume type\n- The `podman kube play` command now supports the `HostUsers` field in the pod spec.\n- The `podman play kube` command now supports `binaryData` in ConfigMaps.\n- The `podman pod create` command can now set additional resource limits for pods using the new `--memory-swap`, `--cpuset-mems`, `--device-read-bps`, `--device-write-bps`, `--blkio-weight`, `--blkio-weight-device`, and `--cpu-shares` options.\n- The `podman machine init` command now supports a new option, `--username`, to set the username that will be used to connect to the VM as a non-root user\n- The `podman volume create` command\u0027s `-o timeout=` option can now set a timeout of 0, indicating volume plugin operations will never time out.\n- Added support for a new volume driver, `image`, which allows volumes to be created that are backed by images.\n- The `podman run` and `podman create` commands support a new option, `--env-merge`, allowing environment variables to be specified relative to other environment variables in the image (e.g. `podman run --env-merge \u0027PATH=$PATH:/my/app\u0027 ...`)\n- The `podman run` and `podman create` commands support a new option, `--on-failure`, to allow action to be taken when a container fails health checks, with the following supported actions: `none` (take no action, the default), `kill` (kill the container), `restart` (restart the container), and `stop` (stop the container).\n- The `--keep-id` option to `podman create` and `podman run` now supports new options, `uid` and `gid`, to set the UID and GID of the user in the container that will be mapped to the user running Podman (e.g. `--userns=keep-id:uid=11` will made the user running Podman to UID 11 in the container)\n- The `podman generate systemd` command now supports a new option, `--env`/`-e`, to set environment variables in the generated unit file\n- The `podman pause` and `podman unpause` commands now support the `--latest`, `--cidfile`, and `--filter` options.\n- The `podman restart` command now supports the `--cidfile` and `--filter` options.\n- The `podman rm` command now supports the `--filter` option to select which containers will be removed.\n- The `podman rmi` command now supports a new option, `--no-prune`, to prevent the removal of dangling parents of removed images.\n- The `--dns-opt` option to `podman create`, `podman run`, and `podman pod create` has received a new alias, `--dns-option`, to improve Docker compatibility.\n- The `podman` command now features a new global flag, `--debug`/`-D`, which enables debug-level logging (identical to `--log-level=debug`), improving Docker compatibility.\n- The `podman` command now features a new global flag, `--config`. This flag is ignored, and is only included for Docker compatibility\n- The `podman manifest create` command now accepts a new option, `--amend`/`-a`.\n- The `podman manifest create`, `podman manifest add` and `podman manifest push` commands now accept a new option, `--insecure` (identical to `--tls-verify=false`), improving Docker compatibility.\n- The `podman secret create` command\u0027s `--driver` and `--format` options now have new aliases, `-d` for `--driver` and `-f` for `--format`.\n- The `podman secret create` command now supports a new option, `--label`/`-l`, to add labels to created secrets.\n- The `podman secret ls` command now accepts the `--quiet`/`-q` option.\n- The `podman secret inspect` command now accepts a new option, `--pretty`, to print output in human-readable format.\n- The `podman stats` command now accepts the `--no-trunc` option.\n- The `podman save` command now accepts the `--signature-policy` option\n- The `podman pod inspect` command now allows multiple arguments to be passed. If so, it will return a JSON array of the inspected pods\n- A series of new hidden commands have been added under `podman context` as aliases to existing `podman system connection` commands, to improve Docker compatibility.\n- The remote Podman client now supports proxying signals for attach sessions when the `--sig-proxy` option is set\n\n### Changes\n\n- Duplicate volume mounts are now allowed with the `-v` option to `podman run`, `podman create`, and `podman pod create`, so long as source, destination, and options all match\n- The `podman generate kube` and `podman play kube` commands have been renamed to `podman kube generate` and `podman kube play` to group Kubernetes-related commands. Aliases have been added to ensure the old command names still function.\n- A number of Podman commands (`podman init`, `podman container checkpoint`, `podman container restore`, `podman container cleanup`) now print the user-inputted name of the container, instead of its full ID, on success.\n- When an unsupported option (e.g. resource limit) is specified for a rootless container on a cgroups v1 system, a warning message is now printed that the limit will not be honored.\n- The installer for the Windows Podman client has been improved.\n- The `--cpu-rt-period` and `--cpu-rt-runtime` options to `podman run` and `podman create` now print a warning and are ignored on cgroups v2 systems (cgroups v2 having dropped support for these controllers)\n- Privileged containers running systemd will no longer mount `/dev/tty*` devices other than `/dev/tty` itself into the container\n- Events for containers that are part of a pod now include the ID of the pod in the event.\n- SSH functionality for `podman machine` commands has seen a thorough rework, addressing many issues about authentication.\n- The `--network` option to `podman kube play` now allows passing `host` to set the pod to use host networking, even if the YAML does not request this.\n- The `podman inspect` command on containers now includes the digest of the image used to create the container.\n- Pods created by `podman play kube` are now, by default, placed into a network named `podman-kube`. If the `podman-kube` network does not exist, it will be created. This ensures pods can connect to each other by their names, as the network has DNS enabled.\n\n\nUpdate to version 4.2.0:\n\n* Features\n\n- Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines.\n- A new command has been added, podman pod clone, to create a copy of an existing pod. It supports several options, including --start to start the new pod, --destroy to remove the original pod, and --name to change the name of the new pod\n- A new command has been added, podman volume reload, to sync changes in state between Podman\u0027s database and any configured volume plugins\n- A new command has been added, podman machine info, which displays information about the host and the versions of various machine components.\n- Pods created by podman play kube can now be managed by systemd unit files. This can be done via a new systemd service, podman-kube@.service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the Kubernetes pod or deployment contained in my.yaml under systemd.\n- The podman play kube command now honors the RunAsUser, RunAsGroup, and SupplementalGroups setting from the Kubernetes pod\u0027s security context.\n- The podman play kube command now supports volumes with the BlockDevice and CharDevice types\n- The podman play kube command now features a new flag, --userns, to set the user namespace of created pods. Two values are allowed at present: host and auto\n- The podman play kube command now supports setting the type of created init containers via the io.podman.annotations.init.container.type annotation.\n- Pods now have include an exit policy (configurable via the --exit-policy option to podman pod create), which determines what will happen to the pod\u0027s infra container when the entire pod stops. The default, continue, acts as Podman currently does, while a new option, stop, stops the infra container after the last container in the pod stops, and is used by default for pods from podman play kube\n- The podman pod create command now allows the pod\u0027s name to be specified as an argument, instead of using the --name option - for example, podman pod create mypod instead of the prior podman pod create --name mypod. Please note that the --name option is not deprecated and will continue to work.\n- The podman pod create command\u0027s --share option now supports adding namespaces to the set by prefacing them with + (as opposed to specifying all namespaces that should be shared)\n- The podman pod create command has a new option, --shm-size, to specify the size of the /dev/shm mount that will be shared if the pod shares its UTS namespace (#14609).\n- The podman pod create command has a new option, --uts, to configure the UTS namespace that will be shared by containers in the pod.\n- The podman pod create command now supports setting pod-level resource limits via the --cpus, --cpuset-cpus, and --memory options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release!\n- The podman create and podman run commands now include the -c short option for the --cpu-shares option.\n- The podman create and podman run commands can now create containers from a manifest list (and not an image) as long as the --platform option is specified (#14773).\n- The podman build command now supports a new option, --cpp-flag, to specify options for the C preprocessor when using Containerfile.in files that require preprocessing.\n- The podman build command now supports a new option, --build-context, allowing the user to specify an additional build context.\n- The podman machine inspect command now prints the location of the VM\u0027s Podman API socket on the host (#14231).\n- The podman machine init command on Windows now fetches an image with packages pre-installed (#14698).\n- Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change (#14697).\n- The default for the --image-volume option to podman run and podman create can now have its default set through the image_volume_mode setting in containers.conf (#14230).\n- Overlay volumes now support two new options, workdir and upperdir, to allow multiple overlay volumes from different containers to reuse the same workdir or upperdir (#14427).\n- The podman volume create command now supports two new options, copy and nocopy, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up).\n- Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the --opt o=timeout= option to podman volume create (BZ 2080458).\n- The podman volume ls command\u0027s --filter name= option now supports regular expression matching for volume names (#14583).\n- When used with a podman machine VM, volumes now support specification of the 9p security model using the security_model option to podman create -v and podman run -v.\n- The remote Podman client\u0027s podman push command now supports the --remove-signatures option (#14558).\n- The remote Podman client now supports the podman image scp command.\n- The podman image scp command now supports tagging the transferred image with a new name.\n- The podman network ls command supports a new filter, --filter dangling=, to list networks not presently used by any containers (#14595).\n- The --condition option to podman wait can now be specified multiple times to wait on any one of multiple conditions.\n- The podman events command now includes the -f short option for the --filter option.\n- The podman pull command now includes the -a short option for the --all-tags option.\n- The podman stop command now includes a new flag, --filter, to filter which containers will be stopped (e.g. podman stop --all --filter label=COM.MY.APP).\n- The Podman global option --url now has two aliases: -H and --host.\n- The podman network create command now supports a new option with the default bridge driver, --opt isolate=, which isolates the network by blocking any traffic from it to any other network with the isolate option enabled. This option is enabled by default for networks created using the Docker-compatible API.\n- Added the ability to create sigstore signatures in podman push and podman manifest push.\n- Added an option to read image signing passphrase from a file.\n\n* Changes\n\n- Paused containers can now be killed with the podman kill command.\n- The podman system prune command now removes unused networks.\n- The --userns=keep-id and --userns=nomap options to the podman run and podman create commands are no longer allowed (instead of simply being ignored) with root Podman.\n- If the /run directory for a container is part of a volume, Podman will not create the /run/.containerenv file (#14577).\n- The podman machine stop command on macOS now waits for the machine to be completely stopped to exit (#14148).\n- All podman machine commands now only support being run as rootless, given that VMs only functioned when run rootless.