Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-47913 (GCVE-0-2025-47913)
Vulnerability from cvelistv5 – Published: 2025-11-13 21:29 – Updated: 2025-12-16 16:43
VLAI
EPSS
Title
Potential denial of service in golang.org/x/crypto/ssh/agent
Summary
SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-703 - Improper Handling of Exceptional Conditions
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| golang.org/x/crypto | golang.org/x/crypto/ssh/agent |
Affected:
0 , < 0.43.0
(semver)
|
Credits
Jakub Ciolek
Nicola Murino
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-47913",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T21:47:44.206349Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T21:47:50.864Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "golang.org/x/crypto/ssh/agent",
"product": "golang.org/x/crypto/ssh/agent",
"programRoutines": [
{
"name": "client.SignWithFlags"
},
{
"name": "client.List"
},
{
"name": "agentKeyringSigner.Sign"
},
{
"name": "agentKeyringSigner.SignWithAlgorithm"
},
{
"name": "client.Sign"
},
{
"name": "client.Signers"
}
],
"vendor": "golang.org/x/crypto",
"versions": [
{
"lessThan": "0.43.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jakub Ciolek"
},
{
"lang": "en",
"value": "Nicola Murino"
}
],
"descriptions": [
{
"lang": "en",
"value": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-703: Improper Handling of Exceptional Conditions",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T16:43:43.633Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/700295"
},
{
"url": "https://go.dev/issue/75178"
},
{
"url": "https://github.com/advisories/GHSA-56w8-48fp-6mgv"
},
{
"url": "https://pkg.go.dev/vuln/GO-2025-4116"
}
],
"title": "Potential denial of service in golang.org/x/crypto/ssh/agent"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2025-47913",
"datePublished": "2025-11-13T21:29:39.907Z",
"dateReserved": "2025-05-13T23:31:29.597Z",
"dateUpdated": "2025-12-16T16:43:43.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-47913",
"date": "2026-06-05",
"epss": "0.00018",
"percentile": "0.05027"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-47913\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2025-11-13T22:15:51.280\",\"lastModified\":\"2026-01-09T15:32:12.113\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-617\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:go:ssh:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"0.43.0\",\"matchCriteriaId\":\"8CC7C462-0240-4D4B-B289-18AFF9D2BBF5\"}]}]}],\"references\":[{\"url\":\"https://github.com/advisories/GHSA-56w8-48fp-6mgv\",\"source\":\"security@golang.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://go.dev/cl/700295\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/75178\",\"source\":\"security@golang.org\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2025-4116\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-47913\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-11-13T21:47:44.206349Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-11-13T21:47:40.788Z\"}}], \"cna\": {\"title\": \"Potential denial of service in golang.org/x/crypto/ssh/agent\", \"credits\": [{\"lang\": \"en\", \"value\": \"Jakub Ciolek\"}, {\"lang\": \"en\", \"value\": \"Nicola Murino\"}], \"affected\": [{\"vendor\": \"golang.org/x/crypto\", \"product\": \"golang.org/x/crypto/ssh/agent\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"0.43.0\", \"versionType\": \"semver\"}], \"packageName\": \"golang.org/x/crypto/ssh/agent\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"client.SignWithFlags\"}, {\"name\": \"client.List\"}, {\"name\": \"agentKeyringSigner.Sign\"}, {\"name\": \"agentKeyringSigner.SignWithAlgorithm\"}, {\"name\": \"client.Sign\"}, {\"name\": \"client.Signers\"}]}], \"references\": [{\"url\": \"https://go.dev/cl/700295\"}, {\"url\": \"https://go.dev/issue/75178\"}, {\"url\": \"https://github.com/advisories/GHSA-56w8-48fp-6mgv\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2025-4116\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-703: Improper Handling of Exceptional Conditions\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2025-12-16T16:43:43.633Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-47913\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-16T16:43:43.633Z\", \"dateReserved\": \"2025-05-13T23:31:29.597Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2025-11-13T21:29:39.907Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2026:20089-1
Vulnerability from csaf_suse - Published: 2026-01-15 17:57 - Updated: 2026-01-15 17:57Summary
Security update for alloy
Severity
Important
Notes
Title of the patch: Security update for alloy
Description of the patch: This update for alloy fixes the following issues:
Upgrade to version 1.12.1.
Security issues fixed:
- CVE-2025-47911: golang.org/x/net/html: quadratic complexity algorithms used when parsing untrusted HTML documents
(bsc#1251509).
- CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially
crafted input (bsc#1251716).
- CVE-2025-47913: golang.org/x/crypto: early client process termination when receiving an unexpected message type in
response to a key listing or signing request (bsc#1253609).
Other updates and bugfixes:
- Version 1.12.1:
* Bugfixes
- update to Beyla 2.7.10.
- Version 1.12.0:
* Breaking changes
- `prometheus.exporter.blackbox`, `prometheus.exporter.snmp` and `prometheus.exporter.statsd` now use the component
ID instead of the hostname as their instance label in their exported metrics.
* Features
- (Experimental) Add an `otelcol.receiver.cloudflare` component to receive logs pushed by Cloudflare's LogPush
jobs.
- (Experimental) Additions to experimental `database_observability.mysql` component:
- `explain_plans`
- collector now changes schema before returning the connection to the pool.
- collector now passes queries more permissively.
- enable `explain_plans` collector by default
- (Experimental) Additions to experimental `database_observability.postgres` component:
- `explain_plans`
- added the explain plan collector.
- collector now passes queries more permissively.
- `query_samples`
- add user field to wait events within `query_samples` collector.
- rework the query samples collector to buffer per-query execution state across scrapes and emit finalized
entries.
- process turned idle rows to calculate finalization times precisely and emit first seen idle rows.
- `query_details`
- escape queries coming from `pg_stat_statements` with quotes.
- enable `explain_plans` collector by default.
- safely generate `server_id` when UDP socket used for database connection.
- add table registry and include "validated" in parsed table name logs.
- Add `otelcol.exporter.googlecloudpubsub` community component to export metrics, traces, and logs to Google Cloud
Pub/Sub topic.
- Add `structured_metadata_drop` stage for `loki.process` to filter structured metadata.
- Send remote config status to the remote server for the `remotecfg` service.
- Send effective config to the remote server for the `remotecfg` service.
- Add a `stat_statements` configuration block to the `prometheus.exporter.postgres` component to enable selecting
both the query ID and the full SQL statement. The new block includes one option to enable statement selection,
and another to configure the maximum length of the statement text.
- Add truncate stage for `loki.process` to truncate log entries, label values, and `structured_metadata` values.
- Add `u_probe_links` & `load_probe` configuration fields to alloy `pyroscope.ebpf` to extend configuration of
the `opentelemetry-ebpf-profiler` to allow uprobe profiling and dynamic probing.
- Add `verbose_mode` configuration fields to `alloy pyroscope.ebpf` to be enable `ebpf-profiler` verbose mode.
- Add `file_match` block to `loki.source.file` for built-in file discovery using glob patterns.
- Add a regex argument to the `structured_metadata` stage in `loki.process` to extract labels matching a regular
expression.
- OpenTelemetry Collector dependencies upgraded from v0.134.0 to v0.139.0.
- See the upstream
[core](https://github.com/open-telemetry/opentelemetry-collector/blob/v0.139.0/CHANGELOG.md)
and
[contrib](https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/v0.139.0/CHANGELOG.md)
changelogs for more details.
- A new `mimir.alerts.kubernetes` component which discovers AlertmanagerConfig Kubernetes resources and loads them
into a Mimir instance.
- Mark `stage.windowsevent` block in the `loki.process` component as GA.
* Enhancements
- Add per-application rate limiting with the strategy attribute in the `faro.receiver` component, to prevent one
application from consuming the rate limit quota of others.
- Add support of tls in components `loki.source.(awsfirehose|gcplog|heroku|api)` and `prometheus.receive_http` and
`pyroscope.receive_http`.
- Remove `SendSIGKILL=no` from unit files and recommendations.
- Reduce memory overhead of `prometheus.remote_write`'s WAL by lowering the size of the allocated series storage.
- Reduce lock wait/contention on the `labelstore.LabelStore` by removing unecessary usage from
`prometheus.relabel`.
- `prometheus.exporter.postgres` dependency has been updated to v0.18.1.
- Update Beyla component to 2.7.8.
- Support delimiters in `stage.luhn`.
- `pyroscope.java`: update `async-profiler` to 4.2.
- `prometheus.exporter.unix`: Add an arp config block to configure the ARP collector.
- `prometheus.exporter.snowflake` dependency has been updated to 20251016132346-6d442402afb2.
- `loki.source.podlogs` now supports `preserve_discovered_labels` parameter to preserve discovered pod metadata
labels for use by downstream components.
- Rework underlying framework of Alloy UI to use Vite instead of Create React App.
- Use POST requests for remote config requests to avoid hitting http2 header limits.
- `loki.source.api` during component shutdown will now reject all the inflight requests with status code 503 after
`graceful_shutdown_timeout` has expired.
