Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-52565 (GCVE-0-2025-52565)
Vulnerability from cvelistv5 – Published: 2025-11-06 20:02 – Updated: 2025-11-06 21:32
VLAI
EPSS
Title
container escape due to /dev/console mount and related races
Summary
runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://github.com/opencontainers/runc/security/a… | x_refsource_CONFIRM |
| https://github.com/opencontainers/runc/commit/01d… | x_refsource_MISC |
| https://github.com/opencontainers/runc/commit/398… | x_refsource_MISC |
| https://github.com/opencontainers/runc/commit/531… | x_refsource_MISC |
| https://github.com/opencontainers/runc/commit/9be… | x_refsource_MISC |
| https://github.com/opencontainers/runc/commit/aee… | x_refsource_MISC |
| https://github.com/opencontainers/runc/commit/db1… | x_refsource_MISC |
| https://github.com/opencontainers/runc/commit/de8… | x_refsource_MISC |
| https://github.com/opencontainers/runc/commit/ff9… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| opencontainers | runc |
Affected:
>= 1.0.0-rc3, < 1.2.8
Affected: >= 1.3.0-rc.1, < 1.3.3 Affected: >= 1.4.0-rc.1, < 1.4.0-rc.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52565",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-06T21:32:07.457681Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T21:32:19.129Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "runc",
"vendor": "opencontainers",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0-rc3, \u003c 1.2.8"
},
{
"status": "affected",
"version": "\u003e= 1.3.0-rc.1, \u003c 1.3.3"
},
{
"status": "affected",
"version": "\u003e= 1.4.0-rc.1, \u003c 1.4.0-rc.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-363",
"description": "CWE-363: Race Condition Enabling Link Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T20:02:58.513Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r"
},
{
"name": "https://github.com/opencontainers/runc/commit/01de9d65dc72f67b256ef03f9bfb795a2bf143b4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencontainers/runc/commit/01de9d65dc72f67b256ef03f9bfb795a2bf143b4"
},
{
"name": "https://github.com/opencontainers/runc/commit/398955bccb7f20565c224a3064d331c19e422398",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencontainers/runc/commit/398955bccb7f20565c224a3064d331c19e422398"
},
{
"name": "https://github.com/opencontainers/runc/commit/531ef794e4ecd628006a865ad334a048ee2b4b2e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencontainers/runc/commit/531ef794e4ecd628006a865ad334a048ee2b4b2e"
},
{
"name": "https://github.com/opencontainers/runc/commit/9be1dbf4ac67d9840a043ebd2df5c68f36705d1d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencontainers/runc/commit/9be1dbf4ac67d9840a043ebd2df5c68f36705d1d"
},
{
"name": "https://github.com/opencontainers/runc/commit/aee7d3fe355dd02939d44155e308ea0052e0d53a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencontainers/runc/commit/aee7d3fe355dd02939d44155e308ea0052e0d53a"
},
{
"name": "https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64"
},
{
"name": "https://github.com/opencontainers/runc/commit/de87203e625cd7a27141fb5f2ad00a320c69c5e8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencontainers/runc/commit/de87203e625cd7a27141fb5f2ad00a320c69c5e8"
},
{
"name": "https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480"
}
],
"source": {
"advisory": "GHSA-qw9x-cqr3-wc7r",
"discovery": "UNKNOWN"
},
"title": "container escape due to /dev/console mount and related races"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-52565",
"datePublished": "2025-11-06T20:02:58.513Z",
"dateReserved": "2025-06-18T03:55:52.036Z",
"dateUpdated": "2025-11-06T21:32:19.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-52565",
"date": "2026-06-07",
"epss": "0.00026",
"percentile": "0.07652"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-52565\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-11-06T20:15:49.240\",\"lastModified\":\"2025-12-03T18:33:33.357\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.\"},{\"lang\":\"es\",\"value\":\"runc es una herramienta CLI para generar y ejecutar contenedores seg\u00fan la especificaci\u00f3n OCI. Las versiones 1.0.0-rc3 hasta la 1.2.7, 1.3.0-rc.1 hasta la 1.3.2, y 1.4.0-rc.1 hasta la 1.4.0-rc.2, debido a comprobaciones insuficientes al montar por enlace \u0027/dev/pts/$n\u0027 a \u0027/dev/console\u0027 dentro del contenedor, un atacante puede enga\u00f1ar a runc para que monte por enlace rutas que normalmente se har\u00edan de solo lectura o se enmascarar\u00edan en una ruta en la que el atacante pueda escribir. Este ataque es muy similar en concepto y aplicaci\u00f3n a CVE-2025-31133, excepto que ataca una vulnerabilidad similar en un objetivo diferente (es decir, el montaje por enlace de \u0027/dev/pts/$n\u0027 a \u0027/dev/console\u0027 tal como est\u00e1 configurado para todos los contenedores que asignan una consola). Esto ocurre despu\u00e9s de \u0027pivot_root(2)\u0027, por lo que esto no puede usarse para escribir directamente en archivos del host; sin embargo, al igual que con CVE-2025-31133, esto puede llevar a la denegaci\u00f3n de servicio del host o a un escape de contenedor al proporcionar al atacante una copia escribible de \u0027/proc/sysrq-trigger\u0027 o \u0027/proc/sys/kernel/core_pattern\u0027 (respectivamente). Este problema est\u00e1 solucionado en las versiones 1.2.8, 1.3.3 y 1.4.0-rc.3.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"PASSIVE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-61\"},{\"lang\":\"en\",\"value\":\"CWE-363\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.1\",\"versionEndExcluding\":\"1.2.8\",\"matchCriteriaId\":\"3282BD30-4E57-4E14-980A-964ACD33820C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.3.0\",\"versionEndExcluding\":\"1.3.3\",\"matchCriteriaId\":\"F3193A96-E882-439B-984E-782315C62F69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:runc:1.0.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E580E25-F94C-4DA4-8718-15D5F1C3ADAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:runc:1.0.0:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD565CE0-D9E9-4FD9-8998-8AC55030FAB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:runc:1.0.0:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"093326B1-448C-4E3B-886D-CAC8B6813BFF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:runc:1.0.0:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"F672C421-789D-4F21-B483-DA3EB251BA1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:runc:1.0.0:rc7:*:*:*:*:*:*\",\"matchCriteriaId\":\"E13C190A-D7CE-4204-8CEF-B7317D3FFBF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:runc:1.0.0:rc8:*:*:*:*:*:*\",\"matchCriteriaId\":\"15AEA3E2-A82F-4562-AFE6-B83A767B94E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:runc:1.0.0:rc9:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB5109FF-7C41-477E-B817-F63F06D866C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:runc:1.0.0:rc90:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6B8085F-4B68-47E4-8B4B-FB8C2742EEF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:runc:1.0.0:rc91:*:*:*:*:*:*\",\"matchCriteriaId\":\"978AFEA7-C64F-4B24-B314-4E0E7D5C521A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:runc:1.0.0:rc92:*:*:*:*:*:*\",\"matchCriteriaId\":\"A134E568-C11C-4D12-9B61-BFA58A080B96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:runc:1.0.0:rc93:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FAC79BA-7A2A-45E3-8806-E2C812991ACC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:runc:1.0.0:rc94:*:*:*:*:*:*\",\"matchCriteriaId\":\"151570F5-F04B-4F31-AE6E-F364FC8AC01C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:runc:1.0.0:rc95:*:*:*:*:*:*\",\"matchCriteriaId\":\"6208C863-487A-4343-B706-E84703C97116\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:runc:1.4.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"082E3496-822B-481B-AC2F-DA8DCAFC28FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:runc:1.4.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"71C62E90-6357-44A4-B582-28B1F1D9B16D\"}]}]}],\"references\":[{\"url\":\"https://github.com/opencontainers/runc/commit/01de9d65dc72f67b256ef03f9bfb795a2bf143b4\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/398955bccb7f20565c224a3064d331c19e422398\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/531ef794e4ecd628006a865ad334a048ee2b4b2e\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/9be1dbf4ac67d9840a043ebd2df5c68f36705d1d\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/aee7d3fe355dd02939d44155e308ea0052e0d53a\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/de87203e625cd7a27141fb5f2ad00a320c69c5e8\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Mitigation\",\"Patch\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-52565\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-11-06T21:32:07.457681Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-11-06T21:32:12.507Z\"}}], \"cna\": {\"title\": \"container escape due to /dev/console mount and related races\", \"source\": {\"advisory\": \"GHSA-qw9x-cqr3-wc7r\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:H/SI:H/SA:H\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"opencontainers\", \"product\": \"runc\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 1.0.0-rc3, \u003c 1.2.8\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.3.0-rc.1, \u003c 1.3.3\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.4.0-rc.1, \u003c 1.4.0-rc.3\"}]}], \"references\": [{\"url\": \"https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r\", \"name\": \"https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/01de9d65dc72f67b256ef03f9bfb795a2bf143b4\", \"name\": \"https://github.com/opencontainers/runc/commit/01de9d65dc72f67b256ef03f9bfb795a2bf143b4\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/398955bccb7f20565c224a3064d331c19e422398\", \"name\": \"https://github.com/opencontainers/runc/commit/398955bccb7f20565c224a3064d331c19e422398\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/531ef794e4ecd628006a865ad334a048ee2b4b2e\", \"name\": \"https://github.com/opencontainers/runc/commit/531ef794e4ecd628006a865ad334a048ee2b4b2e\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/9be1dbf4ac67d9840a043ebd2df5c68f36705d1d\", \"name\": \"https://github.com/opencontainers/runc/commit/9be1dbf4ac67d9840a043ebd2df5c68f36705d1d\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/aee7d3fe355dd02939d44155e308ea0052e0d53a\", \"name\": \"https://github.com/opencontainers/runc/commit/aee7d3fe355dd02939d44155e308ea0052e0d53a\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64\", \"name\": \"https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/de87203e625cd7a27141fb5f2ad00a320c69c5e8\", \"name\": \"https://github.com/opencontainers/runc/commit/de87203e625cd7a27141fb5f2ad00a320c69c5e8\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480\", \"name\": \"https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-61\", \"description\": \"CWE-61: UNIX Symbolic Link (Symlink) Following\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-363\", \"description\": \"CWE-363: Race Condition Enabling Link Following\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-11-06T20:02:58.513Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-52565\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-06T21:32:19.129Z\", \"dateReserved\": \"2025-06-18T03:55:52.036Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-11-06T20:02:58.513Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2026:20123-1
Vulnerability from csaf_suse - Published: 2026-01-22 13:01 - Updated: 2026-01-22 13:01Summary
Security update for buildah
Severity
Important
Notes
Title of the patch: Security update for buildah
Description of the patch: This update for buildah fixes the following issues:
- CVE-2025-47914: golang.org/x/crypto/ssh/agent: Fixed non validated message size causing a panic due to an out
of bounds read (bsc#1254054)
- CVE-2025-47913: golang.org/x/crypto/ssh/agent: Fixed client process termination when receiving an unexpected
message type in response to a key listing or signing request (bsc#1253598)
- CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Fixed container breakouts by bypassing runc's restrictions for writing to arbitrary /proc
files (bsc#1253096)
Other fixes:
- Updated to version 1.39.5.