\n- The podman unpause --all command will now only attempt to unpause containers that are paused, not all containers.\n- Init containers created with podman play kube now default to the once type (#14877).\n- Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested (#15048).\n- The podman create, podman run, and podman cp commands can now autocomplete paths in the image or container via the shell completion.\n- The libpod/common package has been removed as it\u0027s not used anywhere.\n- The --userns option to podman create and podman run is no longer accepted when an explicit UID or GID mapping is specified (#15233).\n\n\n* Misc\n\n- Podman will now check for nameservers in /run/NetworkManager/no-stub-resolv.conf if the /etc/resolv.conf file only contains a localhost server.\n- The podman build command now supports caching with builds that specify --squash-all by allowing the --layers flag to be used at the same time.\n- Podman Machine support for QEMU installations at non-default paths has been improved.\n- The podman machine ssh command no longer prints spurious warnings every time it is run.\n- When accessing the WSL prompt on Windows, the rootless user will be preferred.\n- The podman info command now includes a field for information on supported authentication plugins for improved Docker compatibility. Authentication plugins are not presently supported by Podman, so this field is always empty.\n- The podman system prune command now no longer prints the Deleted Images header if no images were pruned.\n- The podman system service command now automatically creates and moves to a sub-cgroup when running in the root cgroup (#14573).\n- Updated Buildah to v1.27.0 (fixes CVE-2022-21698 / bsc#1196338)\n- Updated the containers/image library to v5.22.0\n- Updated the containers/storage library to v1.42.0 (fixes bsc#1196751)\n- Updated the containers/common library to v0.49.1\n- Podman will automatically create a sub-cgroup and move itself into it when it detects that it is running inside a container (#14884).\n- Fixed an incorrect release note about regexp.\n- A new MacOS installer (via pkginstaller) is now supported.\n\nUpdate to version 4.1.1:\n\n* The output of the podman load command now mirrors that of docker load.\n* Podman now supports Docker Compose v2.2 and higher. Please note that it may be necessary to disable the use of Buildkit by setting the environment variable DOCKER_BUILDKIT=0.\n* A new container command has been added, podman container clone. This command makes a copy of an existing container, with the ability to change some settings (e.g. resource limits) while doing so.\n* Podman now supports sending JSON events related to machines to a Unix socket named machine_events.*\\.sock in XDG_RUNTIME_DIR/podman or to a socket whose path is set in the PODMAN_MACHINE_EVENTS_SOCK environment variable.\n* Two new volume commands have been added, podman volume mount and podman volume unmount. These allow for Podman-managed named volumes to be mounted and accessed from outside containers.\n* The podman container checkpoint and podman container restore options now support checkpointing to and restoring from OCI images. This allows checkpoints to be distributed via standard image registries.\n* The podman play kube command now supports environment variables that are specified using the fieldRef and resourceFieldRef sources.\n* The podman play kube command will now set default resource limits when the provided YAML does not include them.\n* The podman play kube command now supports a new option, --annotation, to add annotations to created containers.\n* The podman play kube --build command now supports a new option, --context-dir, which allows the user to specify the context directory to use when building the Containerfile.\n* The podman container commit command now supports a new option, --squash, which squashes the generated image into a single layer.\n* The podman pod logs command now supports two new options, --names, which identifies which container generated a log message by name, instead of ID and --color, which colors messages based on what container generated them.\n* The podman rmi command now supports a new option, --ignore, which will ignore errors caused by missing images.\n* The podman network create command now features a new option, --ipam-driver, to specify details about how IP addresses are assigned to containers in the network.\n* The podman machine list command now features a new option, --quiet, to print only the names of configured VMs and no other information.\n* The --ipc option to the podman create, podman run, and podman pod create commands now supports three new modes: none, private, and shareable. The default IPC mode is now shareable, indicating the the IPC namespace can be shared with other containers.\n* The --mount option to the podman create and podman run commands can now set options for created named volumes via the volume-opt parameter.\n* The --mount option to the podman create and podman run commands now allows parameters to be passed in CSV format.\n* The --userns option to the podman create and podman run commands now supports a new option, nomap, that (only for rootless containers) does not map the UID of the user that started the container into the container, increasing security.\n* The podman import command now supports three new options, --arch, --os, and --variant, to specify what system the imported image was built for.\n* The podman inspect command now includes information on the network configuration of containers that joined a pre-configured network namespace with the --net ns: option to podman run, podman create, and podman pod create.\n* The podman run and podman create commands now support a new option, --chrootdirs, which specifies additional locations where container-specific files managed by Podman (e.g. /etc/hosts, `/etc/resolv.conf, etc) will be mounted inside the container (#12961).\n* The podman run and podman create commands now support a new option, --passwd-entry, allowing entries to be added to the container\u0027s /etc/passwd file.\n* The podman images --format command now accepts two new format directives: {{.CreatedAt}} and {{.CreatedSince}}.\n* The podman volume create command\u0027s -o option now accepts a new argument, o=noquota, to disable XFS quotas entirely and avoid potential issues when Podman is run on an XFS filesystem with existing quotas defined.\n* The podman info command now includes additional information on the machine Podman is running on, including disk utilization on the drive Podman is storing containers and images on, and CPU utilization.\n* Fix CVE-2022-27191 / bsc#1197284\n\n- Require catatonit \u003e= 0.1.7 for pause functionality needed by pods\n\nUpdate to version 4.0.3:\n\n* Security\n\n - This release fixes CVE-2022-27649, where containers run by Podman would have excess inheritable capabilities set.\n\n* Changes\n\n - The podman machine rm --force command will now remove running machines as well (such machines are shut down first, then removed) (#13448).\n - When a podman machine VM is started that is using a too-old VM image, it will now start in a reduced functionality mode, and provide instructions on how to recreate it (previously, VMs were effectively unusable) (#13510).\n\n - Updated the containers/common library to v0.47.5\n\n- This release addresses CVE-2021-4024 / bsc#1193166, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777.\n- This release addresses CVE-2021-41190 / bsc#1193273, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients.\n\nUpdate to version 3.1.0: (bsc#1181961, CVE-2021-20206)\n\n- A fix for CVE-2021-20199 / bsc#1181640 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-187,SUSE-SLE-Micro-5.3-2023-187,SUSE-SLE-Module-Containers-15-SP4-2023-187,openSUSE-Leap-Micro-5.3-2023-187,openSUSE-SLE-15.4-2023-187",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_0187-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:0187-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230187-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:0187-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-January/013557.html"
},
{
"category": "self",
"summary": "SUSE Bug 1181640",
"url": "https://bugzilla.suse.com/1181640"
},
{
"category": "self",
"summary": "SUSE Bug 1181961",
"url": "https://bugzilla.suse.com/1181961"
},
{
"category": "self",
"summary": "SUSE Bug 1193166",
"url": "https://bugzilla.suse.com/1193166"
},
{
"category": "self",
"summary": "SUSE Bug 1193273",
"url": "https://bugzilla.suse.com/1193273"
},
{
"category": "self",
"summary": "SUSE Bug 1197672",
"url": "https://bugzilla.suse.com/1197672"
},
{
"category": "self",
"summary": "SUSE Bug 1199790",
"url": "https://bugzilla.suse.com/1199790"
},
{
"category": "self",
"summary": "SUSE Bug 1202809",
"url": "https://bugzilla.suse.com/1202809"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20199 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20199/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20206 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4024 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4024/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-41190 page",
"url": "https://www.suse.com/security/cve/CVE-2021-41190/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-27649 page",
"url": "https://www.suse.com/security/cve/CVE-2022-27649/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2989 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2989/"
}
],
"title": "Security update for podman",
"tracking": {
"current_release_date": "2023-01-27T10:27:02Z",
"generator": {
"date": "2023-01-27T10:27:02Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:0187-1",
"initial_release_date": "2023-01-27T10:27:02Z",
"revision_history": [
{
"date": "2023-01-27T10:27:02Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "podman-4.3.1-150400.4.11.1.aarch64",
"product": {
"name": "podman-4.3.1-150400.4.11.1.aarch64",
"product_id": "podman-4.3.1-150400.4.11.1.aarch64"
}
},
{
"category": "product_version",
"name": "podman-remote-4.3.1-150400.4.11.1.aarch64",
"product": {
"name": "podman-remote-4.3.1-150400.4.11.1.aarch64",
"product_id": "podman-remote-4.3.1-150400.4.11.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-4.3.1-150400.4.11.1.i586",
"product": {
"name": "podman-4.3.1-150400.4.11.1.i586",
"product_id": "podman-4.3.1-150400.4.11.1.i586"
}
},
{
"category": "product_version",
"name": "podman-remote-4.3.1-150400.4.11.1.i586",
"product": {
"name": "podman-remote-4.3.1-150400.4.11.1.i586",
"product_id": "podman-remote-4.3.1-150400.4.11.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-cni-config-4.3.1-150400.4.11.1.noarch",
"product": {
"name": "podman-cni-config-4.3.1-150400.4.11.1.noarch",
"product_id": "podman-cni-config-4.3.1-150400.4.11.1.noarch"
}
},
{
"category": "product_version",
"name": "podman-docker-4.3.1-150400.4.11.1.noarch",
"product": {
"name": "podman-docker-4.3.1-150400.4.11.1.noarch",
"product_id": "podman-docker-4.3.1-150400.4.11.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-4.3.1-150400.4.11.1.ppc64le",
"product": {
"name": "podman-4.3.1-150400.4.11.1.ppc64le",
"product_id": "podman-4.3.1-150400.4.11.1.ppc64le"
}
},
{
"category": "product_version",
"name": "podman-remote-4.3.1-150400.4.11.1.ppc64le",
"product": {
"name": "podman-remote-4.3.1-150400.4.11.1.ppc64le",
"product_id": "podman-remote-4.3.1-150400.4.11.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-4.3.1-150400.4.11.1.s390x",
"product": {
"name": "podman-4.3.1-150400.4.11.1.s390x",
"product_id": "podman-4.3.1-150400.4.11.1.s390x"
}
},
{
"category": "product_version",
"name": "podman-remote-4.3.1-150400.4.11.1.s390x",
"product": {
"name": "podman-remote-4.3.1-150400.4.11.1.s390x",
"product_id": "podman-remote-4.3.1-150400.4.11.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-4.3.1-150400.4.11.1.x86_64",
"product": {
"name": "podman-4.3.1-150400.4.11.1.x86_64",
"product_id": "podman-4.3.1-150400.4.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "podman-remote-4.3.1-150400.4.11.1.x86_64",
"product": {
"name": "podman-remote-4.3.1-150400.4.11.1.x86_64",
"product_id": "podman-remote-4.3.1-150400.4.11.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap Micro 5.3",
"product": {
"name": "openSUSE Leap Micro 5.3",
"product_id": "openSUSE Leap Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.3.1-150400.4.11.1.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64"
},
"product_reference": "podman-4.3.1-150400.4.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.3.1-150400.4.11.1.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.s390x"