- `kubernetes.discovery`: Add support for attaching namespace metadata.
- Add `meta_cache_address` to `beyla.ebpf` component.
* Bugfixes
- Stop `loki.source.kubernetes` discarding log lines with duplicate timestamps.
- Fix direction of arrows for pyroscope components in UI graph.
- Only log EOF errors for syslog port investigations in `loki.source.syslog` as Debug, not Warn.
- Fix `prometheus.exporter.process` ignoring the `remove_empty_groups` argument.
- Fix issues with "unknown series ref when trying to add exemplar" from `prometheus.remote_write` by allowing
series ref links to be updated if they change.
- Fix `loki.source.podlogs` component to register the Kubernetes field index for `spec.nodeName` when node
filtering is enabled, preventing "Index with name `field:spec.nodeName` does not exist" errors.
- Fix issue in `loki.source.file` where scheduling files could take too long.
- Fix `loki.write` no longer includes internal labels __.
- Fix missing native histograms custom buckets (NHCB) samples from `prometheus.remote_write`.
- `otelcol.receiver.prometheus` now supports mixed histograms if `prometheus.scrape` has `honor_metadata` set to
true.
- `loki.source.file` has better support for non-UTF-8 encoded files.
- Fix the `loki.write` endpoint block's `enable_http2` attribute to actually affect the client.
- Optionally remove trailing newlines before appending entries in `stage.multiline`.
- `loki.source.api` no longer drops request when relabel rules drops a specific stream.
Patchnames: SUSE-SLES-16.0-149
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for alloy",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for alloy fixes the following issues:\n\nUpgrade to version 1.12.1.\n\n\nSecurity issues fixed:\n\n- CVE-2025-47911: golang.org/x/net/html: quadratic complexity algorithms used when parsing untrusted HTML documents\n (bsc#1251509).\n- CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially\n crafted input (bsc#1251716).\n- CVE-2025-47913: golang.org/x/crypto: early client process termination when receiving an unexpected message type in\n response to a key listing or signing request (bsc#1253609).\n\nOther updates and bugfixes:\n\n- Version 1.12.1:\n * Bugfixes\n - update to Beyla 2.7.10.\n\n- Version 1.12.0:\n * Breaking changes\n - `prometheus.exporter.blackbox`, `prometheus.exporter.snmp` and `prometheus.exporter.statsd` now use the component\n ID instead of the hostname as their instance label in their exported metrics.\n * Features\n - (Experimental) Add an `otelcol.receiver.cloudflare` component to receive logs pushed by Cloudflare\u0027s LogPush\n jobs.\n - (Experimental) Additions to experimental `database_observability.mysql` component:\n - `explain_plans`\n - collector now changes schema before returning the connection to the pool.\n - collector now passes queries more permissively.\n - enable `explain_plans` collector by default\n - (Experimental) Additions to experimental `database_observability.postgres` component:\n - `explain_plans`\n - added the explain plan collector.\n - collector now passes queries more permissively.\n - `query_samples`\n - add user field to wait events within `query_samples` collector.\n - rework the query samples collector to buffer per-query execution state across scrapes and emit finalized\n entries.\n - process turned idle rows to calculate finalization times precisely and emit first seen idle rows.\n - `query_details`\n - escape queries coming from `pg_stat_statements` with quotes.\n - enable `explain_plans` collector by default.\n - safely generate `server_id` when UDP socket used for database connection.\n - add table registry and include \"validated\" in parsed table name logs.\n - Add `otelcol.exporter.googlecloudpubsub` community component to export metrics, traces, and logs to Google Cloud\n Pub/Sub topic.\n - Add `structured_metadata_drop` stage for `loki.process` to filter structured metadata.\n - Send remote config status to the remote server for the `remotecfg` service.\n - Send effective config to the remote server for the `remotecfg` service.\n - Add a `stat_statements` configuration block to the `prometheus.exporter.postgres` component to enable selecting\n both the query ID and the full SQL statement. The new block includes one option to enable statement selection,\n and another to configure the maximum length of the statement text.\n - Add truncate stage for `loki.process` to truncate log entries, label values, and `structured_metadata` values.\n - Add `u_probe_links` \u0026 `load_probe` configuration fields to alloy `pyroscope.ebpf` to extend configuration of\n the `opentelemetry-ebpf-profiler` to allow uprobe profiling and dynamic probing.\n - Add `verbose_mode` configuration fields to `alloy pyroscope.ebpf` to be enable `ebpf-profiler` verbose mode.\n - Add `file_match` block to `loki.source.file` for built-in file discovery using glob patterns.\n - Add a regex argument to the `structured_metadata` stage in `loki.process` to extract labels matching a regular\n expression.\n - OpenTelemetry Collector dependencies upgraded from v0.134.0 to v0.139.0.\n - See the upstream\n [core](https://github.com/open-telemetry/opentelemetry-collector/blob/v0.139.0/CHANGELOG.md)\n and\n [contrib](https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/v0.139.0/CHANGELOG.md)\n changelogs for more details.\n - A new `mimir.alerts.kubernetes` component which discovers AlertmanagerConfig Kubernetes resources and loads them\n into a Mimir instance.\n - Mark `stage.windowsevent` block in the `loki.process` component as GA.\n * Enhancements\n - Add per-application rate limiting with the strategy attribute in the `faro.receiver` component, to prevent one\n application from consuming the rate limit quota of others.\n - Add support of tls in components `loki.source.(awsfirehose|gcplog|heroku|api)` and `prometheus.receive_http` and\n `pyroscope.receive_http`.\n - Remove `SendSIGKILL=no` from unit files and recommendations.\n - Reduce memory overhead of `prometheus.remote_write`\u0027s WAL by lowering the size of the allocated series storage.\n - Reduce lock wait/contention on the `labelstore.LabelStore` by removing unecessary usage from\n `prometheus.relabel`.\n - `prometheus.exporter.postgres` dependency has been updated to v0.18.1.\n - Update Beyla component to 2.7.8.\n - Support delimiters in `stage.luhn`.\n - `pyroscope.java`: update `async-profiler` to 4.2.\n - `prometheus.exporter.unix`: Add an arp config block to configure the ARP collector.\n - `prometheus.exporter.snowflake` dependency has been updated to 20251016132346-6d442402afb2.\n - `loki.source.podlogs` now supports `preserve_discovered_labels` parameter to preserve discovered pod metadata\n labels for use by downstream components.\n - Rework underlying framework of Alloy UI to use Vite instead of Create React App.\n - Use POST requests for remote config requests to avoid hitting http2 header limits.\n - `loki.source.api` during component shutdown will now reject all the inflight requests with status code 503 after\n `graceful_shutdown_timeout` has expired.\n - `kubernetes.discovery`: Add support for attaching namespace metadata.\n - Add `meta_cache_address` to `beyla.ebpf` component.\n * Bugfixes\n - Stop `loki.source.kubernetes` discarding log lines with duplicate timestamps.\n - Fix direction of arrows for pyroscope components in UI graph.\n - Only log EOF errors for syslog port investigations in `loki.source.syslog` as Debug, not Warn.\n - Fix `prometheus.exporter.process` ignoring the `remove_empty_groups` argument.\n - Fix issues with \"unknown series ref when trying to add exemplar\" from `prometheus.remote_write` by allowing\n series ref links to be updated if they change.\n - Fix `loki.source.podlogs` component to register the Kubernetes field index for `spec.nodeName` when node\n filtering is enabled, preventing \"Index with name `field:spec.nodeName` does not exist\" errors.\n - Fix issue in `loki.source.file` where scheduling files could take too long.\n - Fix `loki.write` no longer includes internal labels __.\n - Fix missing native histograms custom buckets (NHCB) samples from `prometheus.remote_write`.\n - `otelcol.receiver.prometheus` now supports mixed histograms if `prometheus.scrape` has `honor_metadata` set to\n true.\n - `loki.source.file` has better support for non-UTF-8 encoded files.\n - Fix the `loki.write` endpoint block\u0027s `enable_http2` attribute to actually affect the client.\n - Optionally remove trailing newlines before appending entries in `stage.multiline`.\n - `loki.source.api` no longer drops request when relabel rules drops a specific stream.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-149",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20089-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20089-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620089-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20089-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023811.html"
},
{
"category": "self",
"summary": "SUSE Bug 1251509",
"url": "https://bugzilla.suse.com/1251509"
},
{
"category": "self",
"summary": "SUSE Bug 1251716",
"url": "https://bugzilla.suse.com/1251716"
},
{
"category": "self",
"summary": "SUSE Bug 1253609",
"url": "https://bugzilla.suse.com/1253609"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58190 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58190/"
}
],
"title": "Security update for alloy",
"tracking": {
"current_release_date": "2026-01-15T17:57:53Z",
"generator": {
"date": "2026-01-15T17:57:53Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20089-1",
"initial_release_date": "2026-01-15T17:57:53Z",
"revision_history": [
{
"date": "2026-01-15T17:57:53Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "alloy-1.12.1-160000.1.1.aarch64",
"product": {
"name": "alloy-1.12.1-160000.1.1.aarch64",
"product_id": "alloy-1.12.1-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "alloy-1.12.1-160000.1.1.ppc64le",
"product": {
"name": "alloy-1.12.1-160000.1.1.ppc64le",
"product_id": "alloy-1.12.1-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "alloy-1.12.1-160000.1.1.s390x",
"product": {
"name": "alloy-1.12.1-160000.1.1.s390x",
"product_id": "alloy-1.12.1-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "alloy-1.12.1-160000.1.1.x86_64",
"product": {
"name": "alloy-1.12.1-160000.1.1.x86_64",
"product_id": "alloy-1.12.1-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.12.1-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.aarch64"
},
"product_reference": "alloy-1.12.1-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.12.1-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.ppc64le"
},
"product_reference": "alloy-1.12.1-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.12.1-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.s390x"
},
"product_reference": "alloy-1.12.1-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.12.1-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.x86_64"
},
"product_reference": "alloy-1.12.1-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.12.1-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.aarch64"
},
"product_reference": "alloy-1.12.1-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.12.1-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.ppc64le"
},
"product_reference": "alloy-1.12.1-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.12.1-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.s390x"
},
"product_reference": "alloy-1.12.1-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.12.1-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.x86_64"
},
"product_reference": "alloy-1.12.1-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47911"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47911",
"url": "https://www.suse.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "SUSE Bug 1251308 for CVE-2025-47911",
"url": "https://bugzilla.suse.com/1251308"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-15T17:57:53Z",
"details": "moderate"
}
],
"title": "CVE-2025-47911"
},
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-15T17:57:53Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2025-58190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58190"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58190",
"url": "https://www.suse.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "SUSE Bug 1251309 for CVE-2025-58190",
"url": "https://bugzilla.suse.com/1251309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.1-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.1-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-15T17:57:53Z",
"details": "moderate"
}
],
"title": "CVE-2025-58190"
}
]
}
SUSE-SU-2026:20123-1
Vulnerability from csaf_suse - Published: 2026-01-22 13:01 - Updated: 2026-01-22 13:01Summary
Security update for buildah
Severity
Important
Notes
Title of the patch: Security update for buildah
Description of the patch: This update for buildah fixes the following issues:
- CVE-2025-47914: golang.org/x/crypto/ssh/agent: Fixed non validated message size causing a panic due to an out
of bounds read (bsc#1254054)
- CVE-2025-47913: golang.org/x/crypto/ssh/agent: Fixed client process termination when receiving an unexpected
message type in response to a key listing or signing request (bsc#1253598)
- CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Fixed container breakouts by bypassing runc's restrictions for writing to arbitrary /proc
files (bsc#1253096)
Other fixes:
- Updated to version 1.39.5.