Patchnames: SUSE-SLES-16.0-169
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
25 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for buildah",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for buildah fixes the following issues:\n\n- CVE-2025-47914: golang.org/x/crypto/ssh/agent: Fixed non validated message size causing a panic due to an out\n of bounds read (bsc#1254054)\n- CVE-2025-47913: golang.org/x/crypto/ssh/agent: Fixed client process termination when receiving an unexpected\n message type in response to a key listing or signing request (bsc#1253598)\n- CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Fixed container breakouts by bypassing runc\u0027s restrictions for writing to arbitrary /proc\n files (bsc#1253096)\n\nOther fixes:\n\n- Updated to version 1.39.5.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-169",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20123-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20123-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620123-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20123-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-January/043749.html"
},
{
"category": "self",
"summary": "SUSE Bug 1253096",
"url": "https://bugzilla.suse.com/1253096"
},
{
"category": "self",
"summary": "SUSE Bug 1253598",
"url": "https://bugzilla.suse.com/1253598"
},
{
"category": "self",
"summary": "SUSE Bug 1254054",
"url": "https://bugzilla.suse.com/1254054"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31133 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52565 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52565/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52881/"
}
],
"title": "Security update for buildah",
"tracking": {
"current_release_date": "2026-01-22T13:01:23Z",
"generator": {
"date": "2026-01-22T13:01:23Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20123-1",
"initial_release_date": "2026-01-22T13:01:23Z",
"revision_history": [
{
"date": "2026-01-22T13:01:23Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.39.5-160000.1.1.aarch64",
"product": {
"name": "buildah-1.39.5-160000.1.1.aarch64",
"product_id": "buildah-1.39.5-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.39.5-160000.1.1.ppc64le",
"product": {
"name": "buildah-1.39.5-160000.1.1.ppc64le",
"product_id": "buildah-1.39.5-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.39.5-160000.1.1.s390x",
"product": {
"name": "buildah-1.39.5-160000.1.1.s390x",
"product_id": "buildah-1.39.5-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.39.5-160000.1.1.x86_64",
"product": {
"name": "buildah-1.39.5-160000.1.1.x86_64",
"product_id": "buildah-1.39.5-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.39.5-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64"
},
"product_reference": "buildah-1.39.5-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.39.5-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le"
},
"product_reference": "buildah-1.39.5-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.39.5-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x"
},
"product_reference": "buildah-1.39.5-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.39.5-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64"
},
"product_reference": "buildah-1.39.5-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.39.5-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64"
},
"product_reference": "buildah-1.39.5-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.39.5-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le"
},
"product_reference": "buildah-1.39.5-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.39.5-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x"
},
"product_reference": "buildah-1.39.5-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.39.5-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
},
"product_reference": "buildah-1.39.5-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31133"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container\u0027s /dev/null) was actually a real /dev/null inode when using the container\u0027s /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31133",
"url": "https://www.suse.com/security/cve/CVE-2025-31133"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T13:01:23Z",
"details": "important"
}
],
"title": "CVE-2025-31133"
},
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T13:01:23Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2025-47914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47914"
}
],
"notes": [
{
"category": "general",
"text": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47914",
"url": "https://www.suse.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "SUSE Bug 1253967 for CVE-2025-47914",
"url": "https://bugzilla.suse.com/1253967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T13:01:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-47914"
},
{
"cve": "CVE-2025-52565",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52565"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52565",
"url": "https://www.suse.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T13:01:23Z",
"details": "important"
}
],
"title": "CVE-2025-52565"
},
{
"cve": "CVE-2025-52881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52881"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52881",
"url": "https://www.suse.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T13:01:23Z",
"details": "important"
}
],
"title": "CVE-2025-52881"
}
]
}
SUSE-SU-2026:20214-1
Vulnerability from csaf_suse - Published: 2026-01-30 14:35 - Updated: 2026-01-30 14:35Summary
Security update for alloy
Severity
Important
Notes
Title of the patch: Security update for alloy
Description of the patch: This update for alloy fixes the following issues:
Update to 1.12.2:
Security fixes:
- CVE-2025-68156: github.com/expr-lang/expr/builtin: Fixed potential DoS via unbounded recursion (bsc#1255333):
- CVE-2025-31133, CVE-2025-52565, CVE-2025-52881: github.com/opencontainers/runc: Fixed container
breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1255074)
Other fixes:
- Add missing configuration parameter
deployment_name_from_replicaset to k8sattributes processor
(5b90a9d) (@dehaansa)
- database_observability: Fix schema_details collector to fetch
column definitions with case sensitive table names (#4872)
(560dff4) (@jharvey10, @fridgepoet)
- deps: Update jose2go to 1.7.0 (#4858) (dfdd341) (@jharvey10)
- deps: Update npm dependencies [backport] (#5201) (8e06c26)
(@jharvey10)
- Ensure the squid exporter wrapper properly brackets ipv6
addresses [backport] (#5205) (e329cc6) (@dehaansa)
- Preserve meta labels in loki.source.podlogs (#5097) (ab4b21e)
(@kalleep)
- Prevent panic in import.git when update fails [backport]
(#5204) (c82fbae) (@dehaansa, @jharvey10)
- show correct fallback alloy version instead of v1.13.0
(#5110) (b72be99) (@dehaansa, @jharvey10)
Patchnames: SUSE-SLES-16.0-225
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for alloy",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for alloy fixes the following issues:\n\nUpdate to 1.12.2:\n\nSecurity fixes:\n\n- CVE-2025-68156: github.com/expr-lang/expr/builtin: Fixed potential DoS via unbounded recursion (bsc#1255333):\n- CVE-2025-31133, CVE-2025-52565, CVE-2025-52881: github.com/opencontainers/runc: Fixed container\n breakouts by bypassing runc\u0027s restrictions for writing to arbitrary /proc files (bsc#1255074)\n\nOther fixes:\n\n - Add missing configuration parameter\n deployment_name_from_replicaset to k8sattributes processor\n (5b90a9d) (@dehaansa)\n - database_observability: Fix schema_details collector to fetch\n column definitions with case sensitive table names (#4872)\n (560dff4) (@jharvey10, @fridgepoet)\n - deps: Update jose2go to 1.7.0 (#4858) (dfdd341) (@jharvey10)\n - deps: Update npm dependencies [backport] (#5201) (8e06c26)\n (@jharvey10)\n - Ensure the squid exporter wrapper properly brackets ipv6\n addresses [backport] (#5205) (e329cc6) (@dehaansa)\n - Preserve meta labels in loki.source.podlogs (#5097) (ab4b21e)\n (@kalleep)\n - Prevent panic in import.git when update fails [backport]\n (#5204) (c82fbae) (@dehaansa, @jharvey10)\n - show correct fallback alloy version instead of v1.13.0\n (#5110) (b72be99) (@dehaansa, @jharvey10)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-225",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20214-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20214-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620214-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20214-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024072.html"
},
{
"category": "self",
"summary": "SUSE Bug 1255074",
"url": "https://bugzilla.suse.com/1255074"
},
{
"category": "self",
"summary": "SUSE Bug 1255333",
"url": "https://bugzilla.suse.com/1255333"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31133 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52565 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52565/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68156 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68156/"
}
],
"title": "Security update for alloy",
"tracking": {
"current_release_date": "2026-01-30T14:35:10Z",
"generator": {
"date": "2026-01-30T14:35:10Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20214-1",
"initial_release_date": "2026-01-30T14:35:10Z",
"revision_history": [
{
"date": "2026-01-30T14:35:10Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "alloy-1.12.2-160000.1.1.aarch64",
"product": {
"name": "alloy-1.12.2-160000.1.1.aarch64",
"product_id": "alloy-1.12.2-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "alloy-1.12.2-160000.1.1.ppc64le",
"product": {
"name": "alloy-1.12.2-160000.1.1.ppc64le",
"product_id": "alloy-1.12.2-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "alloy-1.12.2-160000.1.1.s390x",
"product": {
"name": "alloy-1.12.2-160000.1.1.s390x",
"product_id": "alloy-1.12.2-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "alloy-1.12.2-160000.1.1.x86_64",
"product": {
"name": "alloy-1.12.2-160000.1.1.x86_64",
"product_id": "alloy-1.12.2-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.12.2-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.aarch64"
},
"product_reference": "alloy-1.12.2-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.12.2-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.ppc64le"
},
"product_reference": "alloy-1.12.2-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.12.2-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.s390x"
},
"product_reference": "alloy-1.12.2-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.12.2-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.x86_64"
},
"product_reference": "alloy-1.12.2-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.12.2-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.aarch64"
},
"product_reference": "alloy-1.12.2-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.12.2-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.ppc64le"
},
"product_reference": "alloy-1.12.2-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.12.2-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.s390x"
},
"product_reference": "alloy-1.12.2-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.12.2-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.x86_64"
},
"product_reference": "alloy-1.12.2-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31133"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container\u0027s /dev/null) was actually a real /dev/null inode when using the container\u0027s /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31133",
"url": "https://www.suse.com/security/cve/CVE-2025-31133"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-30T14:35:10Z",
"details": "important"
}
],
"title": "CVE-2025-31133"
},
{
"cve": "CVE-2025-52565",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52565"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52565",
"url": "https://www.suse.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-30T14:35:10Z",
"details": "important"
}
],
"title": "CVE-2025-52565"
},
{
"cve": "CVE-2025-52881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52881"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52881",
"url": "https://www.suse.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-30T14:35:10Z",
"details": "important"
}
],
"title": "CVE-2025-52881"
},
{
"cve": "CVE-2025-68156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68156"
}
],
"notes": [
{
"category": "general",
"text": "Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation environment contains deeply nested or cyclic data structures, these functions may recurse indefinitely until exceed the Go runtime stack limit. This results in a stack overflow panic, causing the host application to crash. While exploitability depends on whether an attacker can influence or inject cyclic or pathologically deep data into the\nevaluation environment, this behavior represents a denial-of-service (DoS) risk and affects overall library robustness. Instead of returning a recoverable evaluation error, the process may terminate unexpectedly. In affected versions, evaluation of expressions that invoke certain builtin functions on untrusted or insufficiently validated data structures can lead to a process-level crash due to stack exhaustion. This issue is most relevant in scenarios where Expr is used to evaluate expressions against externally supplied or dynamically constructed environments; cyclic references (directly or indirectly) can be introduced into arrays, maps, or structs; and there are no application-level safeguards preventing deeply nested input data. In typical use cases with controlled, acyclic data, the issue may not manifest. However, when present, the resulting panic can be used to reliably crash the application, constituting a denial of service. The issue has been fixed in the v1.17.7 versions of Expr. The patch introduces a maximum recursion depth limit for affected builtin functions. When this limit is exceeded, evaluation aborts gracefully and returns a descriptive error instead of panicking. Additionally, the maximum depth can be customized by users via `builtin.MaxDepth`, allowing applications with legitimate deep structures to raise the limit in a controlled manner. Users are strongly encouraged to upgrade to the patched release, which includes both the recursion guard and comprehensive test coverage to prevent regressions. For users who cannot immediately upgrade, some mitigations are recommended. Ensure that evaluation environments cannot contain cyclic references, validate or sanitize externally supplied data structures before passing them to Expr, and/or wrap expression evaluation with panic recovery to prevent a full process crash (as a last-resort defensive measure). These workarounds reduce risk but do not fully eliminate the issue without the patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68156",
"url": "https://www.suse.com/security/cve/CVE-2025-68156"
},
{
"category": "external",
"summary": "SUSE Bug 1255330 for CVE-2025-68156",
"url": "https://bugzilla.suse.com/1255330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-30T14:35:10Z",
"details": "important"
}
],
"title": "CVE-2025-68156"
}
]
}
SUSE-SU-2026:20626-1
Vulnerability from csaf_suse - Published: 2026-03-03 16:04 - Updated: 2026-03-03 16:04Summary
Security update for podman
Severity
Important
Notes
Title of the patch: Security update for podman
Description of the patch: This update for podman fixes the following issues:
Changes in podman:
- Add symlink to catatonit in /usr/libexec/podman (bsc#1248988)
- CVE-2025-47914: Fixed golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read (bsc#1253993)
- CVE-2025-47913: Fixed golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253542):
- CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Fixed runc: Container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1252376):
- CVE-2025-9566: Fixed that podman kube play command may overwrite host files (bsc#1249154):
Patchnames: SUSE-SLES-16.0-343
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.3 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
36 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for podman",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for podman fixes the following issues:\n\nChanges in podman:\n\n- Add symlink to catatonit in /usr/libexec/podman (bsc#1248988)\n\n- CVE-2025-47914: Fixed golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read (bsc#1253993)\n- CVE-2025-47913: Fixed golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253542):\n\n- CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Fixed runc: Container breakouts by bypassing runc\u0027s restrictions for writing to arbitrary /proc files (bsc#1252376):\n- CVE-2025-9566: Fixed that podman kube play command may overwrite host files (bsc#1249154):\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-343",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20626-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20626-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620626-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20626-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024648.html"
},
{
"category": "self",
"summary": "SUSE Bug 1248988",
"url": "https://bugzilla.suse.com/1248988"
},
{
"category": "self",
"summary": "SUSE Bug 1249154",
"url": "https://bugzilla.suse.com/1249154"
},
{
"category": "self",
"summary": "SUSE Bug 1252376",
"url": "https://bugzilla.suse.com/1252376"
},
{
"category": "self",
"summary": "SUSE Bug 1253542",
"url": "https://bugzilla.suse.com/1253542"
},
{
"category": "self",
"summary": "SUSE Bug 1253993",
"url": "https://bugzilla.suse.com/1253993"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31133 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52565 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52565/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-6032 page",
"url": "https://www.suse.com/security/cve/CVE-2025-6032/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-9566 page",
"url": "https://www.suse.com/security/cve/CVE-2025-9566/"
}
],
"title": "Security update for podman",
"tracking": {
"current_release_date": "2026-03-03T16:04:58Z",
"generator": {
"date": "2026-03-03T16:04:58Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20626-1",
"initial_release_date": "2026-03-03T16:04:58Z",
"revision_history": [
{
"date": "2026-03-03T16:04:58Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.4.1.aarch64",
"product": {
"name": "podman-5.4.2-160000.4.1.aarch64",
"product_id": "podman-5.4.2-160000.4.1.aarch64"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.4.1.aarch64",
"product": {
"name": "podman-remote-5.4.2-160000.4.1.aarch64",
"product_id": "podman-remote-5.4.2-160000.4.1.aarch64"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.4.1.aarch64",
"product": {
"name": "podmansh-5.4.2-160000.4.1.aarch64",
"product_id": "podmansh-5.4.2-160000.4.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-docker-5.4.2-160000.4.1.noarch",
"product": {
"name": "podman-docker-5.4.2-160000.4.1.noarch",
"product_id": "podman-docker-5.4.2-160000.4.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.4.1.ppc64le",
"product": {
"name": "podman-5.4.2-160000.4.1.ppc64le",
"product_id": "podman-5.4.2-160000.4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.4.1.ppc64le",
"product": {
"name": "podman-remote-5.4.2-160000.4.1.ppc64le",
"product_id": "podman-remote-5.4.2-160000.4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.4.1.ppc64le",
"product": {
"name": "podmansh-5.4.2-160000.4.1.ppc64le",
"product_id": "podmansh-5.4.2-160000.4.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.4.1.s390x",
"product": {
"name": "podman-5.4.2-160000.4.1.s390x",
"product_id": "podman-5.4.2-160000.4.1.s390x"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.4.1.s390x",
"product": {
"name": "podman-remote-5.4.2-160000.4.1.s390x",
"product_id": "podman-remote-5.4.2-160000.4.1.s390x"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.4.1.s390x",
"product": {
"name": "podmansh-5.4.2-160000.4.1.s390x",
"product_id": "podmansh-5.4.2-160000.4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.4.1.x86_64",
"product": {
"name": "podman-5.4.2-160000.4.1.x86_64",
"product_id": "podman-5.4.2-160000.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.4.1.x86_64",
"product": {
"name": "podman-remote-5.4.2-160000.4.1.x86_64",
"product_id": "podman-remote-5.4.2-160000.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.4.1.x86_64",
"product": {
"name": "podmansh-5.4.2-160000.4.1.x86_64",
"product_id": "podmansh-5.4.2-160000.4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podman-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podman-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x"
},
"product_reference": "podman-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podman-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-5.4.2-160000.4.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch"
},
"product_reference": "podman-docker-5.4.2-160000.4.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podmansh-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podmansh-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x"
},
"product_reference": "podmansh-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podmansh-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podman-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podman-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x"
},
"product_reference": "podman-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podman-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-5.4.2-160000.4.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch"
},
"product_reference": "podman-docker-5.4.2-160000.4.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podmansh-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podmansh-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x"
},
"product_reference": "podmansh-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podmansh-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22869"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22869",