},
"product_reference": "podman-4.3.1-150400.4.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.3.1-150400.4.11.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64"
},
"product_reference": "podman-4.3.1-150400.4.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-cni-config-4.3.1-150400.4.11.1.noarch as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch"
},
"product_reference": "podman-cni-config-4.3.1-150400.4.11.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.3.1-150400.4.11.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.aarch64"
},
"product_reference": "podman-4.3.1-150400.4.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.3.1-150400.4.11.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.ppc64le"
},
"product_reference": "podman-4.3.1-150400.4.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.3.1-150400.4.11.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.s390x"
},
"product_reference": "podman-4.3.1-150400.4.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.3.1-150400.4.11.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.x86_64"
},
"product_reference": "podman-4.3.1-150400.4.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-cni-config-4.3.1-150400.4.11.1.noarch as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:podman-cni-config-4.3.1-150400.4.11.1.noarch"
},
"product_reference": "podman-cni-config-4.3.1-150400.4.11.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-4.3.1-150400.4.11.1.noarch as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:podman-docker-4.3.1-150400.4.11.1.noarch"
},
"product_reference": "podman-docker-4.3.1-150400.4.11.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.3.1-150400.4.11.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.aarch64"
},
"product_reference": "podman-remote-4.3.1-150400.4.11.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.3.1-150400.4.11.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.ppc64le"
},
"product_reference": "podman-remote-4.3.1-150400.4.11.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.3.1-150400.4.11.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.s390x"
},
"product_reference": "podman-remote-4.3.1-150400.4.11.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.3.1-150400.4.11.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.x86_64"
},
"product_reference": "podman-remote-4.3.1-150400.4.11.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.3.1-150400.4.11.1.aarch64 as component of openSUSE Leap Micro 5.3",
"product_id": "openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64"
},
"product_reference": "podman-4.3.1-150400.4.11.1.aarch64",
"relates_to_product_reference": "openSUSE Leap Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.3.1-150400.4.11.1.x86_64 as component of openSUSE Leap Micro 5.3",
"product_id": "openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64"
},
"product_reference": "podman-4.3.1-150400.4.11.1.x86_64",
"relates_to_product_reference": "openSUSE Leap Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-cni-config-4.3.1-150400.4.11.1.noarch as component of openSUSE Leap Micro 5.3",
"product_id": "openSUSE Leap Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch"
},
"product_reference": "podman-cni-config-4.3.1-150400.4.11.1.noarch",
"relates_to_product_reference": "openSUSE Leap Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.3.1-150400.4.11.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.aarch64"
},
"product_reference": "podman-4.3.1-150400.4.11.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.3.1-150400.4.11.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.ppc64le"
},
"product_reference": "podman-4.3.1-150400.4.11.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.3.1-150400.4.11.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.s390x"
},
"product_reference": "podman-4.3.1-150400.4.11.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.3.1-150400.4.11.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.x86_64"
},
"product_reference": "podman-4.3.1-150400.4.11.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-cni-config-4.3.1-150400.4.11.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:podman-cni-config-4.3.1-150400.4.11.1.noarch"
},
"product_reference": "podman-cni-config-4.3.1-150400.4.11.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-4.3.1-150400.4.11.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:podman-docker-4.3.1-150400.4.11.1.noarch"
},
"product_reference": "podman-docker-4.3.1-150400.4.11.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.3.1-150400.4.11.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.aarch64"
},
"product_reference": "podman-remote-4.3.1-150400.4.11.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.3.1-150400.4.11.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.ppc64le"
},
"product_reference": "podman-remote-4.3.1-150400.4.11.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.3.1-150400.4.11.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.s390x"
},
"product_reference": "podman-remote-4.3.1-150400.4.11.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.3.1-150400.4.11.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.x86_64"
},
"product_reference": "podman-remote-4.3.1-150400.4.11.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-20199",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20199"
}
],
"notes": [
{
"category": "general",
"text": "Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-docker-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-docker-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20199",
"url": "https://www.suse.com/security/cve/CVE-2021-20199"
},
{
"category": "external",
"summary": "SUSE Bug 1181640 for CVE-2021-20199",
"url": "https://bugzilla.suse.com/1181640"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-docker-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-docker-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-docker-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-docker-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-01-27T10:27:02Z",
"details": "low"
}
],
"title": "CVE-2021-20199"
},
{
"cve": "CVE-2021-20206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20206"
}
],
"notes": [
{
"category": "general",
"text": "An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the \u0027type\u0027 field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as \u0027reboot\u0027. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-docker-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-docker-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20206",
"url": "https://www.suse.com/security/cve/CVE-2021-20206"
},
{
"category": "external",
"summary": "SUSE Bug 1181961 for CVE-2021-20206",
"url": "https://bugzilla.suse.com/1181961"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-docker-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-docker-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-docker-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-docker-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-01-27T10:27:02Z",
"details": "important"
}
],
"title": "CVE-2021-20206"
},
{
"cve": "CVE-2021-4024",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4024"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host\u0027s firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host\u0027s services by forwarding all ports to the VM.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-docker-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-docker-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4024",
"url": "https://www.suse.com/security/cve/CVE-2021-4024"
},
{
"category": "external",
"summary": "SUSE Bug 1193166 for CVE-2021-4024",
"url": "https://bugzilla.suse.com/1193166"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-docker-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-docker-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-docker-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-docker-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-01-27T10:27:02Z",
"details": "moderate"
}
],
"title": "CVE-2021-4024"
},
{
"cve": "CVE-2021-41190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-41190"
}
],
"notes": [
{
"category": "general",
"text": "The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both \"manifests\" and \"layers\" fields could be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a client may interpret the resulting content differently. The OCI Distribution Specification has been updated to require that a mediaType value present in a manifest or index match the Content-Type header used during the push and pull operations. Clients pulling from a registry may distrust the Content-Type header and reject an ambiguous document that contains both \"manifests\" and \"layers\" fields or \"manifests\" and \"config\" fields if they are unable to update to version 1.0.1 of the spec.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-docker-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-docker-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-41190",
"url": "https://www.suse.com/security/cve/CVE-2021-41190"
},
{
"category": "external",
"summary": "SUSE Bug 1193273 for CVE-2021-41190",
"url": "https://bugzilla.suse.com/1193273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-docker-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-docker-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-docker-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-docker-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-01-27T10:27:02Z",
"details": "moderate"
}
],
"title": "CVE-2021-41190"
},
{
"cve": "CVE-2022-27649",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-27649"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-docker-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-docker-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-27649",
"url": "https://www.suse.com/security/cve/CVE-2022-27649"
},
{
"category": "external",
"summary": "SUSE Bug 1197909 for CVE-2022-27649",
"url": "https://bugzilla.suse.com/1197909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-docker-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-docker-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-docker-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-docker-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-01-27T10:27:02Z",
"details": "moderate"
}
],
"title": "CVE-2022-27649"
},
{
"cve": "CVE-2022-2989",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2989"
}
],
"notes": [
{
"category": "general",
"text": "An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-docker-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-docker-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2989",
"url": "https://www.suse.com/security/cve/CVE-2022-2989"
},
{
"category": "external",
"summary": "SUSE Bug 1202809 for CVE-2022-2989",
"url": "https://bugzilla.suse.com/1202809"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-docker-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-docker-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-4.3.1-150400.4.11.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-docker-4.3.1-150400.4.11.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap 15.4:podman-cni-config-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-docker-4.3.1-150400.4.11.1.noarch",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.ppc64le",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.s390x",
"openSUSE Leap 15.4:podman-remote-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.aarch64",
"openSUSE Leap Micro 5.3:podman-4.3.1-150400.4.11.1.x86_64",
"openSUSE Leap Micro 5.3:podman-cni-config-4.3.1-150400.4.11.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-01-27T10:27:02Z",
"details": "moderate"
}
],
"title": "CVE-2022-2989"
}
]
}
SUSE-SU-2023:0326-1
Vulnerability from csaf_suse - Published: 2023-02-09 07:53 - Updated: 2023-02-09 07:53Summary
Security update for podman
Severity
Important
Notes
Title of the patch: Security update for podman
Description of the patch: This update for podman fixes the following issues:
podman was updated to version 4.3.1:
4.3.1:
* Bugfixes
- Fixed a deadlock between the `podman ps` and `podman container inspect` commands
* Misc
- Updated the containers/image library to v5.23.1
4.3.0:
* Features
- A new command, `podman generate spec`, has been added, which creates a JSON struct based on a given container that can be used with the Podman REST API to create containers.