Patchnames: SUSE-SLES-16.0-169
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
25 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for buildah",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for buildah fixes the following issues:\n\n- CVE-2025-47914: golang.org/x/crypto/ssh/agent: Fixed non validated message size causing a panic due to an out\n of bounds read (bsc#1254054)\n- CVE-2025-47913: golang.org/x/crypto/ssh/agent: Fixed client process termination when receiving an unexpected\n message type in response to a key listing or signing request (bsc#1253598)\n- CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Fixed container breakouts by bypassing runc\u0027s restrictions for writing to arbitrary /proc\n files (bsc#1253096)\n\nOther fixes:\n\n- Updated to version 1.39.5.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-169",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20123-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20123-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620123-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20123-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-January/043749.html"
},
{
"category": "self",
"summary": "SUSE Bug 1253096",
"url": "https://bugzilla.suse.com/1253096"
},
{
"category": "self",
"summary": "SUSE Bug 1253598",
"url": "https://bugzilla.suse.com/1253598"
},
{
"category": "self",
"summary": "SUSE Bug 1254054",
"url": "https://bugzilla.suse.com/1254054"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31133 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52565 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52565/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52881/"
}
],
"title": "Security update for buildah",
"tracking": {
"current_release_date": "2026-01-22T13:01:23Z",
"generator": {
"date": "2026-01-22T13:01:23Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20123-1",
"initial_release_date": "2026-01-22T13:01:23Z",
"revision_history": [
{
"date": "2026-01-22T13:01:23Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.39.5-160000.1.1.aarch64",
"product": {
"name": "buildah-1.39.5-160000.1.1.aarch64",
"product_id": "buildah-1.39.5-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.39.5-160000.1.1.ppc64le",
"product": {
"name": "buildah-1.39.5-160000.1.1.ppc64le",
"product_id": "buildah-1.39.5-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.39.5-160000.1.1.s390x",
"product": {
"name": "buildah-1.39.5-160000.1.1.s390x",
"product_id": "buildah-1.39.5-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.39.5-160000.1.1.x86_64",
"product": {
"name": "buildah-1.39.5-160000.1.1.x86_64",
"product_id": "buildah-1.39.5-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.39.5-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64"
},
"product_reference": "buildah-1.39.5-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.39.5-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le"
},
"product_reference": "buildah-1.39.5-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.39.5-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x"
},
"product_reference": "buildah-1.39.5-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.39.5-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64"
},
"product_reference": "buildah-1.39.5-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.39.5-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64"
},
"product_reference": "buildah-1.39.5-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.39.5-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le"
},
"product_reference": "buildah-1.39.5-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.39.5-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x"
},
"product_reference": "buildah-1.39.5-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.39.5-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
},
"product_reference": "buildah-1.39.5-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31133"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container\u0027s /dev/null) was actually a real /dev/null inode when using the container\u0027s /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31133",
"url": "https://www.suse.com/security/cve/CVE-2025-31133"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T13:01:23Z",
"details": "important"
}
],
"title": "CVE-2025-31133"
},
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T13:01:23Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2025-47914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47914"
}
],
"notes": [
{
"category": "general",
"text": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47914",
"url": "https://www.suse.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "SUSE Bug 1253967 for CVE-2025-47914",
"url": "https://bugzilla.suse.com/1253967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T13:01:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-47914"
},
{
"cve": "CVE-2025-52565",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52565"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52565",
"url": "https://www.suse.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T13:01:23Z",
"details": "important"
}
],
"title": "CVE-2025-52565"
},
{
"cve": "CVE-2025-52881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52881"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52881",
"url": "https://www.suse.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T13:01:23Z",
"details": "important"
}
],
"title": "CVE-2025-52881"
}
]
}
SUSE-SU-2026:20176-1
Vulnerability from csaf_suse - Published: 2026-01-29 15:32 - Updated: 2026-01-29 15:32Summary
Security update for elemental-register, elemental-toolkit
Severity
Important
Notes
Title of the patch: Security update for elemental-register, elemental-toolkit
Description of the patch: This update for elemental-register, elemental-toolkit fixes the following issues:
elemental-register was updated to 1.8.1:
Changes on top of v1.8.1:
* Update headers to 2026
* Update questions to include SL Micro 6.2
Update to v1.8.1:
* Install yip config files in before-install step
* Bump github.com/rancher-sandbox/go-tpm and its dependencies
This includes few CVE fixes:
* bsc#1241826 (CVE-2025-22872)
* bsc#1241857 (CVE-2025-22872)
* bsc#1251511 (CVE-2025-47911)
* bsc#1251679 (CVE-2025-58190)
elemental-toolkit was updated to v2.3.2:
* Bump golang.org/x/crypto library
This includes few CVE fixes:
* bsc#1241826 (CVE-2025-22872)
* bsc#1241857 (CVE-2025-22872)
* bsc#1251511 (CVE-2025-47911)
* bsc#1251679 (CVE-2025-58190)
* bsc#1253581 (CVE-2025-47913)
* bsc#1253901 (CVE-2025-58181)
* bsc#1254079 (CVE-2025-47914)
Patchnames: SUSE-SL-Micro-6.2-217
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for elemental-register, elemental-toolkit",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for elemental-register, elemental-toolkit fixes the following issues:\n\nelemental-register was updated to 1.8.1:\n\nChanges on top of v1.8.1:\n\n * Update headers to 2026\n * Update questions to include SL Micro 6.2\n\nUpdate to v1.8.1:\n\n * Install yip config files in before-install step\n * Bump github.com/rancher-sandbox/go-tpm and its dependencies\n This includes few CVE fixes:\n * bsc#1241826 (CVE-2025-22872)\n * bsc#1241857 (CVE-2025-22872)\n * bsc#1251511 (CVE-2025-47911)\n * bsc#1251679 (CVE-2025-58190)\n\nelemental-toolkit was updated to v2.3.2:\n\n * Bump golang.org/x/crypto library\n This includes few CVE fixes:\n * bsc#1241826 (CVE-2025-22872)\n * bsc#1241857 (CVE-2025-22872)\n * bsc#1251511 (CVE-2025-47911)\n * bsc#1251679 (CVE-2025-58190)\n * bsc#1253581 (CVE-2025-47913)\n * bsc#1253901 (CVE-2025-58181)\n * bsc#1254079 (CVE-2025-47914)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SL-Micro-6.2-217",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20176-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20176-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620176-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20176-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024007.html"
},
{
"category": "self",
"summary": "SUSE Bug 1241826",
"url": "https://bugzilla.suse.com/1241826"
},
{
"category": "self",
"summary": "SUSE Bug 1241857",
"url": "https://bugzilla.suse.com/1241857"
},
{
"category": "self",
"summary": "SUSE Bug 1251511",
"url": "https://bugzilla.suse.com/1251511"
},
{
"category": "self",
"summary": "SUSE Bug 1251679",
"url": "https://bugzilla.suse.com/1251679"
},
{
"category": "self",
"summary": "SUSE Bug 1253581",
"url": "https://bugzilla.suse.com/1253581"
},
{
"category": "self",
"summary": "SUSE Bug 1253901",
"url": "https://bugzilla.suse.com/1253901"
},
{
"category": "self",
"summary": "SUSE Bug 1254079",
"url": "https://bugzilla.suse.com/1254079"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22872 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58190 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58190/"
}
],
"title": "Security update for elemental-register, elemental-toolkit",
"tracking": {
"current_release_date": "2026-01-29T15:32:26Z",
"generator": {
"date": "2026-01-29T15:32:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20176-1",
"initial_release_date": "2026-01-29T15:32:26Z",
"revision_history": [
{
"date": "2026-01-29T15:32:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "elemental-register-1.8.1-160000.1.1.aarch64",
"product": {
"name": "elemental-register-1.8.1-160000.1.1.aarch64",
"product_id": "elemental-register-1.8.1-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "elemental-support-1.8.1-160000.1.1.aarch64",
"product": {
"name": "elemental-support-1.8.1-160000.1.1.aarch64",
"product_id": "elemental-support-1.8.1-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "elemental-toolkit-2.3.2-160000.1.1.aarch64",
"product": {
"name": "elemental-toolkit-2.3.2-160000.1.1.aarch64",
"product_id": "elemental-toolkit-2.3.2-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "elemental-register-1.8.1-160000.1.1.x86_64",
"product": {
"name": "elemental-register-1.8.1-160000.1.1.x86_64",
"product_id": "elemental-register-1.8.1-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "elemental-support-1.8.1-160000.1.1.x86_64",
"product": {
"name": "elemental-support-1.8.1-160000.1.1.x86_64",
"product_id": "elemental-support-1.8.1-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "elemental-toolkit-2.3.2-160000.1.1.x86_64",
"product": {
"name": "elemental-toolkit-2.3.2-160000.1.1.x86_64",
"product_id": "elemental-toolkit-2.3.2-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.2",
"product": {
"name": "SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:transactional"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-register-1.8.1-160000.1.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64"
},