"url": "https://www.suse.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "SUSE Bug 1239322 for CVE-2025-22869",
"url": "https://bugzilla.suse.com/1239322"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-22869"
},
{
"cve": "CVE-2025-31133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31133"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container\u0027s /dev/null) was actually a real /dev/null inode when using the container\u0027s /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31133",
"url": "https://www.suse.com/security/cve/CVE-2025-31133"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-31133"
},
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2025-47914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47914"
}
],
"notes": [
{
"category": "general",
"text": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47914",
"url": "https://www.suse.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "SUSE Bug 1253967 for CVE-2025-47914",
"url": "https://bugzilla.suse.com/1253967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-47914"
},
{
"cve": "CVE-2025-52565",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52565"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52565",
"url": "https://www.suse.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-52565"
},
{
"cve": "CVE-2025-52881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52881"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52881",
"url": "https://www.suse.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-52881"
},
{
"cve": "CVE-2025-6032",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-6032"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-6032",
"url": "https://www.suse.com/security/cve/CVE-2025-6032"
},
{
"category": "external",
"summary": "SUSE Bug 1245320 for CVE-2025-6032",
"url": "https://bugzilla.suse.com/1245320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-6032"
},
{
"cve": "CVE-2025-9566",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-9566"
}
],
"notes": [
{
"category": "general",
"text": "There\u0027s a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file.\n\nBinary-Affected: podman\nUpstream-version-introduced: v4.0.0\nUpstream-version-fixed: v5.6.1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-9566",
"url": "https://www.suse.com/security/cve/CVE-2025-9566"
},
{
"category": "external",
"summary": "SUSE Bug 1249154 for CVE-2025-9566",
"url": "https://bugzilla.suse.com/1249154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-9566"
}
]
}
SUSE-SU-2026:20641-1
Vulnerability from csaf_suse - Published: 2026-03-03 16:04 - Updated: 2026-03-03 16:04Summary
Security update for podman
Severity
Important
Notes
Title of the patch: Security update for podman
Description of the patch: This update for podman fixes the following issues:
Changes in podman:
- Add symlink to catatonit in /usr/libexec/podman (bsc#1248988)
- CVE-2025-47914: Fixed golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read (bsc#1253993)
- CVE-2025-47913: Fixed golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253542):
- CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Fixed runc: Container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1252376):
- CVE-2025-9566: Fixed that podman kube play command may overwrite host files (bsc#1249154):
Patchnames: SUSE-SL-Micro-6.2-343
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.3 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
36 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for podman",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for podman fixes the following issues:\n\nChanges in podman:\n\n- Add symlink to catatonit in /usr/libexec/podman (bsc#1248988)\n\n- CVE-2025-47914: Fixed golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read (bsc#1253993)\n- CVE-2025-47913: Fixed golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253542):\n\n- CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Fixed runc: Container breakouts by bypassing runc\u0027s restrictions for writing to arbitrary /proc files (bsc#1252376):\n- CVE-2025-9566: Fixed that podman kube play command may overwrite host files (bsc#1249154):\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SL-Micro-6.2-343",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20641-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20641-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620641-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20641-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024659.html"
},
{
"category": "self",
"summary": "SUSE Bug 1248988",
"url": "https://bugzilla.suse.com/1248988"
},
{
"category": "self",
"summary": "SUSE Bug 1249154",
"url": "https://bugzilla.suse.com/1249154"
},
{
"category": "self",
"summary": "SUSE Bug 1252376",
"url": "https://bugzilla.suse.com/1252376"
},
{
"category": "self",
"summary": "SUSE Bug 1253542",
"url": "https://bugzilla.suse.com/1253542"
},
{
"category": "self",
"summary": "SUSE Bug 1253993",
"url": "https://bugzilla.suse.com/1253993"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31133 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52565 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52565/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-6032 page",
"url": "https://www.suse.com/security/cve/CVE-2025-6032/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-9566 page",
"url": "https://www.suse.com/security/cve/CVE-2025-9566/"
}
],
"title": "Security update for podman",
"tracking": {
"current_release_date": "2026-03-03T16:04:58Z",
"generator": {
"date": "2026-03-03T16:04:58Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20641-1",
"initial_release_date": "2026-03-03T16:04:58Z",
"revision_history": [
{
"date": "2026-03-03T16:04:58Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.4.1.aarch64",
"product": {
"name": "podman-5.4.2-160000.4.1.aarch64",
"product_id": "podman-5.4.2-160000.4.1.aarch64"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.4.1.aarch64",
"product": {
"name": "podman-remote-5.4.2-160000.4.1.aarch64",
"product_id": "podman-remote-5.4.2-160000.4.1.aarch64"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.4.1.aarch64",
"product": {
"name": "podmansh-5.4.2-160000.4.1.aarch64",
"product_id": "podmansh-5.4.2-160000.4.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-docker-5.4.2-160000.4.1.noarch",
"product": {
"name": "podman-docker-5.4.2-160000.4.1.noarch",
"product_id": "podman-docker-5.4.2-160000.4.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.4.1.ppc64le",
"product": {
"name": "podman-5.4.2-160000.4.1.ppc64le",
"product_id": "podman-5.4.2-160000.4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.4.1.ppc64le",
"product": {
"name": "podman-remote-5.4.2-160000.4.1.ppc64le",
"product_id": "podman-remote-5.4.2-160000.4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.4.1.ppc64le",
"product": {
"name": "podmansh-5.4.2-160000.4.1.ppc64le",
"product_id": "podmansh-5.4.2-160000.4.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.4.1.s390x",
"product": {
"name": "podman-5.4.2-160000.4.1.s390x",
"product_id": "podman-5.4.2-160000.4.1.s390x"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.4.1.s390x",
"product": {
"name": "podman-remote-5.4.2-160000.4.1.s390x",
"product_id": "podman-remote-5.4.2-160000.4.1.s390x"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.4.1.s390x",
"product": {
"name": "podmansh-5.4.2-160000.4.1.s390x",
"product_id": "podmansh-5.4.2-160000.4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.4.1.x86_64",
"product": {
"name": "podman-5.4.2-160000.4.1.x86_64",
"product_id": "podman-5.4.2-160000.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.4.1.x86_64",
"product": {
"name": "podman-remote-5.4.2-160000.4.1.x86_64",
"product_id": "podman-remote-5.4.2-160000.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.4.1.x86_64",
"product": {
"name": "podmansh-5.4.2-160000.4.1.x86_64",
"product_id": "podmansh-5.4.2-160000.4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.2",
"product": {
"name": "SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:transactional"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podman-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podman-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x"
},
"product_reference": "podman-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podman-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-5.4.2-160000.4.1.noarch as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch"
},
"product_reference": "podman-docker-5.4.2-160000.4.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podmansh-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podmansh-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x"
},
"product_reference": "podmansh-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podmansh-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22869"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22869",
"url": "https://www.suse.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "SUSE Bug 1239322 for CVE-2025-22869",
"url": "https://bugzilla.suse.com/1239322"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-22869"
},
{
"cve": "CVE-2025-31133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31133"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container\u0027s /dev/null) was actually a real /dev/null inode when using the container\u0027s /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31133",
"url": "https://www.suse.com/security/cve/CVE-2025-31133"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-31133"
},
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2025-47914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47914"
}
],
"notes": [
{
"category": "general",
"text": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47914",
"url": "https://www.suse.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "SUSE Bug 1253967 for CVE-2025-47914",
"url": "https://bugzilla.suse.com/1253967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-47914"
},
{
"cve": "CVE-2025-52565",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52565"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52565",
"url": "https://www.suse.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-52565"
},
{
"cve": "CVE-2025-52881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52881"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52881",
"url": "https://www.suse.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-52881"
},
{
"cve": "CVE-2025-6032",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-6032"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-6032",
"url": "https://www.suse.com/security/cve/CVE-2025-6032"
},
{
"category": "external",
"summary": "SUSE Bug 1245320 for CVE-2025-6032",
"url": "https://bugzilla.suse.com/1245320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-6032"
},
{
"cve": "CVE-2025-9566",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-9566"
}
],
"notes": [
{
"category": "general",
"text": "There\u0027s a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file.\n\nBinary-Affected: podman\nUpstream-version-introduced: v4.0.0\nUpstream-version-fixed: v5.6.1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-9566",
"url": "https://www.suse.com/security/cve/CVE-2025-9566"
},
{
"category": "external",
"summary": "SUSE Bug 1249154 for CVE-2025-9566",
"url": "https://bugzilla.suse.com/1249154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-9566"
}
]
}
SUSE-SU-2026:21291-1
Vulnerability from csaf_suse - Published: 2026-04-23 12:23 - Updated: 2026-04-23 12:23Summary
Security update for podman
Severity
Important
Notes
Title of the patch: Security update for podman
Description of the patch: This update for podman fixes the following issues:
- CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1252376).
- CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253542).
- CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read (bsc#1253993).
Patchnames: SUSE-SLE-Micro-6.1-506
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-docker-5.4.2-slfo.1.1_4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-docker-5.4.2-slfo.1.1_4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-docker-5.4.2-slfo.1.1_4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-docker-5.4.2-slfo.1.1_4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-docker-5.4.2-slfo.1.1_4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
25 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for podman",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for podman fixes the following issues:\n\n- CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Container breakouts by bypassing runc\u0027s restrictions for writing to arbitrary /proc files (bsc#1252376).\n- CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253542).\n- CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read (bsc#1253993).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-506",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21291-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21291-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621291-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21291-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/046026.html"
},
{
"category": "self",
"summary": "SUSE Bug 1252376",
"url": "https://bugzilla.suse.com/1252376"
},
{
"category": "self",
"summary": "SUSE Bug 1253542",
"url": "https://bugzilla.suse.com/1253542"
},
{
"category": "self",
"summary": "SUSE Bug 1253993",
"url": "https://bugzilla.suse.com/1253993"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31133 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52565 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52565/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52881/"
}
],
"title": "Security update for podman",
"tracking": {
"current_release_date": "2026-04-23T12:23:33Z",
"generator": {
"date": "2026-04-23T12:23:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21291-1",
"initial_release_date": "2026-04-23T12:23:33Z",
"revision_history": [
{
"date": "2026-04-23T12:23:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-slfo.1.1_4.1.aarch64",
"product": {
"name": "podman-5.4.2-slfo.1.1_4.1.aarch64",
"product_id": "podman-5.4.2-slfo.1.1_4.1.aarch64"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-slfo.1.1_4.1.aarch64",
"product": {
"name": "podman-remote-5.4.2-slfo.1.1_4.1.aarch64",
"product_id": "podman-remote-5.4.2-slfo.1.1_4.1.aarch64"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-slfo.1.1_4.1.aarch64",
"product": {
"name": "podmansh-5.4.2-slfo.1.1_4.1.aarch64",
"product_id": "podmansh-5.4.2-slfo.1.1_4.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-docker-5.4.2-slfo.1.1_4.1.noarch",
"product": {
"name": "podman-docker-5.4.2-slfo.1.1_4.1.noarch",
"product_id": "podman-docker-5.4.2-slfo.1.1_4.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-slfo.1.1_4.1.ppc64le",
"product": {
"name": "podman-5.4.2-slfo.1.1_4.1.ppc64le",
"product_id": "podman-5.4.2-slfo.1.1_4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-slfo.1.1_4.1.ppc64le",
"product": {
"name": "podman-remote-5.4.2-slfo.1.1_4.1.ppc64le",
"product_id": "podman-remote-5.4.2-slfo.1.1_4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-slfo.1.1_4.1.ppc64le",
"product": {
"name": "podmansh-5.4.2-slfo.1.1_4.1.ppc64le",
"product_id": "podmansh-5.4.2-slfo.1.1_4.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-slfo.1.1_4.1.s390x",
"product": {
"name": "podman-5.4.2-slfo.1.1_4.1.s390x",
"product_id": "podman-5.4.2-slfo.1.1_4.1.s390x"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-slfo.1.1_4.1.s390x",
"product": {
"name": "podman-remote-5.4.2-slfo.1.1_4.1.s390x",
"product_id": "podman-remote-5.4.2-slfo.1.1_4.1.s390x"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-slfo.1.1_4.1.s390x",
"product": {
"name": "podmansh-5.4.2-slfo.1.1_4.1.s390x",
"product_id": "podmansh-5.4.2-slfo.1.1_4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-slfo.1.1_4.1.x86_64",
"product": {
"name": "podman-5.4.2-slfo.1.1_4.1.x86_64",
"product_id": "podman-5.4.2-slfo.1.1_4.1.x86_64"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-slfo.1.1_4.1.x86_64",
"product": {
"name": "podman-remote-5.4.2-slfo.1.1_4.1.x86_64",
"product_id": "podman-remote-5.4.2-slfo.1.1_4.1.x86_64"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-slfo.1.1_4.1.x86_64",
"product": {
"name": "podmansh-5.4.2-slfo.1.1_4.1.x86_64",
"product_id": "podmansh-5.4.2-slfo.1.1_4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-slfo.1.1_4.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.aarch64"
},
"product_reference": "podman-5.4.2-slfo.1.1_4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-slfo.1.1_4.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.ppc64le"
},
"product_reference": "podman-5.4.2-slfo.1.1_4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-slfo.1.1_4.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.s390x"
},
"product_reference": "podman-5.4.2-slfo.1.1_4.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-slfo.1.1_4.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.x86_64"
},
"product_reference": "podman-5.4.2-slfo.1.1_4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-5.4.2-slfo.1.1_4.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:podman-docker-5.4.2-slfo.1.1_4.1.noarch"
},
"product_reference": "podman-docker-5.4.2-slfo.1.1_4.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-slfo.1.1_4.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.aarch64"
},
"product_reference": "podman-remote-5.4.2-slfo.1.1_4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-slfo.1.1_4.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.ppc64le"
},
"product_reference": "podman-remote-5.4.2-slfo.1.1_4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-slfo.1.1_4.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.s390x"
},
"product_reference": "podman-remote-5.4.2-slfo.1.1_4.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-slfo.1.1_4.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.x86_64"
},
"product_reference": "podman-remote-5.4.2-slfo.1.1_4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-slfo.1.1_4.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.aarch64"
},
"product_reference": "podmansh-5.4.2-slfo.1.1_4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-slfo.1.1_4.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.ppc64le"
},
"product_reference": "podmansh-5.4.2-slfo.1.1_4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-slfo.1.1_4.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.s390x"
},
"product_reference": "podmansh-5.4.2-slfo.1.1_4.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-slfo.1.1_4.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.x86_64"
},
"product_reference": "podmansh-5.4.2-slfo.1.1_4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31133"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container\u0027s /dev/null) was actually a real /dev/null inode when using the container\u0027s /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.4.2-slfo.1.1_4.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31133",
"url": "https://www.suse.com/security/cve/CVE-2025-31133"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.4.2-slfo.1.1_4.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.4.2-slfo.1.1_4.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-23T12:23:33Z",
"details": "important"
}
],
"title": "CVE-2025-31133"
},
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.4.2-slfo.1.1_4.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.4.2-slfo.1.1_4.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.4.2-slfo.1.1_4.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-23T12:23:33Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2025-47914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47914"
}
],
"notes": [
{
"category": "general",
"text": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.4.2-slfo.1.1_4.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47914",
"url": "https://www.suse.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "SUSE Bug 1253967 for CVE-2025-47914",
"url": "https://bugzilla.suse.com/1253967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.4.2-slfo.1.1_4.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.4.2-slfo.1.1_4.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-23T12:23:33Z",
"details": "moderate"
}
],
"title": "CVE-2025-47914"
},
{
"cve": "CVE-2025-52565",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52565"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.4.2-slfo.1.1_4.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52565",
"url": "https://www.suse.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.4.2-slfo.1.1_4.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.4.2-slfo.1.1_4.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-23T12:23:33Z",
"details": "important"
}
],
"title": "CVE-2025-52565"
},
{
"cve": "CVE-2025-52881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52881"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.4.2-slfo.1.1_4.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52881",
"url": "https://www.suse.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.4.2-slfo.1.1_4.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podman-5.4.2-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:podman-docker-5.4.2-slfo.1.1_4.1.noarch",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podman-remote-5.4.2-slfo.1.1_4.1.x86_64",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.aarch64",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.ppc64le",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.s390x",
"SUSE Linux Micro 6.1:podmansh-5.4.2-slfo.1.1_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-23T12:23:33Z",
"details": "important"
}
],
"title": "CVE-2025-52881"
}
]
}
WID-SEC-W-2025-2518
Vulnerability from csaf_certbund - Published: 2025-11-09 23:00 - Updated: 2026-03-08 23:00Summary
Red Hat Enterprise Linux (runc): Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.
Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux und Red Hat OpenShift ausnutzen, um Sicherheitsvorkehrungen zu umgehen und einen Denial of Service herbeizuführen.
Betroffene Betriebssysteme: - Linux
- MacOS X
- Windows
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4
|
Container Platform 4 | |
|
Red Hat OpenShift Container Platform <4.16.55
Red Hat / OpenShift
|
Container Platform <4.16.55 | ||
|
Google Cloud Platform
Google
|
cpe:/a:google:cloud_platform:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Dell NetWorker vProxy <19.14
Dell / NetWorker
|
vProxy <19.14 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.34
Red Hat / OpenShift
|
Container Platform <4.18.34 | ||
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift API for Data Protection
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection
|
API for Data Protection | |
|
Docker Desktop <4.53.0
Docker / Desktop
|
<4.53.0 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4
|
Container Platform 4 | |
|
Red Hat OpenShift Container Platform <4.16.55
Red Hat / OpenShift
|
Container Platform <4.16.55 | ||
|
Google Cloud Platform
Google
|
cpe:/a:google:cloud_platform:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Dell NetWorker vProxy <19.14
Dell / NetWorker
|
vProxy <19.14 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.34
Red Hat / OpenShift
|
Container Platform <4.18.34 | ||
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift API for Data Protection
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection
|
API for Data Protection | |
|
Docker Desktop <4.53.0
Docker / Desktop
|
<4.53.0 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— |
Affected products
Known affected
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform 4
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_4
|
Container Platform 4 | |
|
Red Hat OpenShift Container Platform <4.16.55
Red Hat / OpenShift
|
Container Platform <4.16.55 | ||
|
Google Cloud Platform
Google
|
cpe:/a:google:cloud_platform:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Dell NetWorker vProxy <19.14
Dell / NetWorker
|
vProxy <19.14 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.34
Red Hat / OpenShift
|
Container Platform <4.18.34 | ||
|
Red Hat Enterprise Linux 8
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:8
|
8 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Red Hat OpenShift API for Data Protection
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection
|
API for Data Protection | |
|
Docker Desktop <4.53.0
Docker / Desktop
|
<4.53.0 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat Enterprise Linux 10
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:10
|
10 | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— |
References
85 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.\r\nRed Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux und Red Hat OpenShift ausnutzen, um Sicherheitsvorkehrungen zu umgehen und einen Denial of Service herbeizuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2518 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2518.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2518 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2518"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2025-11-09",
"url": "https://access.redhat.com/errata/RHSA-2025:19927"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-19927 vom 2025-11-10",
"url": "https://linux.oracle.com/errata/ELSA-2025-19927.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:20957 vom 2025-11-11",
"url": "https://access.redhat.com/errata/RHSA-2025:20957"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:21220 vom 2025-11-13",
"url": "https://access.redhat.com/errata/RHSA-2025:21220"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4081-1 vom 2025-11-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023271.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4079-1 vom 2025-11-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023273.html"
},
{
"category": "external",
"summary": "Google Cloud Platform Security Bulletin GCP-2025-066 vom 2025-11-12",
"url": "https://cloud.google.com/support/bulletins#gcp-2025-066"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:21232 vom 2025-11-13",
"url": "https://access.redhat.com/errata/RHSA-2025:21232"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:21633 vom 2025-11-18",
"url": "https://access.redhat.com/errata/RHSA-2025:21633"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:21634 vom 2025-11-18",
"url": "https://access.redhat.com/errata/RHSA-2025:21634"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:21702 vom 2025-11-18",
"url": "https://access.redhat.com/errata/RHSA-2025:21702"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-21232 vom 2025-11-19",
"url": "http://linux.oracle.com/errata/ELSA-2025-21232.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:21220 vom 2025-11-21",
"url": "https://errata.build.resf.org/RLSA-2025:21220"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025-20072-1 vom 2025-11-21",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4N2IX7IISA25FKW73QLMICMR3RMBJMXC/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4073-2 vom 2025-11-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023325.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22030 vom 2025-11-25",
"url": "https://access.redhat.com/errata/RHSA-2025:22030"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22012 vom 2025-11-25",
"url": "https://access.redhat.com/errata/RHSA-2025:22012"
},
{
"category": "external",
"summary": "Google Cloud Platform Security Bulletin GCP-2025-069 vom 2025-11-24",
"url": "https://cloud.google.com/support/bulletins#gcp-2025-069"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22011 vom 2025-11-25",
"url": "https://access.redhat.com/errata/RHSA-2025:22011"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-7851-2 vom 2025-11-24",
"url": "https://ubuntu.com/security/notices/USN-7851-2"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-21702 vom 2025-11-26",
"url": "https://linux.oracle.com/errata/ELSA-2025-21702.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-20957 vom 2025-11-26",
"url": "https://linux.oracle.com/errata/ELSA-2025-20957.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-22011 vom 2025-11-26",
"url": "https://linux.oracle.com/errata/ELSA-2025-22011.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:21795 vom 2025-11-27",
"url": "https://access.redhat.com/errata/RHSA-2025:21795"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:21824 vom 2025-11-27",
"url": "https://access.redhat.com/errata/RHSA-2025:21824"
},
{
"category": "external",
"summary": "Docker Desktop Release Notes 4.53.0 vom 2025-11-27",
"url": "https://docs.docker.com/desktop/release-notes/#4530"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:21038-1 vom 2025-11-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023395.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:21054-1 vom 2025-11-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023420.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:21036-1 vom 2025-11-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023397.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:21232 vom 2025-11-28",
"url": "https://errata.build.resf.org/RLSA-2025:21232"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:22012 vom 2025-11-28",
"url": "https://errata.build.resf.org/RLSA-2025:22012"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:22011 vom 2025-11-28",
"url": "https://errata.build.resf.org/RLSA-2025:22011"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:21072-1 vom 2025-11-28",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023432.html"
},
{
"category": "external",
"summary": "Container-Optimized OS release notes vom 2025-12-02",
"url": "https://docs.cloud.google.com/container-optimized-os/docs/release-notes#November_07_2025"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-21220 vom 2025-12-03",
"url": "https://linux.oracle.com/errata/ELSA-2025-21220.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-22012 vom 2025-12-03",
"url": "https://linux.oracle.com/errata/ELSA-2025-22012.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22275 vom 2025-12-05",
"url": "https://access.redhat.com/errata/RHSA-2025:22275"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23078 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23078"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23079 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23079"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23080 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23080"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:21136-1 vom 2025-12-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-December/023516.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23202 vom 2025-12-15",
"url": "https://access.redhat.com/errata/RHSA-2025:23202"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23449 vom 2025-12-17",
"url": "https://access.redhat.com/errata/RHSA-2025:23449"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23543 vom 2025-12-18",
"url": "https://access.redhat.com/errata/RHSA-2025:23543"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23347 vom 2025-12-18",
"url": "https://access.redhat.com/errata/RHSA-2025:23347"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2025:23543 vom 2025-12-18",
"url": "https://errata.build.resf.org/RLSA-2025:23543"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:15843-1 vom 2025-12-25",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/QQPKJQ6SZIZSADP4WF47M27JCPCWUOEL/"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-23543 vom 2025-12-25",
"url": "http://linux.oracle.com/errata/ELSA-2025-23543.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0050 vom 2026-01-05",
"url": "https://access.redhat.com/errata/RHSA-2026:0050"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23113 vom 2026-01-07",
"url": "https://access.redhat.com/errata/RHSA-2025:23113"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0424 vom 2026-01-12",
"url": "https://access.redhat.com/errata/RHSA-2026:0424"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0426 vom 2026-01-12",
"url": "https://access.redhat.com/errata/RHSA-2026:0426"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0425 vom 2026-01-12",
"url": "https://access.redhat.com/errata/RHSA-2026:0425"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0315 vom 2026-01-15",
"url": "https://access.redhat.com/errata/RHSA-2026:0315"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0316 vom 2026-01-15",
"url": "https://access.redhat.com/errata/RHSA-2026:0316"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0418 vom 2026-01-15",
"url": "https://access.redhat.com/errata/RHSA-2026:0418"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0331 vom 2026-01-15",
"url": "https://access.redhat.com/errata/RHSA-2026:0331"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0676 vom 2026-01-22",
"url": "https://access.redhat.com/errata/RHSA-2026:0676"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0701 vom 2026-01-22",
"url": "https://access.redhat.com/errata/RHSA-2026:0701"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20103-1 vom 2026-01-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023881.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20116-1 vom 2026-01-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023875.html"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2026-030 vom 2026-01-30",
"url": "https://www.dell.com/support/kbdoc/de-de/000421570/dsa-2026-030-security-update-for-dell-networker-vproxy-multiple-third-party-component-vulnerabilities"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0995 vom 2026-01-30",
"url": "https://access.redhat.com/errata/RHSA-2026:0995"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1730 vom 2026-02-02",
"url": "https://access.redhat.com/errata/RHSA-2026:1730"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:20140-1 vom 2026-02-03",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MAQDE5E54BFLPO3DKRMUKWK3AXGAW3EP/"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1942 vom 2026-02-04",
"url": "https://access.redhat.com/errata/RHSA-2026:1942"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2034 vom 2026-02-05",
"url": "https://access.redhat.com/errata/RHSA-2026:2034"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1540 vom 2026-02-05",
"url": "https://access.redhat.com/errata/RHSA-2026:1540"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2106 vom 2026-02-05",
"url": "https://access.redhat.com/errata/RHSA-2026:2106"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2343 vom 2026-02-09",
"url": "https://access.redhat.com/errata/RHSA-2026:2343"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2456 vom 2026-02-10",
"url": "https://access.redhat.com/errata/RHSA-2026:2456"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2754 vom 2026-02-16",
"url": "https://access.redhat.com/errata/RHSA-2026:2754"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2681 vom 2026-02-16",
"url": "https://access.redhat.com/errata/RHSA-2026:2681"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2762 vom 2026-02-16",
"url": "https://access.redhat.com/errata/RHSA-2026:2762"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2695 vom 2026-02-16",
"url": "https://access.redhat.com/errata/RHSA-2026:2695"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2951 vom 2026-02-18",
"url": "https://access.redhat.com/errata/RHSA-2026:2951"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:2975 vom 2026-02-25",