- A new command, `podman update`, has been added,which makes changes to the resource limits of existing containers. Please note that these changes do not persist if the container is restarted
- A new command, `podman kube down`, has been added, which removes pods and containers created by the given Kubernetes YAML (functionality is identical to `podman kube play --down`, but it now has its own command).
- The `podman kube play` command now supports Kubernetes secrets using Podman's secrets backend.
- Systemd-managed pods created by the `podman kube play` command now integrate with sd-notify, using the `io.containers.sdnotify` annotation (or `io.containers.sdnotify/$name` for specific containers).
- Systemd-managed pods created by `podman kube play` can now be auto-updated, using the `io.containers.auto-update` annotation (or `io.containers.auto-update/$name` for specific containers).
- The `podman kube play` command can now read YAML from URLs, e.g. `podman kube play https://example.com/demo.yml`
- The `podman kube play` command now supports the `emptyDir` volume type
- The `podman kube play` command now supports the `HostUsers` field in the pod spec.
- The `podman play kube` command now supports `binaryData` in ConfigMaps.
- The `podman pod create` command can now set additional resource limits for pods using the new `--memory-swap`, `--cpuset-mems`, `--device-read-bps`, `--device-write-bps`, `--blkio-weight`, `--blkio-weight-device`, and `--cpu-shares` options.
- The `podman machine init` command now supports a new option, `--username`, to set the username that will be used to connect to the VM as a non-root user
- The `podman volume create` command's `-o timeout=` option can now set a timeout of 0, indicating volume plugin operations will never time out.
- Added support for a new volume driver, `image`, which allows volumes to be created that are backed by images.
- The `podman run` and `podman create` commands support a new option, `--env-merge`, allowing environment variables to be specified relative to other environment variables in the image (e.g. `podman run --env-merge 'PATH=$PATH:/my/app' ...`)
- The `podman run` and `podman create` commands support a new option, `--on-failure`, to allow action to be taken when a container fails health checks, with the following supported actions: `none` (take no action, the default), `kill` (kill the container), `restart` (restart the container), and `stop` (stop the container).
- The `--keep-id` option to `podman create` and `podman run` now supports new options, `uid` and `gid`, to set the UID and GID of the user in the container that will be mapped to the user running Podman (e.g. `--userns=keep-id:uid=11` will made the user running Podman to UID 11 in the container)
- The `podman generate systemd` command now supports a new option, `--env`/`-e`, to set environment variables in the generated unit file
- The `podman pause` and `podman unpause` commands now support the `--latest`, `--cidfile`, and `--filter` options.
- The `podman restart` command now supports the `--cidfile` and `--filter` options.
- The `podman rm` command now supports the `--filter` option to select which containers will be removed.
- The `podman rmi` command now supports a new option, `--no-prune`, to prevent the removal of dangling parents of removed images.
- The `--dns-opt` option to `podman create`, `podman run`, and `podman pod create` has received a new alias, `--dns-option`, to improve Docker compatibility.
- The `podman` command now features a new global flag, `--debug`/`-D`, which enables debug-level logging (identical to `--log-level=debug`), improving Docker compatibility.
- The `podman` command now features a new global flag, `--config`. This flag is ignored, and is only included for Docker compatibility
- The `podman manifest create` command now accepts a new option, `--amend`/`-a`.
- The `podman manifest create`, `podman manifest add` and `podman manifest push` commands now accept a new option, `--insecure` (identical to `--tls-verify=false`), improving Docker compatibility.
- The `podman secret create` command's `--driver` and `--format` options now have new aliases, `-d` for `--driver` and `-f` for `--format`.
- The `podman secret create` command now supports a new option, `--label`/`-l`, to add labels to created secrets.
- The `podman secret ls` command now accepts the `--quiet`/`-q` option.
- The `podman secret inspect` command now accepts a new option, `--pretty`, to print output in human-readable format.
- The `podman stats` command now accepts the `--no-trunc` option.
- The `podman save` command now accepts the `--signature-policy` option
- The `podman pod inspect` command now allows multiple arguments to be passed. If so, it will return a JSON array of the inspected pods
- A series of new hidden commands have been added under `podman context` as aliases to existing `podman system connection` commands, to improve Docker compatibility.
- The remote Podman client now supports proxying signals for attach sessions when the `--sig-proxy` option is set
### Changes
- Duplicate volume mounts are now allowed with the `-v` option to `podman run`, `podman create`, and `podman pod create`, so long as source, destination, and options all match
- The `podman generate kube` and `podman play kube` commands have been renamed to `podman kube generate` and `podman kube play` to group Kubernetes-related commands. Aliases have been added to ensure the old command names still function.
- A number of Podman commands (`podman init`, `podman container checkpoint`, `podman container restore`, `podman container cleanup`) now print the user-inputted name of the container, instead of its full ID, on success.
- When an unsupported option (e.g. resource limit) is specified for a rootless container on a cgroups v1 system, a warning message is now printed that the limit will not be honored.
- The installer for the Windows Podman client has been improved.
- The `--cpu-rt-period` and `--cpu-rt-runtime` options to `podman run` and `podman create` now print a warning and are ignored on cgroups v2 systems (cgroups v2 having dropped support for these controllers)
- Privileged containers running systemd will no longer mount `/dev/tty*` devices other than `/dev/tty` itself into the container
- Events for containers that are part of a pod now include the ID of the pod in the event.
- SSH functionality for `podman machine` commands has seen a thorough rework, addressing many issues about authentication.
- The `--network` option to `podman kube play` now allows passing `host` to set the pod to use host networking, even if the YAML does not request this.
- The `podman inspect` command on containers now includes the digest of the image used to create the container.
- Pods created by `podman play kube` are now, by default, placed into a network named `podman-kube`. If the `podman-kube` network does not exist, it will be created. This ensures pods can connect to each other by their names, as the network has DNS enabled.
Update to version 4.2.0:
* Features
- Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines.
- A new command has been added, podman pod clone, to create a copy of an existing pod. It supports several options, including --start to start the new pod, --destroy to remove the original pod, and --name to change the name of the new pod
- A new command has been added, podman volume reload, to sync changes in state between Podman's database and any configured volume plugins
- A new command has been added, podman machine info, which displays information about the host and the versions of various machine components.
- Pods created by podman play kube can now be managed by systemd unit files. This can be done via a new systemd service, podman-kube@.service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the Kubernetes pod or deployment contained in my.yaml under systemd.
- The podman play kube command now honors the RunAsUser, RunAsGroup, and SupplementalGroups setting from the Kubernetes pod's security context.
- The podman play kube command now supports volumes with the BlockDevice and CharDevice types
- The podman play kube command now features a new flag, --userns, to set the user namespace of created pods. Two values are allowed at present: host and auto
- The podman play kube command now supports setting the type of created init containers via the io.podman.annotations.init.container.type annotation.
- Pods now have include an exit policy (configurable via the --exit-policy option to podman pod create), which determines what will happen to the pod's infra container when the entire pod stops. The default, continue, acts as Podman currently does, while a new option, stop, stops the infra container after the last container in the pod stops, and is used by default for pods from podman play kube
- The podman pod create command now allows the pod's name to be specified as an argument, instead of using the --name option - for example, podman pod create mypod instead of the prior podman pod create --name mypod. Please note that the --name option is not deprecated and will continue to work.
- The podman pod create command's --share option now supports adding namespaces to the set by prefacing them with + (as opposed to specifying all namespaces that should be shared)
- The podman pod create command has a new option, --shm-size, to specify the size of the /dev/shm mount that will be shared if the pod shares its UTS namespace (#14609).
- The podman pod create command has a new option, --uts, to configure the UTS namespace that will be shared by containers in the pod.
- The podman pod create command now supports setting pod-level resource limits via the --cpus, --cpuset-cpus, and --memory options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release!
- The podman create and podman run commands now include the -c short option for the --cpu-shares option.
- The podman create and podman run commands can now create containers from a manifest list (and not an image) as long as the --platform option is specified (#14773).
- The podman build command now supports a new option, --cpp-flag, to specify options for the C preprocessor when using Containerfile.in files that require preprocessing.
- The podman build command now supports a new option, --build-context, allowing the user to specify an additional build context.
- The podman machine inspect command now prints the location of the VM's Podman API socket on the host (#14231).
- The podman machine init command on Windows now fetches an image with packages pre-installed (#14698).
- Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change (#14697).
- The default for the --image-volume option to podman run and podman create can now have its default set through the image_volume_mode setting in containers.conf (#14230).
- Overlay volumes now support two new options, workdir and upperdir, to allow multiple overlay volumes from different containers to reuse the same workdir or upperdir (#14427).
- The podman volume create command now supports two new options, copy and nocopy, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up).
- Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the --opt o=timeout= option to podman volume create (BZ 2080458).
- The podman volume ls command's --filter name= option now supports regular expression matching for volume names (#14583).
- When used with a podman machine VM, volumes now support specification of the 9p security model using the security_model option to podman create -v and podman run -v.