"product_reference": "elemental-register-1.8.1-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-register-1.8.1-160000.1.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64"
},
"product_reference": "elemental-register-1.8.1-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-support-1.8.1-160000.1.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64"
},
"product_reference": "elemental-support-1.8.1-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-support-1.8.1-160000.1.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64"
},
"product_reference": "elemental-support-1.8.1-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-toolkit-2.3.2-160000.1.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64"
},
"product_reference": "elemental-toolkit-2.3.2-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-toolkit-2.3.2-160000.1.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
},
"product_reference": "elemental-toolkit-2.3.2-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22872"
}
],
"notes": [
{
"category": "general",
"text": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22872",
"url": "https://www.suse.com/security/cve/CVE-2025-22872"
},
{
"category": "external",
"summary": "SUSE Bug 1241710 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1241710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-29T15:32:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-22872"
},
{
"cve": "CVE-2025-47911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47911"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47911",
"url": "https://www.suse.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "SUSE Bug 1251308 for CVE-2025-47911",
"url": "https://bugzilla.suse.com/1251308"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-29T15:32:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-47911"
},
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-29T15:32:26Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2025-47914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47914"
}
],
"notes": [
{
"category": "general",
"text": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47914",
"url": "https://www.suse.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "SUSE Bug 1253967 for CVE-2025-47914",
"url": "https://bugzilla.suse.com/1253967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-29T15:32:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-47914"
},
{
"cve": "CVE-2025-58181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58181"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58181",
"url": "https://www.suse.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "SUSE Bug 1253784 for CVE-2025-58181",
"url": "https://bugzilla.suse.com/1253784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-29T15:32:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-58181"
},
{
"cve": "CVE-2025-58190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58190"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58190",
"url": "https://www.suse.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "SUSE Bug 1251309 for CVE-2025-58190",
"url": "https://bugzilla.suse.com/1251309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-register-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-support-1.8.1-160000.1.1.x86_64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"SUSE Linux Micro 6.2:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-29T15:32:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-58190"
}
]
}
SUSE-SU-2026:20244-1
Vulnerability from csaf_suse - Published: 2026-01-15 11:08 - Updated: 2026-01-15 11:08Summary
Security update for elemental-toolkit, elemental-operator
Severity
Important
Notes
Title of the patch: Security update for elemental-toolkit, elemental-operator
Description of the patch: This update for elemental-toolkit, elemental-operator fixes the following issues:
elemental-operator:
- Update to version 1.6.10:
* Remove 'latest' tag as this overlaps with the latest branch
* Bump github.com/rancher-sandbox/go-tpm and its dependencies
This bump includes fixes to some CVEs:
* bsc#1241826 (CVE-2025-22872)
* bsc#1241857 (CVE-2025-22872)
* bsc#1251511 (CVE-2025-47911)
* bsc#1251679 (CVE-2025-58190)
elemental-toolkit:
- Update to version 2.1.5:
* Update headers for new year 2026
* Disable selinux in installer media
- Update to version 2.1.4:
* Remove leftovers in installer integration test
* Bump to build against go 1.24
* Bump golang.org/x/crypto library
This bump includes fixes to some CVEs:
* bsc#1241826 (CVE-2025-22872)
* bsc#1241857 (CVE-2025-22872)
* bsc#1251511 (CVE-2025-47911)
* bsc#1251679 (CVE-2025-58190)
* bsc#1253581 (CVE-2025-47913)
* bsc#1253901 (CVE-2025-58181)
* bsc#1254079 (CVE-2025-47914)
Patchnames: SUSE-SLE-Micro-6.0-561
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for elemental-toolkit, elemental-operator",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for elemental-toolkit, elemental-operator fixes the following issues:\n\nelemental-operator:\n\n - Update to version 1.6.10:\n\n * Remove \u0027latest\u0027 tag as this overlaps with the latest branch\n * Bump github.com/rancher-sandbox/go-tpm and its dependencies\n This bump includes fixes to some CVEs:\n * bsc#1241826 (CVE-2025-22872)\n * bsc#1241857 (CVE-2025-22872)\n * bsc#1251511 (CVE-2025-47911)\n * bsc#1251679 (CVE-2025-58190)\n\nelemental-toolkit:\n\n - Update to version 2.1.5:\n\n * Update headers for new year 2026\n * Disable selinux in installer media\n\n - Update to version 2.1.4:\n\n * Remove leftovers in installer integration test\n * Bump to build against go 1.24\n * Bump golang.org/x/crypto library\n This bump includes fixes to some CVEs:\n\n * bsc#1241826 (CVE-2025-22872)\n * bsc#1241857 (CVE-2025-22872)\n * bsc#1251511 (CVE-2025-47911)\n * bsc#1251679 (CVE-2025-58190)\n * bsc#1253581 (CVE-2025-47913)\n * bsc#1253901 (CVE-2025-58181)\n * bsc#1254079 (CVE-2025-47914)\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-561",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20244-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20244-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620244-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20244-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024237.html"
},
{
"category": "self",
"summary": "SUSE Bug 1241826",
"url": "https://bugzilla.suse.com/1241826"
},
{
"category": "self",
"summary": "SUSE Bug 1241857",
"url": "https://bugzilla.suse.com/1241857"
},
{
"category": "self",
"summary": "SUSE Bug 1251511",
"url": "https://bugzilla.suse.com/1251511"
},
{
"category": "self",
"summary": "SUSE Bug 1251679",
"url": "https://bugzilla.suse.com/1251679"
},
{
"category": "self",
"summary": "SUSE Bug 1253581",
"url": "https://bugzilla.suse.com/1253581"
},
{
"category": "self",
"summary": "SUSE Bug 1253901",
"url": "https://bugzilla.suse.com/1253901"
},
{
"category": "self",
"summary": "SUSE Bug 1254079",
"url": "https://bugzilla.suse.com/1254079"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22872 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58190 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58190/"
}
],
"title": "Security update for elemental-toolkit, elemental-operator",
"tracking": {
"current_release_date": "2026-01-15T11:08:38Z",
"generator": {
"date": "2026-01-15T11:08:38Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20244-1",
"initial_release_date": "2026-01-15T11:08:38Z",
"revision_history": [
{
"date": "2026-01-15T11:08:38Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "elemental-register-1.6.10-1.1.aarch64",
"product": {
"name": "elemental-register-1.6.10-1.1.aarch64",
"product_id": "elemental-register-1.6.10-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "elemental-support-1.6.10-1.1.aarch64",
"product": {
"name": "elemental-support-1.6.10-1.1.aarch64",
"product_id": "elemental-support-1.6.10-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "elemental-toolkit-2.1.5-1.1.aarch64",
"product": {
"name": "elemental-toolkit-2.1.5-1.1.aarch64",
"product_id": "elemental-toolkit-2.1.5-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "elemental-register-1.6.10-1.1.x86_64",
"product": {
"name": "elemental-register-1.6.10-1.1.x86_64",
"product_id": "elemental-register-1.6.10-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "elemental-support-1.6.10-1.1.x86_64",
"product": {
"name": "elemental-support-1.6.10-1.1.x86_64",
"product_id": "elemental-support-1.6.10-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "elemental-toolkit-2.1.5-1.1.x86_64",
"product": {
"name": "elemental-toolkit-2.1.5-1.1.x86_64",
"product_id": "elemental-toolkit-2.1.5-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-register-1.6.10-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64"
},
"product_reference": "elemental-register-1.6.10-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-register-1.6.10-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64"
},
"product_reference": "elemental-register-1.6.10-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-support-1.6.10-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64"
},
"product_reference": "elemental-support-1.6.10-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-support-1.6.10-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64"
},
"product_reference": "elemental-support-1.6.10-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-toolkit-2.1.5-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64"
},
"product_reference": "elemental-toolkit-2.1.5-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-toolkit-2.1.5-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
},
"product_reference": "elemental-toolkit-2.1.5-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22872"
}
],
"notes": [
{
"category": "general",
"text": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22872",
"url": "https://www.suse.com/security/cve/CVE-2025-22872"
},
{
"category": "external",
"summary": "SUSE Bug 1241710 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1241710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-15T11:08:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-22872"
},
{
"cve": "CVE-2025-47911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47911"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47911",
"url": "https://www.suse.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "SUSE Bug 1251308 for CVE-2025-47911",
"url": "https://bugzilla.suse.com/1251308"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-15T11:08:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-47911"
},
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-15T11:08:38Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2025-47914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47914"
}
],
"notes": [
{
"category": "general",
"text": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47914",