"url": "https://access.redhat.com/errata/RHSA-2026:2975"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3462 vom 2026-02-27",
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3461 vom 2026-02-27",
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3416 vom 2026-03-04",
"url": "https://access.redhat.com/errata/RHSA-2026:3416"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3713 vom 2026-03-04",
"url": "https://access.redhat.com/errata/RHSA-2026:3713"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:3391 vom 2026-03-05",
"url": "https://access.redhat.com/errata/RHSA-2026:3391"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:20641-1 vom 2026-03-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024659.html"
}
],
"source_lang": "en-US",
"title": "Red Hat Enterprise Linux (runc): Mehrere Schwachstellen erm\u00f6glichen Umgehen von Sicherheitsvorkehrungen",
"tracking": {
"current_release_date": "2026-03-08T23:00:00.000+00:00",
"generator": {
"date": "2026-03-09T09:16:42.913+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-2518",
"initial_release_date": "2025-11-09T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-11-09T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-11-11T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-11-12T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat, SUSE und Google aufgenommen"
},
{
"date": "2025-11-17T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-11-18T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-11-19T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-11-23T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Rocky Enterprise Software Foundation und openSUSE aufgenommen"
},
{
"date": "2025-11-24T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat, Google und Ubuntu aufgenommen"
},
{
"date": "2025-11-25T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-11-26T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-11-27T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Docker Desktop aufgenommen"
},
{
"date": "2025-11-30T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-12-01T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-12-03T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2025-12-07T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-12-10T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat und SUSE aufgenommen"
},
{
"date": "2025-12-15T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-12-16T23:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-12-17T23:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-12-28T23:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von openSUSE und Oracle Linux aufgenommen"
},
{
"date": "2026-01-04T23:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-01-06T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-01-11T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-01-14T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-01-15T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-01-22T23:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-01-29T23:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2026-02-01T23:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-02T23:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-03T23:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2026-02-04T23:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-05T23:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-09T23:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-10T23:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-16T23:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-18T23:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-25T23:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-03-01T23:00:00.000+00:00",
"number": "38",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-03-03T23:00:00.000+00:00",
"number": "39",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-03-04T23:00:00.000+00:00",
"number": "40",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-03-08T23:00:00.000+00:00",
"number": "41",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "41"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vProxy \u003c19.14",
"product": {
"name": "Dell NetWorker vProxy \u003c19.14",
"product_id": "T050451"
}
},
{
"category": "product_version",
"name": "vProxy 19.14",
"product": {
"name": "Dell NetWorker vProxy 19.14",
"product_id": "T050451-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:vproxy__19.14"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.53.0",
"product": {
"name": "Docker Desktop \u003c4.53.0",
"product_id": "T048947"
}
},
{
"category": "product_version",
"name": "4.53.0",
"product": {
"name": "Docker Desktop 4.53.0",
"product_id": "T048947-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:docker:desktop:4.53.0"
}
}
}
],
"category": "product_name",
"name": "Desktop"
}
],
"category": "vendor",
"name": "Docker"
},
{
"branches": [
{
"category": "product_name",
"name": "Google Cloud Platform",
"product": {
"name": "Google Cloud Platform",
"product_id": "393401",
"product_identification_helper": {
"cpe": "cpe:/a:google:cloud_platform:-"
}
}
},
{
"category": "product_name",
"name": "Google Container-Optimized OS",
"product": {
"name": "Google Container-Optimized OS",
"product_id": "1607324",
"product_identification_helper": {
"cpe": "cpe:/o:google:container-optimized_os:-"
}
}
}
],
"category": "vendor",
"name": "Google"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "9",
"product": {
"name": "Red Hat Enterprise Linux 9",
"product_id": "T034465",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9"
}
}
},
{
"category": "product_version",
"name": "8",
"product": {
"name": "Red Hat Enterprise Linux 8",
"product_id": "T035191",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8"
}
}
},
{
"category": "product_version",
"name": "10",
"product": {
"name": "Red Hat Enterprise Linux 10",
"product_id": "T048374",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "Container Platform 4",
"product": {
"name": "Red Hat OpenShift Container Platform 4",
"product_id": "T032877",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform_4"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.16.55",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.16.55",
"product_id": "T050026"
}
},
{
"category": "product_version",
"name": "Container Platform 4.16.55",
"product": {
"name": "Red Hat OpenShift Container Platform 4.16.55",
"product_id": "T050026-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.16.55"
}
}
},
{
"category": "product_version",
"name": "API for Data Protection",
"product": {
"name": "Red Hat OpenShift API for Data Protection",
"product_id": "T050615",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:api_for_data_protection"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.18.34",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.18.34",
"product_id": "T051178"
}
},
{
"category": "product_version",
"name": "Container Platform 4.18.34",
"product": {
"name": "Red Hat OpenShift Container Platform 4.18.34",
"product_id": "T051178-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.18.34"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31133",
"product_status": {
"known_affected": [
"67646",
"T032877",
"T050026",
"393401",
"T004914",
"T050451",
"T032255",
"T051178",
"T035191",
"T002207",
"T000126",
"T050615",
"T048947",
"T027843",
"1607324"
]
},
"release_date": "2025-11-09T23:00:00.000+00:00",
"title": "CVE-2025-31133"
},
{
"cve": "CVE-2025-52565",
"product_status": {
"known_affected": [
"67646",
"T032877",
"T050026",
"393401",
"T004914",
"T050451",
"T032255",
"T051178",
"T035191",
"T002207",
"T000126",
"T050615",
"T048947",
"T027843",
"1607324"
]
},
"release_date": "2025-11-09T23:00:00.000+00:00",
"title": "CVE-2025-52565"
},
{
"cve": "CVE-2025-52881",
"product_status": {
"known_affected": [
"67646",
"T032877",
"T050026",
"393401",
"T004914",
"T050451",
"T032255",
"T051178",
"T035191",
"T002207",
"T000126",
"T050615",
"T048947",
"T027843",
"T048374",
"1607324"
]
},
"release_date": "2025-11-09T23:00:00.000+00:00",
"title": "CVE-2025-52881"
}
]
}
WID-SEC-W-2025-2563
Vulnerability from csaf_certbund - Published: 2025-11-11 23:00 - Updated: 2025-12-14 23:00Summary
Microsoft Azure Linux: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Microsoft Azure Linux ist eine von Microsoft entwickelte Linux-Distribution, die für die Ausführung von Workloads in der Azure-Cloud optimiert ist.
Windows ist ein Betriebssystem von Microsoft.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Microsoft Azure Linux und Microsoft Windows ausnutzen um erhöhte Privilegien zu erlangen, beliebigen Code auszuführen, die Authentifizierung zu umgehen, Spoofing-Angriffe durchzuführen, einen Denial-of-Service-Zustand zu verursachen oder andere, nicht näher spezifizierte Angriffe durchzuführen.
Betroffene Betriebssysteme: - Windows
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Microsoft Azure Linux azl3 nghttp2 1.61.0-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_nghttp2_1.61.0-2_on_3.0
|
azl3 nghttp2 1.61.0-2 on 3.0 | |
|
Microsoft Azure Linux azl3 kubevirt 1.5.0-5 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kubevirt_1.5.0-5_on_3.0
|
azl3 kubevirt 1.5.0-5 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.86.0-9 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.86.0-9_on_3.0
|
azl3 rust 1.86.0-9 on 3.0 | |
|
Microsoft Azure Linux azl3 containerd2 2.0.0-14 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_containerd2_2.0.0-14_on_3.0
|
azl3 containerd2 2.0.0-14 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.75.0-21 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.75.0-21_on_3.0
|
azl3 rust 1.75.0-21 on 3.0 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Microsoft Azure Linux azl3 curl 8.11.1-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_curl_8.11.1-4_on_3.0
|
azl3 curl 8.11.1-4 on 3.0 | |
|
Microsoft Azure Linux azl3 kernel 6.6.104.2-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kernel_6.6.104.2-4_on_3.0
|
azl3 kernel 6.6.104.2-4 on 3.0 | |
|
Microsoft Azure Linux azl3 libarchive 3.7.7-3 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libarchive_3.7.7-3_on_3.0
|
azl3 libarchive 3.7.7-3 on 3.0 | |
|
Microsoft Azure Linux azl3 runc 1.3.3-1 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_runc_1.3.3-1_on_3.0
|
azl3 runc 1.3.3-1 on 3.0 | |
|
Microsoft Azure Linux azl3 libxml2 2.11.5-7 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libxml2_2.11.5-7_on_3.0
|
azl3 libxml2 2.11.5-7 on 3.0 | |
|
Microsoft Azure Linux azl3 mysql 8.0.44-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_mysql_8.0.44-2_on_3.0
|
azl3 mysql 8.0.44-2 on 3.0 | |
|
Microsoft Windows Subsystem for Linux GUI
Microsoft / Windows
|
cpe:/o:microsoft:windows:subsystem_for_linux_gui
|
Subsystem for Linux GUI | |
|
Microsoft Azure Linux azl3 cmake 3.30.3-10 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_cmake_3.30.3-10_on_3.0
|
azl3 cmake 3.30.3-10 on 3.0 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Microsoft Azure Linux azl3 nghttp2 1.61.0-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_nghttp2_1.61.0-2_on_3.0
|
azl3 nghttp2 1.61.0-2 on 3.0 | |
|
Microsoft Azure Linux azl3 kubevirt 1.5.0-5 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kubevirt_1.5.0-5_on_3.0
|
azl3 kubevirt 1.5.0-5 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.86.0-9 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.86.0-9_on_3.0
|
azl3 rust 1.86.0-9 on 3.0 | |
|
Microsoft Azure Linux azl3 containerd2 2.0.0-14 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_containerd2_2.0.0-14_on_3.0
|
azl3 containerd2 2.0.0-14 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.75.0-21 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.75.0-21_on_3.0
|
azl3 rust 1.75.0-21 on 3.0 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Microsoft Azure Linux azl3 curl 8.11.1-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_curl_8.11.1-4_on_3.0
|
azl3 curl 8.11.1-4 on 3.0 | |
|
Microsoft Azure Linux azl3 kernel 6.6.104.2-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kernel_6.6.104.2-4_on_3.0
|
azl3 kernel 6.6.104.2-4 on 3.0 | |
|
Microsoft Azure Linux azl3 libarchive 3.7.7-3 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libarchive_3.7.7-3_on_3.0
|
azl3 libarchive 3.7.7-3 on 3.0 | |
|
Microsoft Azure Linux azl3 runc 1.3.3-1 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_runc_1.3.3-1_on_3.0
|
azl3 runc 1.3.3-1 on 3.0 | |
|
Microsoft Azure Linux azl3 libxml2 2.11.5-7 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libxml2_2.11.5-7_on_3.0
|
azl3 libxml2 2.11.5-7 on 3.0 | |
|
Microsoft Azure Linux azl3 mysql 8.0.44-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_mysql_8.0.44-2_on_3.0
|
azl3 mysql 8.0.44-2 on 3.0 | |
|
Microsoft Windows Subsystem for Linux GUI
Microsoft / Windows
|
cpe:/o:microsoft:windows:subsystem_for_linux_gui
|
Subsystem for Linux GUI | |
|
Microsoft Azure Linux azl3 cmake 3.30.3-10 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_cmake_3.30.3-10_on_3.0
|
azl3 cmake 3.30.3-10 on 3.0 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Microsoft Azure Linux azl3 nghttp2 1.61.0-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_nghttp2_1.61.0-2_on_3.0
|
azl3 nghttp2 1.61.0-2 on 3.0 | |
|
Microsoft Azure Linux azl3 kubevirt 1.5.0-5 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kubevirt_1.5.0-5_on_3.0
|
azl3 kubevirt 1.5.0-5 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.86.0-9 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.86.0-9_on_3.0
|
azl3 rust 1.86.0-9 on 3.0 | |