- The remote Podman client's podman push command now supports the --remove-signatures option (#14558).
- The remote Podman client now supports the podman image scp command.
- The podman image scp command now supports tagging the transferred image with a new name.
- The podman network ls command supports a new filter, --filter dangling=, to list networks not presently used by any containers (#14595).
- The --condition option to podman wait can now be specified multiple times to wait on any one of multiple conditions.
- The podman events command now includes the -f short option for the --filter option.
- The podman pull command now includes the -a short option for the --all-tags option.
- The podman stop command now includes a new flag, --filter, to filter which containers will be stopped (e.g. podman stop --all --filter label=COM.MY.APP).
- The Podman global option --url now has two aliases: -H and --host.
- The podman network create command now supports a new option with the default bridge driver, --opt isolate=, which isolates the network by blocking any traffic from it to any other network with the isolate option enabled. This option is enabled by default for networks created using the Docker-compatible API.
- Added the ability to create sigstore signatures in podman push and podman manifest push.
- Added an option to read image signing passphrase from a file.
* Changes
- Paused containers can now be killed with the podman kill command.
- The podman system prune command now removes unused networks.
- The --userns=keep-id and --userns=nomap options to the podman run and podman create commands are no longer allowed (instead of simply being ignored) with root Podman.
- If the /run directory for a container is part of a volume, Podman will not create the /run/.containerenv file (#14577).
- The podman machine stop command on macOS now waits for the machine to be completely stopped to exit (#14148).
- All podman machine commands now only support being run as rootless, given that VMs only functioned when run rootless.
- The podman unpause --all command will now only attempt to unpause containers that are paused, not all containers.
- Init containers created with podman play kube now default to the once type (#14877).
- Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested (#15048).
- The podman create, podman run, and podman cp commands can now autocomplete paths in the image or container via the shell completion.
- The libpod/common package has been removed as it's not used anywhere.
- The --userns option to podman create and podman run is no longer accepted when an explicit UID or GID mapping is specified (#15233).
* Misc
- Podman will now check for nameservers in /run/NetworkManager/no-stub-resolv.conf if the /etc/resolv.conf file only contains a localhost server.
- The podman build command now supports caching with builds that specify --squash-all by allowing the --layers flag to be used at the same time.
- Podman Machine support for QEMU installations at non-default paths has been improved.
- The podman machine ssh command no longer prints spurious warnings every time it is run.
- When accessing the WSL prompt on Windows, the rootless user will be preferred.
- The podman info command now includes a field for information on supported authentication plugins for improved Docker compatibility. Authentication plugins are not presently supported by Podman, so this field is always empty.
- The podman system prune command now no longer prints the Deleted Images header if no images were pruned.
- The podman system service command now automatically creates and moves to a sub-cgroup when running in the root cgroup (#14573).
- Updated Buildah to v1.27.0 (fixes CVE-2022-21698 / bsc#1196338)
- Updated the containers/image library to v5.22.0
- Updated the containers/storage library to v1.42.0 (fixes bsc#1196751)
- Updated the containers/common library to v0.49.1
- Podman will automatically create a sub-cgroup and move itself into it when it detects that it is running inside a container (#14884).
- Fixed an incorrect release note about regexp.
- A new MacOS installer (via pkginstaller) is now supported.
Update to version 4.1.1:
* The output of the podman load command now mirrors that of docker load.
* Podman now supports Docker Compose v2.2 and higher. Please note that it may be necessary to disable the use of Buildkit by setting the environment variable DOCKER_BUILDKIT=0.
* A new container command has been added, podman container clone. This command makes a copy of an existing container, with the ability to change some settings (e.g. resource limits) while doing so.
* Podman now supports sending JSON events related to machines to a Unix socket named machine_events.*\.sock in XDG_RUNTIME_DIR/podman or to a socket whose path is set in the PODMAN_MACHINE_EVENTS_SOCK environment variable.
* Two new volume commands have been added, podman volume mount and podman volume unmount. These allow for Podman-managed named volumes to be mounted and accessed from outside containers.
* The podman container checkpoint and podman container restore options now support checkpointing to and restoring from OCI images. This allows checkpoints to be distributed via standard image registries.
* The podman play kube command now supports environment variables that are specified using the fieldRef and resourceFieldRef sources.
* The podman play kube command will now set default resource limits when the provided YAML does not include them.
* The podman play kube command now supports a new option, --annotation, to add annotations to created containers.
* The podman play kube --build command now supports a new option, --context-dir, which allows the user to specify the context directory to use when building the Containerfile.
* The podman container commit command now supports a new option, --squash, which squashes the generated image into a single layer.
* The podman pod logs command now supports two new options, --names, which identifies which container generated a log message by name, instead of ID and --color, which colors messages based on what container generated them.
* The podman rmi command now supports a new option, --ignore, which will ignore errors caused by missing images.
* The podman network create command now features a new option, --ipam-driver, to specify details about how IP addresses are assigned to containers in the network.
* The podman machine list command now features a new option, --quiet, to print only the names of configured VMs and no other information.
* The --ipc option to the podman create, podman run, and podman pod create commands now supports three new modes: none, private, and shareable. The default IPC mode is now shareable, indicating the the IPC namespace can be shared with other containers.
* The --mount option to the podman create and podman run commands can now set options for created named volumes via the volume-opt parameter.
* The --mount option to the podman create and podman run commands now allows parameters to be passed in CSV format.
* The --userns option to the podman create and podman run commands now supports a new option, nomap, that (only for rootless containers) does not map the UID of the user that started the container into the container, increasing security.
* The podman import command now supports three new options, --arch, --os, and --variant, to specify what system the imported image was built for.
* The podman inspect command now includes information on the network configuration of containers that joined a pre-configured network namespace with the --net ns: option to podman run, podman create, and podman pod create.
* The podman run and podman create commands now support a new option, --chrootdirs, which specifies additional locations where container-specific files managed by Podman (e.g. /etc/hosts, `/etc/resolv.conf, etc) will be mounted inside the container (#12961).
* The podman run and podman create commands now support a new option, --passwd-entry, allowing entries to be added to the container's /etc/passwd file.
* The podman images --format command now accepts two new format directives: {{.CreatedAt}} and {{.CreatedSince}}.
* The podman volume create command's -o option now accepts a new argument, o=noquota, to disable XFS quotas entirely and avoid potential issues when Podman is run on an XFS filesystem with existing quotas defined.
* The podman info command now includes additional information on the machine Podman is running on, including disk utilization on the drive Podman is storing containers and images on, and CPU utilization.
* Fix CVE-2022-27191 / bsc#1197284
- Require catatonit >= 0.1.7 for pause functionality needed by pods
Update to version 4.0.3:
* Security
- This release fixes CVE-2022-27649, where containers run by Podman would have excess inheritable capabilities set.
* Changes
- The podman machine rm --force command will now remove running machines as well (such machines are shut down first, then removed) (#13448).
- When a podman machine VM is started that is using a too-old VM image, it will now start in a reduced functionality mode, and provide instructions on how to recreate it (previously, VMs were effectively unusable) (#13510).
- Updated the containers/common library to v0.47.5
- This release addresses CVE-2021-4024 / bsc#1193166, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777.
- This release addresses CVE-2021-41190 / bsc#1193273, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients.
Update to version 3.1.0: (bsc#1181961, CVE-2021-20206)
- A fix for CVE-2021-20199 / bsc#1181640 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue.