"url": "https://www.suse.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "SUSE Bug 1253967 for CVE-2025-47914",
"url": "https://bugzilla.suse.com/1253967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-15T11:08:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-47914"
},
{
"cve": "CVE-2025-58181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58181"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58181",
"url": "https://www.suse.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "SUSE Bug 1253784 for CVE-2025-58181",
"url": "https://bugzilla.suse.com/1253784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-15T11:08:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-58181"
},
{
"cve": "CVE-2025-58190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58190"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58190",
"url": "https://www.suse.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "SUSE Bug 1251309 for CVE-2025-58190",
"url": "https://bugzilla.suse.com/1251309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-register-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-support-1.6.10-1.1.x86_64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.aarch64",
"SUSE Linux Micro 6.0:elemental-toolkit-2.1.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-15T11:08:38Z",
"details": "moderate"
}
],
"title": "CVE-2025-58190"
}
]
}
SUSE-SU-2026:20357-1
Vulnerability from csaf_suse - Published: 2026-01-15 09:23 - Updated: 2026-01-15 09:23Summary
Security update for elemental-toolkit, elemental-operator
Severity
Important
Notes
Title of the patch: Security update for elemental-toolkit, elemental-operator
Description of the patch: This update for elemental-toolkit, elemental-operator fixes the following issues:
elemental-operator:
- Update to v1.7.4:
* Bump github.com/rancher-sandbox/go-tpm and its dependencies
This bump includes few CVE fixes:
* bsc#1241826 (CVE-2025-22872)
* bsc#1241857 (CVE-2025-22872)
* bsc#1251511 (CVE-2025-47911)
* bsc#1251679 (CVE-2025-58190)
* Install yip config files in before-install step
* Revert "Do not delete ManagedOSVersions by default"
* Set default channel variable names consistent with OS version
* Do not delete ManagedOSVersions by default
* Include -channel suffix to channel names
* OS channel: enable baremetal channel by default
elemental-toolkit:
- Update to v2.2.7:
* Bump toolkit build to go 1.24
* Bump golang.org/x/crypto library
This bumg includes few CVE fixes:
* bsc#1241826 (CVE-2025-22872)
* bsc#1241857 (CVE-2025-22872)
* bsc#1251511 (CVE-2025-47911)
* bsc#1251679 (CVE-2025-58190)
* bsc#1253581 (CVE-2025-47913)
* bsc#1253901 (CVE-2025-58181)
* bsc#1254079 (CVE-2025-47914)
- Update to v2.2.5:
* Permissive mode for green selinux
* Adapt code and unit tests
* Minor change to lookup devices using blkid
Patchnames: SUSE-SLE-Micro-6.1-375
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for elemental-toolkit, elemental-operator",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for elemental-toolkit, elemental-operator fixes the following issues:\n\nelemental-operator:\n\n - Update to v1.7.4:\n\n * Bump github.com/rancher-sandbox/go-tpm and its dependencies\n This bump includes few CVE fixes:\n * bsc#1241826 (CVE-2025-22872)\n * bsc#1241857 (CVE-2025-22872)\n * bsc#1251511 (CVE-2025-47911)\n * bsc#1251679 (CVE-2025-58190)\n * Install yip config files in before-install step\n * Revert \"Do not delete ManagedOSVersions by default\"\n * Set default channel variable names consistent with OS version\n * Do not delete ManagedOSVersions by default\n * Include -channel suffix to channel names\n * OS channel: enable baremetal channel by default\n\nelemental-toolkit:\n\n - Update to v2.2.7:\n\n * Bump toolkit build to go 1.24\n * Bump golang.org/x/crypto library\n This bumg includes few CVE fixes:\n * bsc#1241826 (CVE-2025-22872)\n * bsc#1241857 (CVE-2025-22872)\n * bsc#1251511 (CVE-2025-47911)\n * bsc#1251679 (CVE-2025-58190)\n * bsc#1253581 (CVE-2025-47913)\n * bsc#1253901 (CVE-2025-58181)\n * bsc#1254079 (CVE-2025-47914)\n\n - Update to v2.2.5:\n\n * Permissive mode for green selinux\n * Adapt code and unit tests\n * Minor change to lookup devices using blkid\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-375",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20357-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20357-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620357-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20357-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024326.html"
},
{
"category": "self",
"summary": "SUSE Bug 1241826",
"url": "https://bugzilla.suse.com/1241826"
},
{
"category": "self",
"summary": "SUSE Bug 1241857",
"url": "https://bugzilla.suse.com/1241857"
},
{
"category": "self",
"summary": "SUSE Bug 1251511",
"url": "https://bugzilla.suse.com/1251511"
},
{
"category": "self",
"summary": "SUSE Bug 1251679",
"url": "https://bugzilla.suse.com/1251679"
},
{
"category": "self",
"summary": "SUSE Bug 1253581",
"url": "https://bugzilla.suse.com/1253581"
},
{
"category": "self",
"summary": "SUSE Bug 1253901",
"url": "https://bugzilla.suse.com/1253901"
},
{
"category": "self",
"summary": "SUSE Bug 1254079",
"url": "https://bugzilla.suse.com/1254079"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22872 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58190 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58190/"
}
],
"title": "Security update for elemental-toolkit, elemental-operator",
"tracking": {
"current_release_date": "2026-01-15T09:23:45Z",
"generator": {
"date": "2026-01-15T09:23:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20357-1",
"initial_release_date": "2026-01-15T09:23:45Z",
"revision_history": [
{
"date": "2026-01-15T09:23:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"product": {
"name": "elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"product_id": "elemental-register-1.7.4-slfo.1.1_1.1.aarch64"
}
},
{
"category": "product_version",
"name": "elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"product": {
"name": "elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"product_id": "elemental-support-1.7.4-slfo.1.1_1.1.aarch64"
}
},
{
"category": "product_version",
"name": "elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"product": {
"name": "elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"product_id": "elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"product": {
"name": "elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"product_id": "elemental-register-1.7.4-slfo.1.1_1.1.x86_64"
}
},
{
"category": "product_version",
"name": "elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"product": {
"name": "elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"product_id": "elemental-support-1.7.4-slfo.1.1_1.1.x86_64"
}
},
{
"category": "product_version",
"name": "elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64",
"product": {
"name": "elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64",
"product_id": "elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-register-1.7.4-slfo.1.1_1.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64"
},
"product_reference": "elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-register-1.7.4-slfo.1.1_1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64"
},
"product_reference": "elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-support-1.7.4-slfo.1.1_1.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64"
},
"product_reference": "elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-support-1.7.4-slfo.1.1_1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64"
},
"product_reference": "elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64"
},
"product_reference": "elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
},
"product_reference": "elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22872"
}
],
"notes": [
{
"category": "general",
"text": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22872",
"url": "https://www.suse.com/security/cve/CVE-2025-22872"
},
{
"category": "external",
"summary": "SUSE Bug 1241710 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1241710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-15T09:23:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-22872"
},
{
"cve": "CVE-2025-47911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47911"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47911",
"url": "https://www.suse.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "SUSE Bug 1251308 for CVE-2025-47911",
"url": "https://bugzilla.suse.com/1251308"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-15T09:23:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-47911"
},
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-15T09:23:45Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2025-47914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47914"
}
],
"notes": [
{
"category": "general",
"text": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47914",
"url": "https://www.suse.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "SUSE Bug 1253967 for CVE-2025-47914",
"url": "https://bugzilla.suse.com/1253967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-15T09:23:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-47914"
},
{
"cve": "CVE-2025-58181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58181"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58181",
"url": "https://www.suse.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "SUSE Bug 1253784 for CVE-2025-58181",
"url": "https://bugzilla.suse.com/1253784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-15T09:23:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-58181"
},
{
"cve": "CVE-2025-58190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58190"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58190",
"url": "https://www.suse.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "SUSE Bug 1251309 for CVE-2025-58190",
"url": "https://bugzilla.suse.com/1251309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-register-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-support-1.7.4-slfo.1.1_1.1.x86_64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:elemental-toolkit-2.2.7-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-15T09:23:45Z",
"details": "moderate"
}
],
"title": "CVE-2025-58190"
}
]
}
SUSE-SU-2026:20451-1
Vulnerability from csaf_suse - Published: 2026-02-17 08:53 - Updated: 2026-02-17 08:53Summary
Security update for docker-compose
Severity
Important
Notes
Title of the patch: Security update for docker-compose
Description of the patch: This update for docker-compose fixes the following issues:
- CVE-2025-47914: non validated message size can cause a panic due to an out of bounds read (bsc#1254041).