|
Microsoft Azure Linux azl3 containerd2 2.0.0-14 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_containerd2_2.0.0-14_on_3.0
|
azl3 containerd2 2.0.0-14 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.75.0-21 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.75.0-21_on_3.0
|
azl3 rust 1.75.0-21 on 3.0 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Microsoft Azure Linux azl3 curl 8.11.1-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_curl_8.11.1-4_on_3.0
|
azl3 curl 8.11.1-4 on 3.0 | |
|
Microsoft Azure Linux azl3 kernel 6.6.104.2-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kernel_6.6.104.2-4_on_3.0
|
azl3 kernel 6.6.104.2-4 on 3.0 | |
|
Microsoft Azure Linux azl3 libarchive 3.7.7-3 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libarchive_3.7.7-3_on_3.0
|
azl3 libarchive 3.7.7-3 on 3.0 | |
|
Microsoft Azure Linux azl3 runc 1.3.3-1 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_runc_1.3.3-1_on_3.0
|
azl3 runc 1.3.3-1 on 3.0 | |
|
Microsoft Azure Linux azl3 libxml2 2.11.5-7 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libxml2_2.11.5-7_on_3.0
|
azl3 libxml2 2.11.5-7 on 3.0 | |
|
Microsoft Azure Linux azl3 mysql 8.0.44-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_mysql_8.0.44-2_on_3.0
|
azl3 mysql 8.0.44-2 on 3.0 | |
|
Microsoft Windows Subsystem for Linux GUI
Microsoft / Windows
|
cpe:/o:microsoft:windows:subsystem_for_linux_gui
|
Subsystem for Linux GUI | |
|
Microsoft Azure Linux azl3 cmake 3.30.3-10 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_cmake_3.30.3-10_on_3.0
|
azl3 cmake 3.30.3-10 on 3.0 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Microsoft Azure Linux azl3 nghttp2 1.61.0-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_nghttp2_1.61.0-2_on_3.0
|
azl3 nghttp2 1.61.0-2 on 3.0 | |
|
Microsoft Azure Linux azl3 kubevirt 1.5.0-5 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kubevirt_1.5.0-5_on_3.0
|
azl3 kubevirt 1.5.0-5 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.86.0-9 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.86.0-9_on_3.0
|
azl3 rust 1.86.0-9 on 3.0 | |
|
Microsoft Azure Linux azl3 containerd2 2.0.0-14 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_containerd2_2.0.0-14_on_3.0
|
azl3 containerd2 2.0.0-14 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.75.0-21 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.75.0-21_on_3.0
|
azl3 rust 1.75.0-21 on 3.0 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Microsoft Azure Linux azl3 curl 8.11.1-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_curl_8.11.1-4_on_3.0
|
azl3 curl 8.11.1-4 on 3.0 | |
|
Microsoft Azure Linux azl3 kernel 6.6.104.2-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kernel_6.6.104.2-4_on_3.0
|
azl3 kernel 6.6.104.2-4 on 3.0 | |
|
Microsoft Azure Linux azl3 libarchive 3.7.7-3 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libarchive_3.7.7-3_on_3.0
|
azl3 libarchive 3.7.7-3 on 3.0 | |
|
Microsoft Azure Linux azl3 runc 1.3.3-1 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_runc_1.3.3-1_on_3.0
|
azl3 runc 1.3.3-1 on 3.0 | |
|
Microsoft Azure Linux azl3 libxml2 2.11.5-7 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libxml2_2.11.5-7_on_3.0
|
azl3 libxml2 2.11.5-7 on 3.0 | |
|
Microsoft Azure Linux azl3 mysql 8.0.44-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_mysql_8.0.44-2_on_3.0
|
azl3 mysql 8.0.44-2 on 3.0 | |
|
Microsoft Windows Subsystem for Linux GUI
Microsoft / Windows
|
cpe:/o:microsoft:windows:subsystem_for_linux_gui
|
Subsystem for Linux GUI | |
|
Microsoft Azure Linux azl3 cmake 3.30.3-10 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_cmake_3.30.3-10_on_3.0
|
azl3 cmake 3.30.3-10 on 3.0 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Microsoft Azure Linux azl3 nghttp2 1.61.0-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_nghttp2_1.61.0-2_on_3.0
|
azl3 nghttp2 1.61.0-2 on 3.0 | |
|
Microsoft Azure Linux azl3 kubevirt 1.5.0-5 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kubevirt_1.5.0-5_on_3.0
|
azl3 kubevirt 1.5.0-5 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.86.0-9 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.86.0-9_on_3.0
|
azl3 rust 1.86.0-9 on 3.0 | |
|
Microsoft Azure Linux azl3 containerd2 2.0.0-14 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_containerd2_2.0.0-14_on_3.0
|
azl3 containerd2 2.0.0-14 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.75.0-21 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.75.0-21_on_3.0
|
azl3 rust 1.75.0-21 on 3.0 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Microsoft Azure Linux azl3 curl 8.11.1-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_curl_8.11.1-4_on_3.0
|
azl3 curl 8.11.1-4 on 3.0 | |
|
Microsoft Azure Linux azl3 kernel 6.6.104.2-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kernel_6.6.104.2-4_on_3.0
|
azl3 kernel 6.6.104.2-4 on 3.0 | |
|
Microsoft Azure Linux azl3 libarchive 3.7.7-3 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libarchive_3.7.7-3_on_3.0
|
azl3 libarchive 3.7.7-3 on 3.0 | |
|
Microsoft Azure Linux azl3 runc 1.3.3-1 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_runc_1.3.3-1_on_3.0
|
azl3 runc 1.3.3-1 on 3.0 | |
|
Microsoft Azure Linux azl3 libxml2 2.11.5-7 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libxml2_2.11.5-7_on_3.0
|
azl3 libxml2 2.11.5-7 on 3.0 | |
|
Microsoft Azure Linux azl3 mysql 8.0.44-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_mysql_8.0.44-2_on_3.0
|
azl3 mysql 8.0.44-2 on 3.0 | |
|
Microsoft Windows Subsystem for Linux GUI
Microsoft / Windows
|
cpe:/o:microsoft:windows:subsystem_for_linux_gui
|
Subsystem for Linux GUI | |
|
Microsoft Azure Linux azl3 cmake 3.30.3-10 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_cmake_3.30.3-10_on_3.0
|
azl3 cmake 3.30.3-10 on 3.0 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Microsoft Azure Linux azl3 nghttp2 1.61.0-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_nghttp2_1.61.0-2_on_3.0
|
azl3 nghttp2 1.61.0-2 on 3.0 | |
|
Microsoft Azure Linux azl3 kubevirt 1.5.0-5 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kubevirt_1.5.0-5_on_3.0
|
azl3 kubevirt 1.5.0-5 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.86.0-9 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.86.0-9_on_3.0
|
azl3 rust 1.86.0-9 on 3.0 | |
|
Microsoft Azure Linux azl3 containerd2 2.0.0-14 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_containerd2_2.0.0-14_on_3.0
|
azl3 containerd2 2.0.0-14 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.75.0-21 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.75.0-21_on_3.0
|
azl3 rust 1.75.0-21 on 3.0 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Microsoft Azure Linux azl3 curl 8.11.1-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_curl_8.11.1-4_on_3.0
|
azl3 curl 8.11.1-4 on 3.0 | |
|
Microsoft Azure Linux azl3 kernel 6.6.104.2-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kernel_6.6.104.2-4_on_3.0
|
azl3 kernel 6.6.104.2-4 on 3.0 | |
|
Microsoft Azure Linux azl3 libarchive 3.7.7-3 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libarchive_3.7.7-3_on_3.0
|
azl3 libarchive 3.7.7-3 on 3.0 | |
|
Microsoft Azure Linux azl3 runc 1.3.3-1 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_runc_1.3.3-1_on_3.0
|
azl3 runc 1.3.3-1 on 3.0 | |
|
Microsoft Azure Linux azl3 libxml2 2.11.5-7 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libxml2_2.11.5-7_on_3.0
|
azl3 libxml2 2.11.5-7 on 3.0 | |
|
Microsoft Azure Linux azl3 mysql 8.0.44-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_mysql_8.0.44-2_on_3.0
|
azl3 mysql 8.0.44-2 on 3.0 | |
|
Microsoft Windows Subsystem for Linux GUI
Microsoft / Windows
|
cpe:/o:microsoft:windows:subsystem_for_linux_gui
|
Subsystem for Linux GUI | |
|
Microsoft Azure Linux azl3 cmake 3.30.3-10 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_cmake_3.30.3-10_on_3.0
|
azl3 cmake 3.30.3-10 on 3.0 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Microsoft Azure Linux azl3 nghttp2 1.61.0-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_nghttp2_1.61.0-2_on_3.0
|
azl3 nghttp2 1.61.0-2 on 3.0 | |
|
Microsoft Azure Linux azl3 kubevirt 1.5.0-5 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kubevirt_1.5.0-5_on_3.0
|
azl3 kubevirt 1.5.0-5 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.86.0-9 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.86.0-9_on_3.0
|
azl3 rust 1.86.0-9 on 3.0 | |
|
Microsoft Azure Linux azl3 containerd2 2.0.0-14 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_containerd2_2.0.0-14_on_3.0
|
azl3 containerd2 2.0.0-14 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.75.0-21 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.75.0-21_on_3.0
|
azl3 rust 1.75.0-21 on 3.0 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Microsoft Azure Linux azl3 curl 8.11.1-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_curl_8.11.1-4_on_3.0
|
azl3 curl 8.11.1-4 on 3.0 | |
|
Microsoft Azure Linux azl3 kernel 6.6.104.2-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kernel_6.6.104.2-4_on_3.0
|
azl3 kernel 6.6.104.2-4 on 3.0 | |
|
Microsoft Azure Linux azl3 libarchive 3.7.7-3 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libarchive_3.7.7-3_on_3.0
|
azl3 libarchive 3.7.7-3 on 3.0 | |
|
Microsoft Azure Linux azl3 runc 1.3.3-1 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_runc_1.3.3-1_on_3.0
|
azl3 runc 1.3.3-1 on 3.0 | |
|
Microsoft Azure Linux azl3 libxml2 2.11.5-7 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libxml2_2.11.5-7_on_3.0
|
azl3 libxml2 2.11.5-7 on 3.0 | |
|
Microsoft Azure Linux azl3 mysql 8.0.44-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_mysql_8.0.44-2_on_3.0
|
azl3 mysql 8.0.44-2 on 3.0 | |
|
Microsoft Windows Subsystem for Linux GUI
Microsoft / Windows
|
cpe:/o:microsoft:windows:subsystem_for_linux_gui
|
Subsystem for Linux GUI | |
|
Microsoft Azure Linux azl3 cmake 3.30.3-10 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_cmake_3.30.3-10_on_3.0
|
azl3 cmake 3.30.3-10 on 3.0 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Microsoft Azure Linux azl3 nghttp2 1.61.0-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_nghttp2_1.61.0-2_on_3.0
|
azl3 nghttp2 1.61.0-2 on 3.0 | |
|
Microsoft Azure Linux azl3 kubevirt 1.5.0-5 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kubevirt_1.5.0-5_on_3.0
|
azl3 kubevirt 1.5.0-5 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.86.0-9 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.86.0-9_on_3.0
|
azl3 rust 1.86.0-9 on 3.0 | |
|
Microsoft Azure Linux azl3 containerd2 2.0.0-14 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_containerd2_2.0.0-14_on_3.0
|
azl3 containerd2 2.0.0-14 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.75.0-21 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.75.0-21_on_3.0
|
azl3 rust 1.75.0-21 on 3.0 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Microsoft Azure Linux azl3 curl 8.11.1-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_curl_8.11.1-4_on_3.0
|
azl3 curl 8.11.1-4 on 3.0 | |
|
Microsoft Azure Linux azl3 kernel 6.6.104.2-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kernel_6.6.104.2-4_on_3.0
|
azl3 kernel 6.6.104.2-4 on 3.0 | |
|
Microsoft Azure Linux azl3 libarchive 3.7.7-3 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libarchive_3.7.7-3_on_3.0
|
azl3 libarchive 3.7.7-3 on 3.0 | |
|
Microsoft Azure Linux azl3 runc 1.3.3-1 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_runc_1.3.3-1_on_3.0
|
azl3 runc 1.3.3-1 on 3.0 | |
|
Microsoft Azure Linux azl3 libxml2 2.11.5-7 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libxml2_2.11.5-7_on_3.0
|
azl3 libxml2 2.11.5-7 on 3.0 | |
|
Microsoft Azure Linux azl3 mysql 8.0.44-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_mysql_8.0.44-2_on_3.0
|
azl3 mysql 8.0.44-2 on 3.0 | |
|
Microsoft Windows Subsystem for Linux GUI
Microsoft / Windows
|
cpe:/o:microsoft:windows:subsystem_for_linux_gui
|
Subsystem for Linux GUI | |
|
Microsoft Azure Linux azl3 cmake 3.30.3-10 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_cmake_3.30.3-10_on_3.0
|
azl3 cmake 3.30.3-10 on 3.0 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Microsoft Azure Linux azl3 nghttp2 1.61.0-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_nghttp2_1.61.0-2_on_3.0
|
azl3 nghttp2 1.61.0-2 on 3.0 | |
|
Microsoft Azure Linux azl3 kubevirt 1.5.0-5 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kubevirt_1.5.0-5_on_3.0
|
azl3 kubevirt 1.5.0-5 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.86.0-9 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.86.0-9_on_3.0
|
azl3 rust 1.86.0-9 on 3.0 | |
|
Microsoft Azure Linux azl3 containerd2 2.0.0-14 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_containerd2_2.0.0-14_on_3.0
|
azl3 containerd2 2.0.0-14 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.75.0-21 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.75.0-21_on_3.0
|
azl3 rust 1.75.0-21 on 3.0 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Microsoft Azure Linux azl3 curl 8.11.1-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_curl_8.11.1-4_on_3.0
|
azl3 curl 8.11.1-4 on 3.0 | |
|
Microsoft Azure Linux azl3 kernel 6.6.104.2-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kernel_6.6.104.2-4_on_3.0
|
azl3 kernel 6.6.104.2-4 on 3.0 | |
|
Microsoft Azure Linux azl3 libarchive 3.7.7-3 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libarchive_3.7.7-3_on_3.0
|
azl3 libarchive 3.7.7-3 on 3.0 | |
|
Microsoft Azure Linux azl3 runc 1.3.3-1 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_runc_1.3.3-1_on_3.0
|
azl3 runc 1.3.3-1 on 3.0 | |
|