Patchnames: SUSE-2023-326,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-326,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-326,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-326,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-326,SUSE-SUSE-MicroOS-5.1-2023-326,SUSE-SUSE-MicroOS-5.2-2023-326,SUSE-Storage-7.1-2023-326,openSUSE-Leap-Micro-5.2-2023-326
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
Threats
Impact
low
7.2 (High)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
4.8 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
5 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
4.8 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for podman",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for podman fixes the following issues:\n\npodman was updated to version 4.3.1:\n\n4.3.1:\n\n* Bugfixes\n\n- Fixed a deadlock between the `podman ps` and `podman container inspect` commands\n\n* Misc\n\n- Updated the containers/image library to v5.23.1\n \n4.3.0:\n\n* Features\n\n- A new command, `podman generate spec`, has been added, which creates a JSON struct based on a given container that can be used with the Podman REST API to create containers.\n- A new command, `podman update`, has been added,which makes changes to the resource limits of existing containers. Please note that these changes do not persist if the container is restarted\n- A new command, `podman kube down`, has been added, which removes pods and containers created by the given Kubernetes YAML (functionality is identical to `podman kube play --down`, but it now has its own command).\n- The `podman kube play` command now supports Kubernetes secrets using Podman\u0027s secrets backend.\n- Systemd-managed pods created by the `podman kube play` command now integrate with sd-notify, using the `io.containers.sdnotify` annotation (or `io.containers.sdnotify/$name` for specific containers).\n- Systemd-managed pods created by `podman kube play` can now be auto-updated, using the `io.containers.auto-update` annotation (or `io.containers.auto-update/$name` for specific containers).\n- The `podman kube play` command can now read YAML from URLs, e.g. `podman kube play https://example.com/demo.yml`\n- The `podman kube play` command now supports the `emptyDir` volume type\n- The `podman kube play` command now supports the `HostUsers` field in the pod spec.\n- The `podman play kube` command now supports `binaryData` in ConfigMaps.\n- The `podman pod create` command can now set additional resource limits for pods using the new `--memory-swap`, `--cpuset-mems`, `--device-read-bps`, `--device-write-bps`, `--blkio-weight`, `--blkio-weight-device`, and `--cpu-shares` options.\n- The `podman machine init` command now supports a new option, `--username`, to set the username that will be used to connect to the VM as a non-root user\n- The `podman volume create` command\u0027s `-o timeout=` option can now set a timeout of 0, indicating volume plugin operations will never time out.\n- Added support for a new volume driver, `image`, which allows volumes to be created that are backed by images.\n- The `podman run` and `podman create` commands support a new option, `--env-merge`, allowing environment variables to be specified relative to other environment variables in the image (e.g. `podman run --env-merge \u0027PATH=$PATH:/my/app\u0027 ...`)\n- The `podman run` and `podman create` commands support a new option, `--on-failure`, to allow action to be taken when a container fails health checks, with the following supported actions: `none` (take no action, the default), `kill` (kill the container), `restart` (restart the container), and `stop` (stop the container).\n- The `--keep-id` option to `podman create` and `podman run` now supports new options, `uid` and `gid`, to set the UID and GID of the user in the container that will be mapped to the user running Podman (e.g. `--userns=keep-id:uid=11` will made the user running Podman to UID 11 in the container)\n- The `podman generate systemd` command now supports a new option, `--env`/`-e`, to set environment variables in the generated unit file\n- The `podman pause` and `podman unpause` commands now support the `--latest`, `--cidfile`, and `--filter` options.\n- The `podman restart` command now supports the `--cidfile` and `--filter` options.\n- The `podman rm` command now supports the `--filter` option to select which containers will be removed.\n- The `podman rmi` command now supports a new option, `--no-prune`, to prevent the removal of dangling parents of removed images.\n- The `--dns-opt` option to `podman create`, `podman run`, and `podman pod create` has received a new alias, `--dns-option`, to improve Docker compatibility.\n- The `podman` command now features a new global flag, `--debug`/`-D`, which enables debug-level logging (identical to `--log-level=debug`), improving Docker compatibility.\n- The `podman` command now features a new global flag, `--config`. This flag is ignored, and is only included for Docker compatibility\n- The `podman manifest create` command now accepts a new option, `--amend`/`-a`.\n- The `podman manifest create`, `podman manifest add` and `podman manifest push` commands now accept a new option, `--insecure` (identical to `--tls-verify=false`), improving Docker compatibility.\n- The `podman secret create` command\u0027s `--driver` and `--format` options now have new aliases, `-d` for `--driver` and `-f` for `--format`.\n- The `podman secret create` command now supports a new option, `--label`/`-l`, to add labels to created secrets.\n- The `podman secret ls` command now accepts the `--quiet`/`-q` option.\n- The `podman secret inspect` command now accepts a new option, `--pretty`, to print output in human-readable format.\n- The `podman stats` command now accepts the `--no-trunc` option.\n- The `podman save` command now accepts the `--signature-policy` option\n- The `podman pod inspect` command now allows multiple arguments to be passed. If so, it will return a JSON array of the inspected pods\n- A series of new hidden commands have been added under `podman context` as aliases to existing `podman system connection` commands, to improve Docker compatibility.\n- The remote Podman client now supports proxying signals for attach sessions when the `--sig-proxy` option is set\n\n### Changes\n\n- Duplicate volume mounts are now allowed with the `-v` option to `podman run`, `podman create`, and `podman pod create`, so long as source, destination, and options all match\n- The `podman generate kube` and `podman play kube` commands have been renamed to `podman kube generate` and `podman kube play` to group Kubernetes-related commands. Aliases have been added to ensure the old command names still function.\n- A number of Podman commands (`podman init`, `podman container checkpoint`, `podman container restore`, `podman container cleanup`) now print the user-inputted name of the container, instead of its full ID, on success.\n- When an unsupported option (e.g. resource limit) is specified for a rootless container on a cgroups v1 system, a warning message is now printed that the limit will not be honored.\n- The installer for the Windows Podman client has been improved.\n- The `--cpu-rt-period` and `--cpu-rt-runtime` options to `podman run` and `podman create` now print a warning and are ignored on cgroups v2 systems (cgroups v2 having dropped support for these controllers)\n- Privileged containers running systemd will no longer mount `/dev/tty*` devices other than `/dev/tty` itself into the container\n- Events for containers that are part of a pod now include the ID of the pod in the event.\n- SSH functionality for `podman machine` commands has seen a thorough rework, addressing many issues about authentication.\n- The `--network` option to `podman kube play` now allows passing `host` to set the pod to use host networking, even if the YAML does not request this.\n- The `podman inspect` command on containers now includes the digest of the image used to create the container.\n- Pods created by `podman play kube` are now, by default, placed into a network named `podman-kube`. If the `podman-kube` network does not exist, it will be created. This ensures pods can connect to each other by their names, as the network has DNS enabled.\n\n\nUpdate to version 4.2.0:\n\n* Features\n\n- Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines.\n- A new command has been added, podman pod clone, to create a copy of an existing pod. It supports several options, including --start to start the new pod, --destroy to remove the original pod, and --name to change the name of the new pod\n- A new command has been added, podman volume reload, to sync changes in state between Podman\u0027s database and any configured volume plugins\n- A new command has been added, podman machine info, which displays information about the host and the versions of various machine components.\n- Pods created by podman play kube can now be managed by systemd unit files. This can be done via a new systemd service, podman-kube@.service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the Kubernetes pod or deployment contained in my.yaml under systemd.\n- The podman play kube command now honors the RunAsUser, RunAsGroup, and SupplementalGroups setting from the Kubernetes pod\u0027s security context.\n- The podman play kube command now supports volumes with the BlockDevice and CharDevice types\n- The podman play kube command now features a new flag, --userns, to set the user namespace of created pods. Two values are allowed at present: host and auto\n- The podman play kube command now supports setting the type of created init containers via the io.podman.annotations.init.container.type annotation.\n- Pods now have include an exit policy (configurable via the --exit-policy option to podman pod create), which determines what will happen to the pod\u0027s infra container when the entire pod stops. The default, continue, acts as Podman currently does, while a new option, stop, stops the infra container after the last container in the pod stops, and is used by default for pods from podman play kube\n- The podman pod create command now allows the pod\u0027s name to be specified as an argument, instead of using the --name option - for example, podman pod create mypod instead of the prior podman pod create --name mypod. Please note that the --name option is not deprecated and will continue to work.\n- The podman pod create command\u0027s --share option now supports adding namespaces to the set by prefacing them with + (as opposed to specifying all namespaces that should be shared)\n- The podman pod create command has a new option, --shm-size, to specify the size of the /dev/shm mount that will be shared if the pod shares its UTS namespace (#14609).\n- The podman pod create command has a new option, --uts, to configure the UTS namespace that will be shared by containers in the pod.\n- The podman pod create command now supports setting pod-level resource limits via the --cpus, --cpuset-cpus, and --memory options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release!\n- The podman create and podman run commands now include the -c short option for the --cpu-shares option.\n- The podman create and podman run commands can now create containers from a manifest list (and not an image) as long as the --platform option is specified (#14773).\n- The podman build command now supports a new option, --cpp-flag, to specify options for the C preprocessor when using Containerfile.in files that require preprocessing.\n- The podman build command now supports a new option, --build-context, allowing the user to specify an additional build context.\n- The podman machine inspect command now prints the location of the VM\u0027s Podman API socket on the host (#14231).\n- The podman machine init command on Windows now fetches an image with packages pre-installed (#14698).\n- Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change (#14697).\n- The default for the --image-volume option to podman run and podman create can now have its default set through the image_volume_mode setting in containers.conf (#14230).\n- Overlay volumes now support two new options, workdir and upperdir, to allow multiple overlay volumes from different containers to reuse the same workdir or upperdir (#14427).\n- The podman volume create command now supports two new options, copy and nocopy, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up).\n- Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the --opt o=timeout= option to podman volume create (BZ 2080458).\n- The podman volume ls command\u0027s --filter name= option now supports regular expression matching for volume names (#14583).\n- When used with a podman machine VM, volumes now support specification of the 9p security model using the security_model option to podman create -v and podman run -v.\n- The remote Podman client\u0027s podman push command now supports the --remove-signatures option (#14558).\n- The remote Podman client now supports the podman image scp command.\n- The podman image scp command now supports tagging the transferred image with a new name.\n- The podman network ls command supports a new filter, --filter dangling=, to list networks not presently used by any containers (#14595).\n- The --condition option to podman wait can now be specified multiple times to wait on any one of multiple conditions.