- CVE-2025-47913: client process termination when receiving an unexpected message type in response to a key listing or
signing request (bsc#1253584).
Patchnames: SUSE-SLE-Micro-6.0-587
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for docker-compose",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for docker-compose fixes the following issues:\n\n- CVE-2025-47914: non validated message size can cause a panic due to an out of bounds read (bsc#1254041). \n- CVE-2025-47913: client process termination when receiving an unexpected message type in response to a key listing or\n signing request (bsc#1253584).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-587",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20451-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20451-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620451-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20451-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024432.html"
},
{
"category": "self",
"summary": "SUSE Bug 1253584",
"url": "https://bugzilla.suse.com/1253584"
},
{
"category": "self",
"summary": "SUSE Bug 1254041",
"url": "https://bugzilla.suse.com/1254041"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47914/"
}
],
"title": "Security update for docker-compose",
"tracking": {
"current_release_date": "2026-02-17T08:53:14Z",
"generator": {
"date": "2026-02-17T08:53:14Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20451-1",
"initial_release_date": "2026-02-17T08:53:14Z",
"revision_history": [
{
"date": "2026-02-17T08:53:14Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-compose-2.33.1-3.1.aarch64",
"product": {
"name": "docker-compose-2.33.1-3.1.aarch64",
"product_id": "docker-compose-2.33.1-3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-compose-2.33.1-3.1.s390x",
"product": {
"name": "docker-compose-2.33.1-3.1.s390x",
"product_id": "docker-compose-2.33.1-3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-compose-2.33.1-3.1.x86_64",
"product": {
"name": "docker-compose-2.33.1-3.1.x86_64",
"product_id": "docker-compose-2.33.1-3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.33.1-3.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.aarch64"
},
"product_reference": "docker-compose-2.33.1-3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.33.1-3.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.s390x"
},
"product_reference": "docker-compose-2.33.1-3.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.33.1-3.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.x86_64"
},
"product_reference": "docker-compose-2.33.1-3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.aarch64",
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.s390x",
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.aarch64",
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.s390x",
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.aarch64",
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.s390x",
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-17T08:53:14Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2025-47914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47914"
}
],
"notes": [
{
"category": "general",
"text": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.aarch64",
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.s390x",
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47914",
"url": "https://www.suse.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "SUSE Bug 1253967 for CVE-2025-47914",
"url": "https://bugzilla.suse.com/1253967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.aarch64",
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.s390x",
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.aarch64",
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.s390x",
"SUSE Linux Micro 6.0:docker-compose-2.33.1-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-17T08:53:14Z",
"details": "moderate"
}
],
"title": "CVE-2025-47914"
}
]
}
SUSE-SU-2026:20626-1
Vulnerability from csaf_suse - Published: 2026-03-03 16:04 - Updated: 2026-03-03 16:04Summary
Security update for podman
Severity
Important
Notes
Title of the patch: Security update for podman
Description of the patch: This update for podman fixes the following issues:
Changes in podman:
- Add symlink to catatonit in /usr/libexec/podman (bsc#1248988)
- CVE-2025-47914: Fixed golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read (bsc#1253993)
- CVE-2025-47913: Fixed golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253542):
- CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Fixed runc: Container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1252376):
- CVE-2025-9566: Fixed that podman kube play command may overwrite host files (bsc#1249154):
Patchnames: SUSE-SLES-16.0-343
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.3 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
36 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for podman",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for podman fixes the following issues:\n\nChanges in podman:\n\n- Add symlink to catatonit in /usr/libexec/podman (bsc#1248988)\n\n- CVE-2025-47914: Fixed golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read (bsc#1253993)\n- CVE-2025-47913: Fixed golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253542):\n\n- CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Fixed runc: Container breakouts by bypassing runc\u0027s restrictions for writing to arbitrary /proc files (bsc#1252376):\n- CVE-2025-9566: Fixed that podman kube play command may overwrite host files (bsc#1249154):\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-343",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20626-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20626-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620626-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20626-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024648.html"
},
{
"category": "self",
"summary": "SUSE Bug 1248988",
"url": "https://bugzilla.suse.com/1248988"
},
{
"category": "self",
"summary": "SUSE Bug 1249154",
"url": "https://bugzilla.suse.com/1249154"
},
{
"category": "self",
"summary": "SUSE Bug 1252376",
"url": "https://bugzilla.suse.com/1252376"
},
{
"category": "self",
"summary": "SUSE Bug 1253542",
"url": "https://bugzilla.suse.com/1253542"
},
{
"category": "self",
"summary": "SUSE Bug 1253993",
"url": "https://bugzilla.suse.com/1253993"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31133 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52565 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52565/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-6032 page",
"url": "https://www.suse.com/security/cve/CVE-2025-6032/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-9566 page",
"url": "https://www.suse.com/security/cve/CVE-2025-9566/"
}
],
"title": "Security update for podman",
"tracking": {
"current_release_date": "2026-03-03T16:04:58Z",
"generator": {
"date": "2026-03-03T16:04:58Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20626-1",
"initial_release_date": "2026-03-03T16:04:58Z",
"revision_history": [
{
"date": "2026-03-03T16:04:58Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.4.1.aarch64",
"product": {
"name": "podman-5.4.2-160000.4.1.aarch64",
"product_id": "podman-5.4.2-160000.4.1.aarch64"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.4.1.aarch64",
"product": {
"name": "podman-remote-5.4.2-160000.4.1.aarch64",
"product_id": "podman-remote-5.4.2-160000.4.1.aarch64"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.4.1.aarch64",
"product": {
"name": "podmansh-5.4.2-160000.4.1.aarch64",
"product_id": "podmansh-5.4.2-160000.4.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-docker-5.4.2-160000.4.1.noarch",
"product": {
"name": "podman-docker-5.4.2-160000.4.1.noarch",
"product_id": "podman-docker-5.4.2-160000.4.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.4.1.ppc64le",
"product": {
"name": "podman-5.4.2-160000.4.1.ppc64le",
"product_id": "podman-5.4.2-160000.4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.4.1.ppc64le",
"product": {
"name": "podman-remote-5.4.2-160000.4.1.ppc64le",
"product_id": "podman-remote-5.4.2-160000.4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.4.1.ppc64le",
"product": {
"name": "podmansh-5.4.2-160000.4.1.ppc64le",
"product_id": "podmansh-5.4.2-160000.4.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.4.1.s390x",
"product": {
"name": "podman-5.4.2-160000.4.1.s390x",
"product_id": "podman-5.4.2-160000.4.1.s390x"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.4.1.s390x",
"product": {
"name": "podman-remote-5.4.2-160000.4.1.s390x",
"product_id": "podman-remote-5.4.2-160000.4.1.s390x"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.4.1.s390x",
"product": {
"name": "podmansh-5.4.2-160000.4.1.s390x",
"product_id": "podmansh-5.4.2-160000.4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.4.1.x86_64",
"product": {
"name": "podman-5.4.2-160000.4.1.x86_64",
"product_id": "podman-5.4.2-160000.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.4.1.x86_64",
"product": {
"name": "podman-remote-5.4.2-160000.4.1.x86_64",
"product_id": "podman-remote-5.4.2-160000.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.4.1.x86_64",
"product": {
"name": "podmansh-5.4.2-160000.4.1.x86_64",
"product_id": "podmansh-5.4.2-160000.4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podman-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podman-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x"
},
"product_reference": "podman-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podman-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-5.4.2-160000.4.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch"
},
"product_reference": "podman-docker-5.4.2-160000.4.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podmansh-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podmansh-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x"
},
"product_reference": "podmansh-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podmansh-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podman-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podman-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x"
},
"product_reference": "podman-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podman-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-5.4.2-160000.4.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch"
},
"product_reference": "podman-docker-5.4.2-160000.4.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podmansh-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podmansh-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x"
},
"product_reference": "podmansh-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podmansh-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22869"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22869",
"url": "https://www.suse.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "SUSE Bug 1239322 for CVE-2025-22869",
"url": "https://bugzilla.suse.com/1239322"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-22869"
},
{
"cve": "CVE-2025-31133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31133"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container\u0027s /dev/null) was actually a real /dev/null inode when using the container\u0027s /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31133",