Microsoft Azure Linux azl3 libxml2 2.11.5-7 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libxml2_2.11.5-7_on_3.0
|
azl3 libxml2 2.11.5-7 on 3.0 | |
|
Microsoft Azure Linux azl3 mysql 8.0.44-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_mysql_8.0.44-2_on_3.0
|
azl3 mysql 8.0.44-2 on 3.0 | |
|
Microsoft Windows Subsystem for Linux GUI
Microsoft / Windows
|
cpe:/o:microsoft:windows:subsystem_for_linux_gui
|
Subsystem for Linux GUI | |
|
Microsoft Azure Linux azl3 cmake 3.30.3-10 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_cmake_3.30.3-10_on_3.0
|
azl3 cmake 3.30.3-10 on 3.0 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Microsoft Azure Linux azl3 nghttp2 1.61.0-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_nghttp2_1.61.0-2_on_3.0
|
azl3 nghttp2 1.61.0-2 on 3.0 | |
|
Microsoft Azure Linux azl3 kubevirt 1.5.0-5 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kubevirt_1.5.0-5_on_3.0
|
azl3 kubevirt 1.5.0-5 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.86.0-9 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.86.0-9_on_3.0
|
azl3 rust 1.86.0-9 on 3.0 | |
|
Microsoft Azure Linux azl3 containerd2 2.0.0-14 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_containerd2_2.0.0-14_on_3.0
|
azl3 containerd2 2.0.0-14 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.75.0-21 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.75.0-21_on_3.0
|
azl3 rust 1.75.0-21 on 3.0 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Microsoft Azure Linux azl3 curl 8.11.1-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_curl_8.11.1-4_on_3.0
|
azl3 curl 8.11.1-4 on 3.0 | |
|
Microsoft Azure Linux azl3 kernel 6.6.104.2-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kernel_6.6.104.2-4_on_3.0
|
azl3 kernel 6.6.104.2-4 on 3.0 | |
|
Microsoft Azure Linux azl3 libarchive 3.7.7-3 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libarchive_3.7.7-3_on_3.0
|
azl3 libarchive 3.7.7-3 on 3.0 | |
|
Microsoft Azure Linux azl3 runc 1.3.3-1 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_runc_1.3.3-1_on_3.0
|
azl3 runc 1.3.3-1 on 3.0 | |
|
Microsoft Azure Linux azl3 libxml2 2.11.5-7 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libxml2_2.11.5-7_on_3.0
|
azl3 libxml2 2.11.5-7 on 3.0 | |
|
Microsoft Azure Linux azl3 mysql 8.0.44-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_mysql_8.0.44-2_on_3.0
|
azl3 mysql 8.0.44-2 on 3.0 | |
|
Microsoft Windows Subsystem for Linux GUI
Microsoft / Windows
|
cpe:/o:microsoft:windows:subsystem_for_linux_gui
|
Subsystem for Linux GUI | |
|
Microsoft Azure Linux azl3 cmake 3.30.3-10 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_cmake_3.30.3-10_on_3.0
|
azl3 cmake 3.30.3-10 on 3.0 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Microsoft Azure Linux azl3 nghttp2 1.61.0-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_nghttp2_1.61.0-2_on_3.0
|
azl3 nghttp2 1.61.0-2 on 3.0 | |
|
Microsoft Azure Linux azl3 kubevirt 1.5.0-5 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kubevirt_1.5.0-5_on_3.0
|
azl3 kubevirt 1.5.0-5 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.86.0-9 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.86.0-9_on_3.0
|
azl3 rust 1.86.0-9 on 3.0 | |
|
Microsoft Azure Linux azl3 containerd2 2.0.0-14 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_containerd2_2.0.0-14_on_3.0
|
azl3 containerd2 2.0.0-14 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.75.0-21 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.75.0-21_on_3.0
|
azl3 rust 1.75.0-21 on 3.0 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Microsoft Azure Linux azl3 curl 8.11.1-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_curl_8.11.1-4_on_3.0
|
azl3 curl 8.11.1-4 on 3.0 | |
|
Microsoft Azure Linux azl3 kernel 6.6.104.2-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kernel_6.6.104.2-4_on_3.0
|
azl3 kernel 6.6.104.2-4 on 3.0 | |
|
Microsoft Azure Linux azl3 libarchive 3.7.7-3 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libarchive_3.7.7-3_on_3.0
|
azl3 libarchive 3.7.7-3 on 3.0 | |
|
Microsoft Azure Linux azl3 runc 1.3.3-1 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_runc_1.3.3-1_on_3.0
|
azl3 runc 1.3.3-1 on 3.0 | |
|
Microsoft Azure Linux azl3 libxml2 2.11.5-7 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libxml2_2.11.5-7_on_3.0
|
azl3 libxml2 2.11.5-7 on 3.0 | |
|
Microsoft Azure Linux azl3 mysql 8.0.44-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_mysql_8.0.44-2_on_3.0
|
azl3 mysql 8.0.44-2 on 3.0 | |
|
Microsoft Windows Subsystem for Linux GUI
Microsoft / Windows
|
cpe:/o:microsoft:windows:subsystem_for_linux_gui
|
Subsystem for Linux GUI | |
|
Microsoft Azure Linux azl3 cmake 3.30.3-10 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_cmake_3.30.3-10_on_3.0
|
azl3 cmake 3.30.3-10 on 3.0 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Microsoft Azure Linux azl3 nghttp2 1.61.0-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_nghttp2_1.61.0-2_on_3.0
|
azl3 nghttp2 1.61.0-2 on 3.0 | |
|
Microsoft Azure Linux azl3 kubevirt 1.5.0-5 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kubevirt_1.5.0-5_on_3.0
|
azl3 kubevirt 1.5.0-5 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.86.0-9 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.86.0-9_on_3.0
|
azl3 rust 1.86.0-9 on 3.0 | |
|
Microsoft Azure Linux azl3 containerd2 2.0.0-14 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_containerd2_2.0.0-14_on_3.0
|
azl3 containerd2 2.0.0-14 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.75.0-21 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.75.0-21_on_3.0
|
azl3 rust 1.75.0-21 on 3.0 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Microsoft Azure Linux azl3 curl 8.11.1-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_curl_8.11.1-4_on_3.0
|
azl3 curl 8.11.1-4 on 3.0 | |
|
Microsoft Azure Linux azl3 kernel 6.6.104.2-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kernel_6.6.104.2-4_on_3.0
|
azl3 kernel 6.6.104.2-4 on 3.0 | |
|
Microsoft Azure Linux azl3 libarchive 3.7.7-3 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libarchive_3.7.7-3_on_3.0
|
azl3 libarchive 3.7.7-3 on 3.0 | |
|
Microsoft Azure Linux azl3 runc 1.3.3-1 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_runc_1.3.3-1_on_3.0
|
azl3 runc 1.3.3-1 on 3.0 | |
|
Microsoft Azure Linux azl3 libxml2 2.11.5-7 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libxml2_2.11.5-7_on_3.0
|
azl3 libxml2 2.11.5-7 on 3.0 | |
|
Microsoft Azure Linux azl3 mysql 8.0.44-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_mysql_8.0.44-2_on_3.0
|
azl3 mysql 8.0.44-2 on 3.0 | |
|
Microsoft Windows Subsystem for Linux GUI
Microsoft / Windows
|
cpe:/o:microsoft:windows:subsystem_for_linux_gui
|
Subsystem for Linux GUI | |
|
Microsoft Azure Linux azl3 cmake 3.30.3-10 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_cmake_3.30.3-10_on_3.0
|
azl3 cmake 3.30.3-10 on 3.0 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Microsoft Azure Linux azl3 nghttp2 1.61.0-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_nghttp2_1.61.0-2_on_3.0
|
azl3 nghttp2 1.61.0-2 on 3.0 | |
|
Microsoft Azure Linux azl3 kubevirt 1.5.0-5 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kubevirt_1.5.0-5_on_3.0
|
azl3 kubevirt 1.5.0-5 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.86.0-9 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.86.0-9_on_3.0
|
azl3 rust 1.86.0-9 on 3.0 | |
|
Microsoft Azure Linux azl3 containerd2 2.0.0-14 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_containerd2_2.0.0-14_on_3.0
|
azl3 containerd2 2.0.0-14 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.75.0-21 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.75.0-21_on_3.0
|
azl3 rust 1.75.0-21 on 3.0 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Microsoft Azure Linux azl3 curl 8.11.1-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_curl_8.11.1-4_on_3.0
|
azl3 curl 8.11.1-4 on 3.0 | |
|
Microsoft Azure Linux azl3 kernel 6.6.104.2-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kernel_6.6.104.2-4_on_3.0
|
azl3 kernel 6.6.104.2-4 on 3.0 | |
|
Microsoft Azure Linux azl3 libarchive 3.7.7-3 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libarchive_3.7.7-3_on_3.0
|
azl3 libarchive 3.7.7-3 on 3.0 | |
|
Microsoft Azure Linux azl3 runc 1.3.3-1 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_runc_1.3.3-1_on_3.0
|
azl3 runc 1.3.3-1 on 3.0 | |
|
Microsoft Azure Linux azl3 libxml2 2.11.5-7 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libxml2_2.11.5-7_on_3.0
|
azl3 libxml2 2.11.5-7 on 3.0 | |
|
Microsoft Azure Linux azl3 mysql 8.0.44-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_mysql_8.0.44-2_on_3.0
|
azl3 mysql 8.0.44-2 on 3.0 | |
|
Microsoft Windows Subsystem for Linux GUI
Microsoft / Windows
|
cpe:/o:microsoft:windows:subsystem_for_linux_gui
|
Subsystem for Linux GUI | |
|
Microsoft Azure Linux azl3 cmake 3.30.3-10 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_cmake_3.30.3-10_on_3.0
|
azl3 cmake 3.30.3-10 on 3.0 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Microsoft Azure Linux azl3 nghttp2 1.61.0-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_nghttp2_1.61.0-2_on_3.0
|
azl3 nghttp2 1.61.0-2 on 3.0 | |
|
Microsoft Azure Linux azl3 kubevirt 1.5.0-5 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kubevirt_1.5.0-5_on_3.0
|
azl3 kubevirt 1.5.0-5 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.86.0-9 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.86.0-9_on_3.0
|
azl3 rust 1.86.0-9 on 3.0 | |
|
Microsoft Azure Linux azl3 containerd2 2.0.0-14 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_containerd2_2.0.0-14_on_3.0
|
azl3 containerd2 2.0.0-14 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.75.0-21 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.75.0-21_on_3.0
|
azl3 rust 1.75.0-21 on 3.0 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Microsoft Azure Linux azl3 curl 8.11.1-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_curl_8.11.1-4_on_3.0
|
azl3 curl 8.11.1-4 on 3.0 | |
|
Microsoft Azure Linux azl3 kernel 6.6.104.2-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kernel_6.6.104.2-4_on_3.0
|
azl3 kernel 6.6.104.2-4 on 3.0 | |
|
Microsoft Azure Linux azl3 libarchive 3.7.7-3 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libarchive_3.7.7-3_on_3.0
|
azl3 libarchive 3.7.7-3 on 3.0 | |
|
Microsoft Azure Linux azl3 runc 1.3.3-1 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_runc_1.3.3-1_on_3.0
|
azl3 runc 1.3.3-1 on 3.0 | |
|
Microsoft Azure Linux azl3 libxml2 2.11.5-7 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libxml2_2.11.5-7_on_3.0
|
azl3 libxml2 2.11.5-7 on 3.0 | |
|
Microsoft Azure Linux azl3 mysql 8.0.44-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_mysql_8.0.44-2_on_3.0
|
azl3 mysql 8.0.44-2 on 3.0 | |
|
Microsoft Windows Subsystem for Linux GUI
Microsoft / Windows
|
cpe:/o:microsoft:windows:subsystem_for_linux_gui
|
Subsystem for Linux GUI | |
|
Microsoft Azure Linux azl3 cmake 3.30.3-10 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_cmake_3.30.3-10_on_3.0
|
azl3 cmake 3.30.3-10 on 3.0 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Microsoft Azure Linux azl3 nghttp2 1.61.0-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_nghttp2_1.61.0-2_on_3.0
|
azl3 nghttp2 1.61.0-2 on 3.0 | |
|
Microsoft Azure Linux azl3 kubevirt 1.5.0-5 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kubevirt_1.5.0-5_on_3.0
|
azl3 kubevirt 1.5.0-5 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.86.0-9 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.86.0-9_on_3.0
|
azl3 rust 1.86.0-9 on 3.0 | |
|
Microsoft Azure Linux azl3 containerd2 2.0.0-14 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_containerd2_2.0.0-14_on_3.0
|
azl3 containerd2 2.0.0-14 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.75.0-21 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.75.0-21_on_3.0
|
azl3 rust 1.75.0-21 on 3.0 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Microsoft Azure Linux azl3 curl 8.11.1-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_curl_8.11.1-4_on_3.0
|
azl3 curl 8.11.1-4 on 3.0 | |
|
Microsoft Azure Linux azl3 kernel 6.6.104.2-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kernel_6.6.104.2-4_on_3.0
|
azl3 kernel 6.6.104.2-4 on 3.0 | |
|
Microsoft Azure Linux azl3 libarchive 3.7.7-3 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libarchive_3.7.7-3_on_3.0
|
azl3 libarchive 3.7.7-3 on 3.0 | |
|
Microsoft Azure Linux azl3 runc 1.3.3-1 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_runc_1.3.3-1_on_3.0
|
azl3 runc 1.3.3-1 on 3.0 | |
|
Microsoft Azure Linux azl3 libxml2 2.11.5-7 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libxml2_2.11.5-7_on_3.0
|
azl3 libxml2 2.11.5-7 on 3.0 | |
|
Microsoft Azure Linux azl3 mysql 8.0.44-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_mysql_8.0.44-2_on_3.0
|
azl3 mysql 8.0.44-2 on 3.0 | |
|
Microsoft Windows Subsystem for Linux GUI
Microsoft / Windows
|
cpe:/o:microsoft:windows:subsystem_for_linux_gui
|
Subsystem for Linux GUI | |
|
Microsoft Azure Linux azl3 cmake 3.30.3-10 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_cmake_3.30.3-10_on_3.0
|
azl3 cmake 3.30.3-10 on 3.0 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Microsoft Azure Linux azl3 nghttp2 1.61.0-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_nghttp2_1.61.0-2_on_3.0
|
azl3 nghttp2 1.61.0-2 on 3.0 | |
|
Microsoft Azure Linux azl3 kubevirt 1.5.0-5 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kubevirt_1.5.0-5_on_3.0
|
azl3 kubevirt 1.5.0-5 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.86.0-9 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.86.0-9_on_3.0