\n- The podman events command now includes the -f short option for the --filter option.\n- The podman pull command now includes the -a short option for the --all-tags option.\n- The podman stop command now includes a new flag, --filter, to filter which containers will be stopped (e.g. podman stop --all --filter label=COM.MY.APP).\n- The Podman global option --url now has two aliases: -H and --host.\n- The podman network create command now supports a new option with the default bridge driver, --opt isolate=, which isolates the network by blocking any traffic from it to any other network with the isolate option enabled. This option is enabled by default for networks created using the Docker-compatible API.\n- Added the ability to create sigstore signatures in podman push and podman manifest push.\n- Added an option to read image signing passphrase from a file.\n\n* Changes\n\n- Paused containers can now be killed with the podman kill command.\n- The podman system prune command now removes unused networks.\n- The --userns=keep-id and --userns=nomap options to the podman run and podman create commands are no longer allowed (instead of simply being ignored) with root Podman.\n- If the /run directory for a container is part of a volume, Podman will not create the /run/.containerenv file (#14577).\n- The podman machine stop command on macOS now waits for the machine to be completely stopped to exit (#14148).\n- All podman machine commands now only support being run as rootless, given that VMs only functioned when run rootless.\n- The podman unpause --all command will now only attempt to unpause containers that are paused, not all containers.\n- Init containers created with podman play kube now default to the once type (#14877).\n- Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested (#15048).\n- The podman create, podman run, and podman cp commands can now autocomplete paths in the image or container via the shell completion.\n- The libpod/common package has been removed as it\u0027s not used anywhere.\n- The --userns option to podman create and podman run is no longer accepted when an explicit UID or GID mapping is specified (#15233).\n\n\n* Misc\n\n- Podman will now check for nameservers in /run/NetworkManager/no-stub-resolv.conf if the /etc/resolv.conf file only contains a localhost server.\n- The podman build command now supports caching with builds that specify --squash-all by allowing the --layers flag to be used at the same time.\n- Podman Machine support for QEMU installations at non-default paths has been improved.\n- The podman machine ssh command no longer prints spurious warnings every time it is run.\n- When accessing the WSL prompt on Windows, the rootless user will be preferred.\n- The podman info command now includes a field for information on supported authentication plugins for improved Docker compatibility. Authentication plugins are not presently supported by Podman, so this field is always empty.\n- The podman system prune command now no longer prints the Deleted Images header if no images were pruned.\n- The podman system service command now automatically creates and moves to a sub-cgroup when running in the root cgroup (#14573).\n- Updated Buildah to v1.27.0 (fixes CVE-2022-21698 / bsc#1196338)\n- Updated the containers/image library to v5.22.0\n- Updated the containers/storage library to v1.42.0 (fixes bsc#1196751)\n- Updated the containers/common library to v0.49.1\n- Podman will automatically create a sub-cgroup and move itself into it when it detects that it is running inside a container (#14884).\n- Fixed an incorrect release note about regexp.\n- A new MacOS installer (via pkginstaller) is now supported.\n\nUpdate to version 4.1.1:\n\n* The output of the podman load command now mirrors that of docker load.\n* Podman now supports Docker Compose v2.2 and higher. Please note that it may be necessary to disable the use of Buildkit by setting the environment variable DOCKER_BUILDKIT=0.\n* A new container command has been added, podman container clone. This command makes a copy of an existing container, with the ability to change some settings (e.g. resource limits) while doing so.\n* Podman now supports sending JSON events related to machines to a Unix socket named machine_events.*\\.sock in XDG_RUNTIME_DIR/podman or to a socket whose path is set in the PODMAN_MACHINE_EVENTS_SOCK environment variable.\n* Two new volume commands have been added, podman volume mount and podman volume unmount. These allow for Podman-managed named volumes to be mounted and accessed from outside containers.\n* The podman container checkpoint and podman container restore options now support checkpointing to and restoring from OCI images. This allows checkpoints to be distributed via standard image registries.\n* The podman play kube command now supports environment variables that are specified using the fieldRef and resourceFieldRef sources.\n* The podman play kube command will now set default resource limits when the provided YAML does not include them.\n* The podman play kube command now supports a new option, --annotation, to add annotations to created containers.\n* The podman play kube --build command now supports a new option, --context-dir, which allows the user to specify the context directory to use when building the Containerfile.\n* The podman container commit command now supports a new option, --squash, which squashes the generated image into a single layer.\n* The podman pod logs command now supports two new options, --names, which identifies which container generated a log message by name, instead of ID and --color, which colors messages based on what container generated them.\n* The podman rmi command now supports a new option, --ignore, which will ignore errors caused by missing images.\n* The podman network create command now features a new option, --ipam-driver, to specify details about how IP addresses are assigned to containers in the network.\n* The podman machine list command now features a new option, --quiet, to print only the names of configured VMs and no other information.\n* The --ipc option to the podman create, podman run, and podman pod create commands now supports three new modes: none, private, and shareable. The default IPC mode is now shareable, indicating the the IPC namespace can be shared with other containers.\n* The --mount option to the podman create and podman run commands can now set options for created named volumes via the volume-opt parameter.\n* The --mount option to the podman create and podman run commands now allows parameters to be passed in CSV format.\n* The --userns option to the podman create and podman run commands now supports a new option, nomap, that (only for rootless containers) does not map the UID of the user that started the container into the container, increasing security.\n* The podman import command now supports three new options, --arch, --os, and --variant, to specify what system the imported image was built for.\n* The podman inspect command now includes information on the network configuration of containers that joined a pre-configured network namespace with the --net ns: option to podman run, podman create, and podman pod create.\n* The podman run and podman create commands now support a new option, --chrootdirs, which specifies additional locations where container-specific files managed by Podman (e.g. /etc/hosts, `/etc/resolv.conf, etc) will be mounted inside the container (#12961).\n* The podman run and podman create commands now support a new option, --passwd-entry, allowing entries to be added to the container\u0027s /etc/passwd file.\n* The podman images --format command now accepts two new format directives: {{.CreatedAt}} and {{.CreatedSince}}.\n* The podman volume create command\u0027s -o option now accepts a new argument, o=noquota, to disable XFS quotas entirely and avoid potential issues when Podman is run on an XFS filesystem with existing quotas defined.\n* The podman info command now includes additional information on the machine Podman is running on, including disk utilization on the drive Podman is storing containers and images on, and CPU utilization.\n* Fix CVE-2022-27191 / bsc#1197284\n\n- Require catatonit \u003e= 0.1.7 for pause functionality needed by pods\n\nUpdate to version 4.0.3:\n\n* Security\n\n - This release fixes CVE-2022-27649, where containers run by Podman would have excess inheritable capabilities set.\n\n* Changes\n\n - The podman machine rm --force command will now remove running machines as well (such machines are shut down first, then removed) (#13448).\n - When a podman machine VM is started that is using a too-old VM image, it will now start in a reduced functionality mode, and provide instructions on how to recreate it (previously, VMs were effectively unusable) (#13510).\n\n - Updated the containers/common library to v0.47.5\n\n- This release addresses CVE-2021-4024 / bsc#1193166, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777.\n- This release addresses CVE-2021-41190 / bsc#1193273, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients.\n\nUpdate to version 3.1.0: (bsc#1181961, CVE-2021-20206)\n\n- A fix for CVE-2021-20199 / bsc#1181640 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-326,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-326,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-326,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-326,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-326,SUSE-SUSE-MicroOS-5.1-2023-326,SUSE-SUSE-MicroOS-5.2-2023-326,SUSE-Storage-7.1-2023-326,openSUSE-Leap-Micro-5.2-2023-326",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_0326-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:0326-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230326-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:0326-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-February/013710.html"
},
{
"category": "self",
"summary": "SUSE Bug 1181640",
"url": "https://bugzilla.suse.com/1181640"
},
{
"category": "self",
"summary": "SUSE Bug 1181961",
"url": "https://bugzilla.suse.com/1181961"
},
{
"category": "self",
"summary": "SUSE Bug 1193166",
"url": "https://bugzilla.suse.com/1193166"
},
{
"category": "self",
"summary": "SUSE Bug 1193273",
"url": "https://bugzilla.suse.com/1193273"
},
{
"category": "self",
"summary": "SUSE Bug 1197672",
"url": "https://bugzilla.suse.com/1197672"
},
{
"category": "self",
"summary": "SUSE Bug 1199790",
"url": "https://bugzilla.suse.com/1199790"
},
{
"category": "self",
"summary": "SUSE Bug 1202809",
"url": "https://bugzilla.suse.com/1202809"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20199 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20199/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-20206 page",
"url": "https://www.suse.com/security/cve/CVE-2021-20206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-4024 page",
"url": "https://www.suse.com/security/cve/CVE-2021-4024/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-41190 page",
"url": "https://www.suse.com/security/cve/CVE-2021-41190/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-27649 page",
"url": "https://www.suse.com/security/cve/CVE-2022-27649/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2989 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2989/"
}
],
"title": "Security update for podman",
"tracking": {
"current_release_date": "2023-02-09T07:53:42Z",
"generator": {
"date": "2023-02-09T07:53:42Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:0326-1",
"initial_release_date": "2023-02-09T07:53:42Z",
"revision_history": [
{
"date": "2023-02-09T07:53:42Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "podman-4.3.1-150300.9.15.1.aarch64",
"product": {
"name": "podman-4.3.1-150300.9.15.1.aarch64",
"product_id": "podman-4.3.1-150300.9.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "podman-remote-4.3.1-150300.9.15.1.aarch64",
"product": {
"name": "podman-remote-4.3.1-150300.9.15.1.aarch64",
"product_id": "podman-remote-4.3.1-150300.9.15.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-4.3.1-150300.9.15.1.i586",
"product": {
"name": "podman-4.3.1-150300.9.15.1.i586",
"product_id": "podman-4.3.1-150300.9.15.1.i586"
}
},
{
"category": "product_version",
"name": "podman-remote-4.3.1-150300.9.15.1.i586",
"product": {
"name": "podman-remote-4.3.1-150300.9.15.1.i586",
"product_id": "podman-remote-4.3.1-150300.9.15.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-cni-config-4.3.1-150300.9.15.1.noarch",
"product": {
"name": "podman-cni-config-4.3.1-150300.9.15.1.noarch",
"product_id": "podman-cni-config-4.3.1-150300.9.15.1.noarch"
}
},
{
"category": "product_version",
"name": "podman-docker-4.3.1-150300.9.15.1.noarch",
"product": {
"name": "podman-docker-4.3.1-150300.9.15.1.noarch",
"product_id": "podman-docker-4.3.1-150300.9.15.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-4.3.1-150300.9.15.1.ppc64le",
"product": {
"name": "podman-4.3.1-150300.9.15.1.ppc64le",
"product_id": "podman-4.3.1-150300.9.15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "podman-remote-4.3.1-150300.9.15.1.ppc64le",
"product": {
"name": "podman-remote-4.3.1-150300.9.15.1.ppc64le",
"product_id": "podman-remote-4.3.1-150300.9.15.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-4.3.1-150300.9.15.1.s390x",
"product": {
"name": "podman-4.3.1-150300.9.15.1.s390x",
"product_id": "podman-4.3.1-150300.9.15.1.s390x"