"url": "https://www.suse.com/security/cve/CVE-2025-31133"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-31133"
},
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2025-47914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47914"
}
],
"notes": [
{
"category": "general",
"text": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47914",
"url": "https://www.suse.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "SUSE Bug 1253967 for CVE-2025-47914",
"url": "https://bugzilla.suse.com/1253967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-47914"
},
{
"cve": "CVE-2025-52565",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52565"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52565",
"url": "https://www.suse.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-52565"
},
{
"cve": "CVE-2025-52881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52881"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52881",
"url": "https://www.suse.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-52881"
},
{
"cve": "CVE-2025-6032",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-6032"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-6032",
"url": "https://www.suse.com/security/cve/CVE-2025-6032"
},
{
"category": "external",
"summary": "SUSE Bug 1245320 for CVE-2025-6032",
"url": "https://bugzilla.suse.com/1245320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-6032"
},
{
"cve": "CVE-2025-9566",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-9566"
}
],
"notes": [
{
"category": "general",
"text": "There\u0027s a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file.\n\nBinary-Affected: podman\nUpstream-version-introduced: v4.0.0\nUpstream-version-fixed: v5.6.1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-9566",
"url": "https://www.suse.com/security/cve/CVE-2025-9566"
},
{
"category": "external",
"summary": "SUSE Bug 1249154 for CVE-2025-9566",
"url": "https://bugzilla.suse.com/1249154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-9566"
}
]
}
SUSE-SU-2026:20641-1
Vulnerability from csaf_suse - Published: 2026-03-03 16:04 - Updated: 2026-03-03 16:04Summary
Security update for podman
Severity
Important
Notes
Title of the patch: Security update for podman
Description of the patch: This update for podman fixes the following issues:
Changes in podman:
- Add symlink to catatonit in /usr/libexec/podman (bsc#1248988)
- CVE-2025-47914: Fixed golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read (bsc#1253993)
- CVE-2025-47913: Fixed golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253542):
- CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Fixed runc: Container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1252376):
- CVE-2025-9566: Fixed that podman kube play command may overwrite host files (bsc#1249154):
Patchnames: SUSE-SL-Micro-6.2-343
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.3 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
36 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for podman",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for podman fixes the following issues:\n\nChanges in podman:\n\n- Add symlink to catatonit in /usr/libexec/podman (bsc#1248988)\n\n- CVE-2025-47914: Fixed golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read (bsc#1253993)\n- CVE-2025-47913: Fixed golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253542):\n\n- CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Fixed runc: Container breakouts by bypassing runc\u0027s restrictions for writing to arbitrary /proc files (bsc#1252376):\n- CVE-2025-9566: Fixed that podman kube play command may overwrite host files (bsc#1249154):\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SL-Micro-6.2-343",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20641-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20641-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620641-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20641-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024659.html"
},
{
"category": "self",
"summary": "SUSE Bug 1248988",
"url": "https://bugzilla.suse.com/1248988"
},
{
"category": "self",
"summary": "SUSE Bug 1249154",
"url": "https://bugzilla.suse.com/1249154"
},
{
"category": "self",
"summary": "SUSE Bug 1252376",
"url": "https://bugzilla.suse.com/1252376"
},
{
"category": "self",
"summary": "SUSE Bug 1253542",
"url": "https://bugzilla.suse.com/1253542"
},
{
"category": "self",
"summary": "SUSE Bug 1253993",
"url": "https://bugzilla.suse.com/1253993"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31133 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52565 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52565/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-6032 page",
"url": "https://www.suse.com/security/cve/CVE-2025-6032/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-9566 page",
"url": "https://www.suse.com/security/cve/CVE-2025-9566/"
}
],
"title": "Security update for podman",
"tracking": {
"current_release_date": "2026-03-03T16:04:58Z",
"generator": {
"date": "2026-03-03T16:04:58Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20641-1",
"initial_release_date": "2026-03-03T16:04:58Z",
"revision_history": [
{
"date": "2026-03-03T16:04:58Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.4.1.aarch64",
"product": {
"name": "podman-5.4.2-160000.4.1.aarch64",
"product_id": "podman-5.4.2-160000.4.1.aarch64"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.4.1.aarch64",
"product": {
"name": "podman-remote-5.4.2-160000.4.1.aarch64",
"product_id": "podman-remote-5.4.2-160000.4.1.aarch64"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.4.1.aarch64",
"product": {
"name": "podmansh-5.4.2-160000.4.1.aarch64",
"product_id": "podmansh-5.4.2-160000.4.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-docker-5.4.2-160000.4.1.noarch",
"product": {
"name": "podman-docker-5.4.2-160000.4.1.noarch",
"product_id": "podman-docker-5.4.2-160000.4.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.4.1.ppc64le",
"product": {
"name": "podman-5.4.2-160000.4.1.ppc64le",
"product_id": "podman-5.4.2-160000.4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.4.1.ppc64le",
"product": {
"name": "podman-remote-5.4.2-160000.4.1.ppc64le",
"product_id": "podman-remote-5.4.2-160000.4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.4.1.ppc64le",
"product": {
"name": "podmansh-5.4.2-160000.4.1.ppc64le",
"product_id": "podmansh-5.4.2-160000.4.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.4.1.s390x",
"product": {
"name": "podman-5.4.2-160000.4.1.s390x",
"product_id": "podman-5.4.2-160000.4.1.s390x"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.4.1.s390x",
"product": {
"name": "podman-remote-5.4.2-160000.4.1.s390x",
"product_id": "podman-remote-5.4.2-160000.4.1.s390x"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.4.1.s390x",
"product": {
"name": "podmansh-5.4.2-160000.4.1.s390x",
"product_id": "podmansh-5.4.2-160000.4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.4.1.x86_64",
"product": {
"name": "podman-5.4.2-160000.4.1.x86_64",
"product_id": "podman-5.4.2-160000.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.4.1.x86_64",
"product": {
"name": "podman-remote-5.4.2-160000.4.1.x86_64",
"product_id": "podman-remote-5.4.2-160000.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.4.1.x86_64",
"product": {
"name": "podmansh-5.4.2-160000.4.1.x86_64",
"product_id": "podmansh-5.4.2-160000.4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.2",
"product": {
"name": "SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:transactional"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podman-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podman-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x"
},
"product_reference": "podman-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podman-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-5.4.2-160000.4.1.noarch as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch"
},
"product_reference": "podman-docker-5.4.2-160000.4.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podmansh-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podmansh-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x"
},
"product_reference": "podmansh-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podmansh-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22869"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22869",
"url": "https://www.suse.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "SUSE Bug 1239322 for CVE-2025-22869",
"url": "https://bugzilla.suse.com/1239322"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-22869"
},
{
"cve": "CVE-2025-31133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31133"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container\u0027s /dev/null) was actually a real /dev/null inode when using the container\u0027s /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31133",
"url": "https://www.suse.com/security/cve/CVE-2025-31133"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-31133"
},
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2025-47914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47914"
}
],
"notes": [
{
"category": "general",
"text": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47914",
"url": "https://www.suse.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "SUSE Bug 1253967 for CVE-2025-47914",
"url": "https://bugzilla.suse.com/1253967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-47914"
},
{
"cve": "CVE-2025-52565",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52565"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52565",
"url": "https://www.suse.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-52565"
},
{
"cve": "CVE-2025-52881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52881"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52881",
"url": "https://www.suse.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-52881"
},
{
"cve": "CVE-2025-6032",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-6032"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-6032",
"url": "https://www.suse.com/security/cve/CVE-2025-6032"
},
{
"category": "external",
"summary": "SUSE Bug 1245320 for CVE-2025-6032",
"url": "https://bugzilla.suse.com/1245320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-6032"
},
{
"cve": "CVE-2025-9566",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-9566"
}
],
"notes": [
{
"category": "general",
"text": "There\u0027s a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file.\n\nBinary-Affected: podman\nUpstream-version-introduced: v4.0.0\nUpstream-version-fixed: v5.6.1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-9566",
"url": "https://www.suse.com/security/cve/CVE-2025-9566"
},
{
"category": "external",
"summary": "SUSE Bug 1249154 for CVE-2025-9566",
"url": "https://bugzilla.suse.com/1249154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-9566"
}
]
}
SUSE-SU-2026:20656-1
Vulnerability from csaf_suse - Published: 2026-03-06 11:34 - Updated: 2026-03-06 11:34Summary
Security update for docker-compose
Severity
Important
Notes
Title of the patch: Security update for docker-compose
Description of the patch: This update for docker-compose fixes the following issues:
- CVE-2025-47914: non validated message size can cause a panic due to an out of bounds read (bsc#1254041).