|
azl3 rust 1.86.0-9 on 3.0 | |
|
Microsoft Azure Linux azl3 containerd2 2.0.0-14 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_containerd2_2.0.0-14_on_3.0
|
azl3 containerd2 2.0.0-14 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.75.0-21 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.75.0-21_on_3.0
|
azl3 rust 1.75.0-21 on 3.0 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Microsoft Azure Linux azl3 curl 8.11.1-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_curl_8.11.1-4_on_3.0
|
azl3 curl 8.11.1-4 on 3.0 | |
|
Microsoft Azure Linux azl3 kernel 6.6.104.2-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kernel_6.6.104.2-4_on_3.0
|
azl3 kernel 6.6.104.2-4 on 3.0 | |
|
Microsoft Azure Linux azl3 libarchive 3.7.7-3 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libarchive_3.7.7-3_on_3.0
|
azl3 libarchive 3.7.7-3 on 3.0 | |
|
Microsoft Azure Linux azl3 runc 1.3.3-1 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_runc_1.3.3-1_on_3.0
|
azl3 runc 1.3.3-1 on 3.0 | |
|
Microsoft Azure Linux azl3 libxml2 2.11.5-7 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libxml2_2.11.5-7_on_3.0
|
azl3 libxml2 2.11.5-7 on 3.0 | |
|
Microsoft Azure Linux azl3 mysql 8.0.44-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_mysql_8.0.44-2_on_3.0
|
azl3 mysql 8.0.44-2 on 3.0 | |
|
Microsoft Windows Subsystem for Linux GUI
Microsoft / Windows
|
cpe:/o:microsoft:windows:subsystem_for_linux_gui
|
Subsystem for Linux GUI | |
|
Microsoft Azure Linux azl3 cmake 3.30.3-10 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_cmake_3.30.3-10_on_3.0
|
azl3 cmake 3.30.3-10 on 3.0 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Microsoft Azure Linux azl3 nghttp2 1.61.0-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_nghttp2_1.61.0-2_on_3.0
|
azl3 nghttp2 1.61.0-2 on 3.0 | |
|
Microsoft Azure Linux azl3 kubevirt 1.5.0-5 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kubevirt_1.5.0-5_on_3.0
|
azl3 kubevirt 1.5.0-5 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.86.0-9 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.86.0-9_on_3.0
|
azl3 rust 1.86.0-9 on 3.0 | |
|
Microsoft Azure Linux azl3 containerd2 2.0.0-14 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_containerd2_2.0.0-14_on_3.0
|
azl3 containerd2 2.0.0-14 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.75.0-21 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.75.0-21_on_3.0
|
azl3 rust 1.75.0-21 on 3.0 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Microsoft Azure Linux azl3 curl 8.11.1-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_curl_8.11.1-4_on_3.0
|
azl3 curl 8.11.1-4 on 3.0 | |
|
Microsoft Azure Linux azl3 kernel 6.6.104.2-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kernel_6.6.104.2-4_on_3.0
|
azl3 kernel 6.6.104.2-4 on 3.0 | |
|
Microsoft Azure Linux azl3 libarchive 3.7.7-3 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libarchive_3.7.7-3_on_3.0
|
azl3 libarchive 3.7.7-3 on 3.0 | |
|
Microsoft Azure Linux azl3 runc 1.3.3-1 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_runc_1.3.3-1_on_3.0
|
azl3 runc 1.3.3-1 on 3.0 | |
|
Microsoft Azure Linux azl3 libxml2 2.11.5-7 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libxml2_2.11.5-7_on_3.0
|
azl3 libxml2 2.11.5-7 on 3.0 | |
|
Microsoft Azure Linux azl3 mysql 8.0.44-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_mysql_8.0.44-2_on_3.0
|
azl3 mysql 8.0.44-2 on 3.0 | |
|
Microsoft Windows Subsystem for Linux GUI
Microsoft / Windows
|
cpe:/o:microsoft:windows:subsystem_for_linux_gui
|
Subsystem for Linux GUI | |
|
Microsoft Azure Linux azl3 cmake 3.30.3-10 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_cmake_3.30.3-10_on_3.0
|
azl3 cmake 3.30.3-10 on 3.0 |
Affected products
Known affected
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Microsoft Azure Linux azl3 nghttp2 1.61.0-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_nghttp2_1.61.0-2_on_3.0
|
azl3 nghttp2 1.61.0-2 on 3.0 | |
|
Microsoft Azure Linux azl3 kubevirt 1.5.0-5 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kubevirt_1.5.0-5_on_3.0
|
azl3 kubevirt 1.5.0-5 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.86.0-9 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.86.0-9_on_3.0
|
azl3 rust 1.86.0-9 on 3.0 | |
|
Microsoft Azure Linux azl3 containerd2 2.0.0-14 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_containerd2_2.0.0-14_on_3.0
|
azl3 containerd2 2.0.0-14 on 3.0 | |
|
Microsoft Azure Linux azl3 rust 1.75.0-21 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_rust_1.75.0-21_on_3.0
|
azl3 rust 1.75.0-21 on 3.0 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Microsoft Azure Linux azl3 curl 8.11.1-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_curl_8.11.1-4_on_3.0
|
azl3 curl 8.11.1-4 on 3.0 | |
|
Microsoft Azure Linux azl3 kernel 6.6.104.2-4 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_kernel_6.6.104.2-4_on_3.0
|
azl3 kernel 6.6.104.2-4 on 3.0 | |
|
Microsoft Azure Linux azl3 libarchive 3.7.7-3 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libarchive_3.7.7-3_on_3.0
|
azl3 libarchive 3.7.7-3 on 3.0 | |
|
Microsoft Azure Linux azl3 runc 1.3.3-1 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_runc_1.3.3-1_on_3.0
|
azl3 runc 1.3.3-1 on 3.0 | |
|
Microsoft Azure Linux azl3 libxml2 2.11.5-7 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_libxml2_2.11.5-7_on_3.0
|
azl3 libxml2 2.11.5-7 on 3.0 | |
|
Microsoft Azure Linux azl3 mysql 8.0.44-2 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_mysql_8.0.44-2_on_3.0
|
azl3 mysql 8.0.44-2 on 3.0 | |
|
Microsoft Windows Subsystem for Linux GUI
Microsoft / Windows
|
cpe:/o:microsoft:windows:subsystem_for_linux_gui
|
Subsystem for Linux GUI | |
|
Microsoft Azure Linux azl3 cmake 3.30.3-10 on 3.0
Microsoft / Azure Linux
|
cpe:/o:microsoft:azure_linux:azl3_cmake_3.30.3-10_on_3.0
|
azl3 cmake 3.30.3-10 on 3.0 |
References
8 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Microsoft Azure Linux ist eine von Microsoft entwickelte Linux-Distribution, die f\u00fcr die Ausf\u00fchrung von Workloads in der Azure-Cloud optimiert ist.\r\nWindows ist ein Betriebssystem von Microsoft.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Microsoft Azure Linux und Microsoft Windows ausnutzen um erh\u00f6hte Privilegien zu erlangen, beliebigen Code auszuf\u00fchren, die Authentifizierung zu umgehen, Spoofing-Angriffe durchzuf\u00fchren, einen Denial-of-Service-Zustand zu verursachen oder andere, nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2563 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2563.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2563 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2563"
},
{
"category": "external",
"summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates",
"url": "https://msrc.microsoft.com/update-guide/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:4288-1 vom 2025-11-28",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2I3DAC5P7RIJP4M7YPNYJVIE4ZG7RSHV/"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-2F6CA95A74 vom 2025-12-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-2f6ca95a74"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-7C468696D2 vom 2025-12-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-7c468696d2"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-D39F46567C vom 2025-12-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-d39f46567c"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-2CA3289343 vom 2025-12-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-2ca3289343"
}
],
"source_lang": "en-US",
"title": "Microsoft Azure Linux: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-12-14T23:00:00.000+00:00",
"generator": {
"date": "2025-12-15T10:15:06.656+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-2563",
"initial_release_date": "2025-11-11T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-11-11T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-11-30T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-12-14T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Fedora aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "azl3 nghttp2 1.61.0-2 on 3.0",
"product": {
"name": "Microsoft Azure Linux azl3 nghttp2 1.61.0-2 on 3.0",
"product_id": "T048506",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_linux:azl3_nghttp2_1.61.0-2_on_3.0"
}
}
},
{
"category": "product_version",
"name": "azl3 libarchive 3.7.7-3 on 3.0",
"product": {
"name": "Microsoft Azure Linux azl3 libarchive 3.7.7-3 on 3.0",
"product_id": "T048507",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_linux:azl3_libarchive_3.7.7-3_on_3.0"
}
}
},
{
"category": "product_version",
"name": "azl3 kernel 6.6.104.2-4 on 3.0",
"product": {
"name": "Microsoft Azure Linux azl3 kernel 6.6.104.2-4 on 3.0",
"product_id": "T048508",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_linux:azl3_kernel_6.6.104.2-4_on_3.0"
}
}
},
{
"category": "product_version",
"name": "azl3 curl 8.11.1-4 on 3.0",
"product": {
"name": "Microsoft Azure Linux azl3 curl 8.11.1-4 on 3.0",
"product_id": "T048509",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_linux:azl3_curl_8.11.1-4_on_3.0"
}
}
},
{
"category": "product_version",
"name": "azl3 cmake 3.30.3-10 on 3.0",
"product": {
"name": "Microsoft Azure Linux azl3 cmake 3.30.3-10 on 3.0",
"product_id": "T048510",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_linux:azl3_cmake_3.30.3-10_on_3.0"
}
}
},
{
"category": "product_version",
"name": "azl3 mysql 8.0.44-2 on 3.0",
"product": {
"name": "Microsoft Azure Linux azl3 mysql 8.0.44-2 on 3.0",
"product_id": "T048512",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_linux:azl3_mysql_8.0.44-2_on_3.0"
}
}
},
{
"category": "product_version",
"name": "azl3 libxml2 2.11.5-7 on 3.0",
"product": {
"name": "Microsoft Azure Linux azl3 libxml2 2.11.5-7 on 3.0",
"product_id": "T048513",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_linux:azl3_libxml2_2.11.5-7_on_3.0"
}
}
},
{
"category": "product_version",
"name": "azl3 rust 1.75.0-21 on 3.0",
"product": {
"name": "Microsoft Azure Linux azl3 rust 1.75.0-21 on 3.0",
"product_id": "T048514",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_linux:azl3_rust_1.75.0-21_on_3.0"
}
}
},
{
"category": "product_version",
"name": "azl3 containerd2 2.0.0-14 on 3.0",
"product": {
"name": "Microsoft Azure Linux azl3 containerd2 2.0.0-14 on 3.0",
"product_id": "T048515",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_linux:azl3_containerd2_2.0.0-14_on_3.0"
}
}
},
{
"category": "product_version",
"name": "azl3 rust 1.86.0-9 on 3.0",
"product": {
"name": "Microsoft Azure Linux azl3 rust 1.86.0-9 on 3.0",
"product_id": "T048516",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_linux:azl3_rust_1.86.0-9_on_3.0"
}
}
},
{
"category": "product_version",
"name": "azl3 kubevirt 1.5.0-5 on 3.0",
"product": {
"name": "Microsoft Azure Linux azl3 kubevirt 1.5.0-5 on 3.0",
"product_id": "T048517",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_linux:azl3_kubevirt_1.5.0-5_on_3.0"
}
}
},
{
"category": "product_version",
"name": "azl3 runc 1.3.3-1 on 3.0",
"product": {
"name": "Microsoft Azure Linux azl3 runc 1.3.3-1 on 3.0",
"product_id": "T048518",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_linux:azl3_runc_1.3.3-1_on_3.0"
}
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "Subsystem for Linux GUI",
"product": {
"name": "Microsoft Windows Subsystem for Linux GUI",
"product_id": "T048511",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:windows:subsystem_for_linux_gui"
}
}
}
],
"category": "product_name",
"name": "Windows"
}
],
"category": "vendor",
"name": "Microsoft"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-25621",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2024-25621"
},
{
"cve": "CVE-2025-10966",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-10966"
},
{
"cve": "CVE-2025-12863",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-12863"
},
{
"cve": "CVE-2025-12875",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-12875"
},
{
"cve": "CVE-2025-31133",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-31133"
},
{
"cve": "CVE-2025-40107",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-40107"
},
{
"cve": "CVE-2025-40109",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-40109"
},
{
"cve": "CVE-2025-52565",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-52565"
},
{
"cve": "CVE-2025-52881",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-52881"
},
{
"cve": "CVE-2025-60753",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-60753"
},
{
"cve": "CVE-2025-62220",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-62220"
},
{
"cve": "CVE-2025-64329",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-64329"
},
{
"cve": "CVE-2025-64432",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-64432"
},
{
"cve": "CVE-2025-64433",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-64433"
},
{
"cve": "CVE-2025-64434",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-64434"
},
{
"cve": "CVE-2025-64435",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-64435"
},
{
"cve": "CVE-2025-64436",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-64436"
},
{
"cve": "CVE-2025-64437",
"product_status": {
"known_affected": [
"74185",
"T048506",
"T048517",
"T048516",
"T048515",
"T048514",
"T002207",
"T048509",
"T048508",
"T048507",
"T048518",
"T048513",
"T048512",
"T048511",
"T048510"
]
},
"release_date": "2025-11-11T23:00:00.000+00:00",
"title": "CVE-2025-64437"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…