}
},
{
"category": "product_version",
"name": "podman-remote-4.3.1-150300.9.15.1.s390x",
"product": {
"name": "podman-remote-4.3.1-150300.9.15.1.s390x",
"product_id": "podman-remote-4.3.1-150300.9.15.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-4.3.1-150300.9.15.1.x86_64",
"product": {
"name": "podman-4.3.1-150300.9.15.1.x86_64",
"product_id": "podman-4.3.1-150300.9.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "podman-remote-4.3.1-150300.9.15.1.x86_64",
"product": {
"name": "podman-remote-4.3.1-150300.9.15.1.x86_64",
"product_id": "podman-remote-4.3.1-150300.9.15.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap Micro 5.2",
"product": {
"name": "openSUSE Leap Micro 5.2",
"product_id": "openSUSE Leap Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap-micro:5.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.3.1-150300.9.15.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.aarch64"
},
"product_reference": "podman-4.3.1-150300.9.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.3.1-150300.9.15.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.x86_64"
},
"product_reference": "podman-4.3.1-150300.9.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-cni-config-4.3.1-150300.9.15.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-cni-config-4.3.1-150300.9.15.1.noarch"
},
"product_reference": "podman-cni-config-4.3.1-150300.9.15.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.3.1-150300.9.15.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64"
},
"product_reference": "podman-4.3.1-150300.9.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.3.1-150300.9.15.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64"
},
"product_reference": "podman-4.3.1-150300.9.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-cni-config-4.3.1-150300.9.15.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch"
},
"product_reference": "podman-cni-config-4.3.1-150300.9.15.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.3.1-150300.9.15.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64"
},
"product_reference": "podman-4.3.1-150300.9.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.3.1-150300.9.15.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.ppc64le"
},
"product_reference": "podman-4.3.1-150300.9.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.3.1-150300.9.15.1.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.s390x"
},
"product_reference": "podman-4.3.1-150300.9.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.3.1-150300.9.15.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64"
},
"product_reference": "podman-4.3.1-150300.9.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-cni-config-4.3.1-150300.9.15.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch"
},
"product_reference": "podman-cni-config-4.3.1-150300.9.15.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.3.1-150300.9.15.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.ppc64le"
},
"product_reference": "podman-4.3.1-150300.9.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.3.1-150300.9.15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.x86_64"
},
"product_reference": "podman-4.3.1-150300.9.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-cni-config-4.3.1-150300.9.15.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-cni-config-4.3.1-150300.9.15.1.noarch"
},
"product_reference": "podman-cni-config-4.3.1-150300.9.15.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.3.1-150300.9.15.1.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.aarch64"
},
"product_reference": "podman-4.3.1-150300.9.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.3.1-150300.9.15.1.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.s390x"
},
"product_reference": "podman-4.3.1-150300.9.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.3.1-150300.9.15.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.x86_64"
},
"product_reference": "podman-4.3.1-150300.9.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-cni-config-4.3.1-150300.9.15.1.noarch as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:podman-cni-config-4.3.1-150300.9.15.1.noarch"
},
"product_reference": "podman-cni-config-4.3.1-150300.9.15.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.3.1-150300.9.15.1.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64"
},
"product_reference": "podman-4.3.1-150300.9.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.3.1-150300.9.15.1.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.s390x"
},
"product_reference": "podman-4.3.1-150300.9.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.3.1-150300.9.15.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64"
},
"product_reference": "podman-4.3.1-150300.9.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-cni-config-4.3.1-150300.9.15.1.noarch as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch"
},
"product_reference": "podman-cni-config-4.3.1-150300.9.15.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.3.1-150300.9.15.1.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.aarch64"
},
"product_reference": "podman-4.3.1-150300.9.15.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.3.1-150300.9.15.1.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.x86_64"
},
"product_reference": "podman-4.3.1-150300.9.15.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-cni-config-4.3.1-150300.9.15.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:podman-cni-config-4.3.1-150300.9.15.1.noarch"
},
"product_reference": "podman-cni-config-4.3.1-150300.9.15.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.3.1-150300.9.15.1.aarch64 as component of openSUSE Leap Micro 5.2",
"product_id": "openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64"
},
"product_reference": "podman-4.3.1-150300.9.15.1.aarch64",
"relates_to_product_reference": "openSUSE Leap Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.3.1-150300.9.15.1.x86_64 as component of openSUSE Leap Micro 5.2",
"product_id": "openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64"
},
"product_reference": "podman-4.3.1-150300.9.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-cni-config-4.3.1-150300.9.15.1.noarch as component of openSUSE Leap Micro 5.2",
"product_id": "openSUSE Leap Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch"
},
"product_reference": "podman-cni-config-4.3.1-150300.9.15.1.noarch",
"relates_to_product_reference": "openSUSE Leap Micro 5.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-20199",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20199"
}
],
"notes": [
{
"category": "general",
"text": "Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Enterprise Storage 7.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"openSUSE Leap Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20199",
"url": "https://www.suse.com/security/cve/CVE-2021-20199"
},
{
"category": "external",
"summary": "SUSE Bug 1181640 for CVE-2021-20199",
"url": "https://bugzilla.suse.com/1181640"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Enterprise Storage 7.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"openSUSE Leap Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Enterprise Storage 7.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"openSUSE Leap Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-02-09T07:53:42Z",
"details": "low"
}
],
"title": "CVE-2021-20199"
},
{
"cve": "CVE-2021-20206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-20206"
}
],
"notes": [
{
"category": "general",
"text": "An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the \u0027type\u0027 field in the network configuration, it is possible to use special elements such as \"../\" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as \u0027reboot\u0027. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Enterprise Storage 7.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"openSUSE Leap Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-20206",
"url": "https://www.suse.com/security/cve/CVE-2021-20206"
},
{
"category": "external",
"summary": "SUSE Bug 1181961 for CVE-2021-20206",
"url": "https://bugzilla.suse.com/1181961"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Enterprise Storage 7.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"openSUSE Leap Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Enterprise Storage 7.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"openSUSE Leap Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-02-09T07:53:42Z",
"details": "important"
}
],
"title": "CVE-2021-20206"
},
{
"cve": "CVE-2021-4024",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-4024"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host\u0027s firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host\u0027s services by forwarding all ports to the VM.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Enterprise Storage 7.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"openSUSE Leap Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-4024",
"url": "https://www.suse.com/security/cve/CVE-2021-4024"
},
{
"category": "external",
"summary": "SUSE Bug 1193166 for CVE-2021-4024",
"url": "https://bugzilla.suse.com/1193166"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Enterprise Storage 7.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"openSUSE Leap Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Enterprise Storage 7.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"openSUSE Leap Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-02-09T07:53:42Z",
"details": "moderate"
}
],
"title": "CVE-2021-4024"
},
{
"cve": "CVE-2021-41190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-41190"
}
],
"notes": [
{
"category": "general",
"text": "The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both \"manifests\" and \"layers\" fields could be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a client may interpret the resulting content differently. The OCI Distribution Specification has been updated to require that a mediaType value present in a manifest or index match the Content-Type header used during the push and pull operations. Clients pulling from a registry may distrust the Content-Type header and reject an ambiguous document that contains both \"manifests\" and \"layers\" fields or \"manifests\" and \"config\" fields if they are unable to update to version 1.0.1 of the spec.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Enterprise Storage 7.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"openSUSE Leap Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-41190",
"url": "https://www.suse.com/security/cve/CVE-2021-41190"
},
{
"category": "external",
"summary": "SUSE Bug 1193273 for CVE-2021-41190",
"url": "https://bugzilla.suse.com/1193273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Enterprise Storage 7.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"openSUSE Leap Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Enterprise Storage 7.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"openSUSE Leap Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-02-09T07:53:42Z",
"details": "moderate"
}
],
"title": "CVE-2021-41190"
},
{
"cve": "CVE-2022-27649",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-27649"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Enterprise Storage 7.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"openSUSE Leap Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-27649",
"url": "https://www.suse.com/security/cve/CVE-2022-27649"
},
{
"category": "external",
"summary": "SUSE Bug 1197909 for CVE-2022-27649",
"url": "https://bugzilla.suse.com/1197909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Enterprise Storage 7.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"openSUSE Leap Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Enterprise Storage 7.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"openSUSE Leap Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-02-09T07:53:42Z",
"details": "moderate"
}
],
"title": "CVE-2022-27649"
},
{
"cve": "CVE-2022-2989",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2989"
}
],
"notes": [
{
"category": "general",
"text": "An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Enterprise Storage 7.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"openSUSE Leap Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2989",
"url": "https://www.suse.com/security/cve/CVE-2022-2989"
},
{
"category": "external",
"summary": "SUSE Bug 1202809 for CVE-2022-2989",
"url": "https://bugzilla.suse.com/1202809"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Enterprise Storage 7.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"openSUSE Leap Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Enterprise Storage 7.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Enterprise Storage 7.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.3.1-150300.9.15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-cni-config-4.3.1-150300.9.15.1.noarch",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.aarch64",
"openSUSE Leap Micro 5.2:podman-4.3.1-150300.9.15.1.x86_64",
"openSUSE Leap Micro 5.2:podman-cni-config-4.3.1-150300.9.15.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-02-09T07:53:42Z",
"details": "moderate"
}
],
"title": "CVE-2022-2989"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…