- CVE-2025-47913: client process termination when receiving an unexpected message type in response to a key listing or
signing request (bsc#1253584).
- CVE-2025-62725: OCI compose artifacts can be used to escape the cache directory and overwrite arbitrary files
(bsc#1252752).
Patchnames: SUSE-SLE-Micro-6.1-428
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.3 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for docker-compose",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for docker-compose fixes the following issues:\n\n- CVE-2025-47914: non validated message size can cause a panic due to an out of bounds read (bsc#1254041). \n- CVE-2025-47913: client process termination when receiving an unexpected message type in response to a key listing or\n signing request (bsc#1253584).\n- CVE-2025-62725: OCI compose artifacts can be used to escape the cache directory and overwrite arbitrary files\n (bsc#1252752).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-428",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20656-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20656-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620656-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20656-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024754.html"
},
{
"category": "self",
"summary": "SUSE Bug 1252752",
"url": "https://bugzilla.suse.com/1252752"
},
{
"category": "self",
"summary": "SUSE Bug 1253584",
"url": "https://bugzilla.suse.com/1253584"
},
{
"category": "self",
"summary": "SUSE Bug 1254041",
"url": "https://bugzilla.suse.com/1254041"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-62725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-62725/"
}
],
"title": "Security update for docker-compose",
"tracking": {
"current_release_date": "2026-03-06T11:34:20Z",
"generator": {
"date": "2026-03-06T11:34:20Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20656-1",
"initial_release_date": "2026-03-06T11:34:20Z",
"revision_history": [
{
"date": "2026-03-06T11:34:20Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-compose-2.33.1-slfo.1.1_2.1.aarch64",
"product": {
"name": "docker-compose-2.33.1-slfo.1.1_2.1.aarch64",
"product_id": "docker-compose-2.33.1-slfo.1.1_2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-compose-2.33.1-slfo.1.1_2.1.ppc64le",
"product": {
"name": "docker-compose-2.33.1-slfo.1.1_2.1.ppc64le",
"product_id": "docker-compose-2.33.1-slfo.1.1_2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-compose-2.33.1-slfo.1.1_2.1.s390x",
"product": {
"name": "docker-compose-2.33.1-slfo.1.1_2.1.s390x",
"product_id": "docker-compose-2.33.1-slfo.1.1_2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-compose-2.33.1-slfo.1.1_2.1.x86_64",
"product": {
"name": "docker-compose-2.33.1-slfo.1.1_2.1.x86_64",
"product_id": "docker-compose-2.33.1-slfo.1.1_2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.33.1-slfo.1.1_2.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.aarch64"
},
"product_reference": "docker-compose-2.33.1-slfo.1.1_2.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.33.1-slfo.1.1_2.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.ppc64le"
},
"product_reference": "docker-compose-2.33.1-slfo.1.1_2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.33.1-slfo.1.1_2.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.s390x"
},
"product_reference": "docker-compose-2.33.1-slfo.1.1_2.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.33.1-slfo.1.1_2.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.x86_64"
},
"product_reference": "docker-compose-2.33.1-slfo.1.1_2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-06T11:34:20Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2025-47914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47914"
}
],
"notes": [
{
"category": "general",
"text": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47914",
"url": "https://www.suse.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "SUSE Bug 1253967 for CVE-2025-47914",
"url": "https://bugzilla.suse.com/1253967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-06T11:34:20Z",
"details": "moderate"
}
],
"title": "CVE-2025-47914"
},
{
"cve": "CVE-2025-62725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-62725"
}
],
"notes": [
{
"category": "general",
"text": "Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker-supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cache directory and writes the file there. This affects any platform or workflow that resolves remote OCI compose artifacts, Docker Desktop, standalone Compose binaries on Linux, CI/CD runners, cloud dev environments is affected. An attacker can escape the cache directory and overwrite arbitrary files on the machine running docker compose, even if the user only runs read-only commands such as docker compose config or docker compose ps. This issue is fixed in v2.40.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-62725",
"url": "https://www.suse.com/security/cve/CVE-2025-62725"
},
{
"category": "external",
"summary": "SUSE Bug 1252752 for CVE-2025-62725",
"url": "https://bugzilla.suse.com/1252752"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.aarch64",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.ppc64le",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.s390x",
"SUSE Linux Micro 6.1:docker-compose-2.33.1-slfo.1.1_2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-06T11:34:20Z",
"details": "important"
}
],
"title": "CVE-2025-62725"
}
]
}
SUSE-SU-2026:20949-1
Vulnerability from csaf_suse - Published: 2026-03-27 10:09 - Updated: 2026-03-27 10:09Summary
Security update for docker-compose
Severity
Important
Notes
Title of the patch: Security update for docker-compose
Description of the patch: This update for docker-compose fixes the following issues:
- CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in
response to a key listing or signing request (bsc#1253584).
- CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds
read (bsc#1254041).
- CVE-2025-62725: OCI compose artifacts can be used to escape the cache directory and overwrite arbitrary files
(bsc#1252752).
Patchnames: SUSE-SL-Micro-6.2-455
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.3 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for docker-compose",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for docker-compose fixes the following issues:\n\n- CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in\n response to a key listing or signing request (bsc#1253584).\n- CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds\n read (bsc#1254041).\n- CVE-2025-62725: OCI compose artifacts can be used to escape the cache directory and overwrite arbitrary files\n (bsc#1252752).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SL-Micro-6.2-455",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20949-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20949-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620949-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20949-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045253.html"
},
{
"category": "self",
"summary": "SUSE Bug 1252752",
"url": "https://bugzilla.suse.com/1252752"
},
{
"category": "self",
"summary": "SUSE Bug 1253584",
"url": "https://bugzilla.suse.com/1253584"
},
{
"category": "self",
"summary": "SUSE Bug 1254041",
"url": "https://bugzilla.suse.com/1254041"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-62725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-62725/"
}
],
"title": "Security update for docker-compose",
"tracking": {
"current_release_date": "2026-03-27T10:09:30Z",
"generator": {
"date": "2026-03-27T10:09:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20949-1",
"initial_release_date": "2026-03-27T10:09:30Z",
"revision_history": [
{
"date": "2026-03-27T10:09:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-compose-2.33.1-160000.4.1.aarch64",
"product": {
"name": "docker-compose-2.33.1-160000.4.1.aarch64",
"product_id": "docker-compose-2.33.1-160000.4.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-compose-2.33.1-160000.4.1.ppc64le",
"product": {
"name": "docker-compose-2.33.1-160000.4.1.ppc64le",
"product_id": "docker-compose-2.33.1-160000.4.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-compose-2.33.1-160000.4.1.s390x",
"product": {
"name": "docker-compose-2.33.1-160000.4.1.s390x",
"product_id": "docker-compose-2.33.1-160000.4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-compose-2.33.1-160000.4.1.x86_64",
"product": {
"name": "docker-compose-2.33.1-160000.4.1.x86_64",
"product_id": "docker-compose-2.33.1-160000.4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.2",
"product": {
"name": "SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.33.1-160000.4.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.aarch64"
},
"product_reference": "docker-compose-2.33.1-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.33.1-160000.4.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.ppc64le"
},
"product_reference": "docker-compose-2.33.1-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.33.1-160000.4.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.s390x"
},
"product_reference": "docker-compose-2.33.1-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-compose-2.33.1-160000.4.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.x86_64"
},
"product_reference": "docker-compose-2.33.1-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T10:09:30Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2025-47914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47914"
}
],
"notes": [
{
"category": "general",
"text": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47914",
"url": "https://www.suse.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "SUSE Bug 1253967 for CVE-2025-47914",
"url": "https://bugzilla.suse.com/1253967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T10:09:30Z",
"details": "moderate"
}
],
"title": "CVE-2025-47914"
},
{
"cve": "CVE-2025-62725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-62725"
}
],
"notes": [
{
"category": "general",
"text": "Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker-supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cache directory and writes the file there. This affects any platform or workflow that resolves remote OCI compose artifacts, Docker Desktop, standalone Compose binaries on Linux, CI/CD runners, cloud dev environments is affected. An attacker can escape the cache directory and overwrite arbitrary files on the machine running docker compose, even if the user only runs read-only commands such as docker compose config or docker compose ps. This issue is fixed in v2.40.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-62725",
"url": "https://www.suse.com/security/cve/CVE-2025-62725"
},
{
"category": "external",
"summary": "SUSE Bug 1252752 for CVE-2025-62725",
"url": "https://bugzilla.suse.com/1252752"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.s390x",
"SUSE Linux Micro 6.2:docker-compose-2.33.1-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-27T10:09:30Z",
"details": "important"
}
],
"title": "CVE-2025-62725"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…