Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-52881 (GCVE-0-2025-52881)
Vulnerability from cvelistv5 – Published: 2025-11-06 20:23 – Updated: 2025-11-06 21:07
VLAI
EPSS
Title
runc: LSM labels can be bypassed with malicious config using dummy procfs files
Summary
runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
20 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| opencontainers | runc |
Affected:
<= 1.2.7, < 1.2.8
Affected: <= 1.3.2, < 1.3.3 Affected: <= 1.4.0-rc.2, < 1.4.0-rc.3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52881",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-06T21:06:59.235416Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T21:07:09.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "runc",
"vendor": "opencontainers",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.2.7, \u003c 1.2.8"
},
{
"status": "affected",
"version": "\u003c= 1.3.2, \u003c 1.3.3"
},
{
"status": "affected",
"version": "\u003c= 1.4.0-rc.2, \u003c 1.4.0-rc.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-363",
"description": "CWE-363: Race Condition Enabling Link Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T20:23:36.237Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm"
},
{
"name": "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r"
},
{
"name": "https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2"
},
{
"name": "https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480"
},
{
"name": "https://github.com/opencontainers/runc/commit/ff6fe1324663538167eca8b3d3eec61e1bd4fa51",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencontainers/runc/commit/ff6fe1324663538167eca8b3d3eec61e1bd4fa51"
},
{
"name": "https://github.com/opencontainers/runc/commit/ed6b1693b8b3ae7eb0250a7e76fc888cdacf98c1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencontainers/runc/commit/ed6b1693b8b3ae7eb0250a7e76fc888cdacf98c1"
},
{
"name": "https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64"
},
{
"name": "https://github.com/opencontainers/runc/commit/d61fd29d854b416feaaf128bf650325cd2182165",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencontainers/runc/commit/d61fd29d854b416feaaf128bf650325cd2182165"
},
{
"name": "https://github.com/opencontainers/runc/commit/d40b3439a9614a86e87b81a94c6811ec6fa2d7d2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencontainers/runc/commit/d40b3439a9614a86e87b81a94c6811ec6fa2d7d2"
},
{
"name": "https://github.com/opencontainers/runc/commit/b3dd1bc562ed9996d1a0f249e056c16624046d28",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencontainers/runc/commit/b3dd1bc562ed9996d1a0f249e056c16624046d28"
},
{
"name": "https://github.com/opencontainers/runc/commit/77d217c7c3775d8ca5af89e477e81568ef4572db",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencontainers/runc/commit/77d217c7c3775d8ca5af89e477e81568ef4572db"
},
{
"name": "https://github.com/opencontainers/runc/commit/77889b56db939c323d29d1130f28f9aea2edb544",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencontainers/runc/commit/77889b56db939c323d29d1130f28f9aea2edb544"
},
{
"name": "https://github.com/opencontainers/runc/commit/6fc191449109ea14bb7d61238f24a33fe08c651f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencontainers/runc/commit/6fc191449109ea14bb7d61238f24a33fe08c651f"
},
{
"name": "https://github.com/opencontainers/runc/commit/4b37cd93f86e72feac866442988b549b5b7bf3e6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencontainers/runc/commit/4b37cd93f86e72feac866442988b549b5b7bf3e6"
},
{
"name": "https://github.com/opencontainers/runc/commit/44a0fcf685db051c80b8c269812bb177f5802c58",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencontainers/runc/commit/44a0fcf685db051c80b8c269812bb177f5802c58"
},
{
"name": "https://github.com/opencontainers/runc/commit/435cc81be6b79cdec73b4002c0dae549b2f6ae6d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencontainers/runc/commit/435cc81be6b79cdec73b4002c0dae549b2f6ae6d"
},
{
"name": "https://github.com/opencontainers/runc/commit/3f925525b44d247e390e529e772a0dc0c0bc3557",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencontainers/runc/commit/3f925525b44d247e390e529e772a0dc0c0bc3557"
},
{
"name": "https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md"
},
{
"name": "http://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322",
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322"
},
{
"name": "http://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3",
"tags": [
"x_refsource_MISC"
],
"url": "http://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3"
}
],
"source": {
"advisory": "GHSA-cgrx-mc8f-2prm",
"discovery": "UNKNOWN"
},
"title": "runc: LSM labels can be bypassed with malicious config using dummy procfs files"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-52881",
"datePublished": "2025-11-06T20:23:36.237Z",
"dateReserved": "2025-06-20T17:42:25.708Z",
"dateUpdated": "2025-11-06T21:07:09.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-52881",
"date": "2026-06-07",
"epss": "0.00016",
"percentile": "0.03676"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-52881\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-11-06T21:15:42.817\",\"lastModified\":\"2025-12-03T18:37:17.917\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"ACTIVE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-61\"},{\"lang\":\"en\",\"value\":\"CWE-363\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.2.8\",\"matchCriteriaId\":\"889E52A1-D7B0-4DC8-BD63-9413A1DD9EEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.3.0\",\"versionEndExcluding\":\"1.3.3\",\"matchCriteriaId\":\"F3193A96-E882-439B-984E-782315C62F69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:runc:1.4.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"082E3496-822B-481B-AC2F-DA8DCAFC28FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:runc:1.4.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"71C62E90-6357-44A4-B582-28B1F1D9B16D\"}]}]}],\"references\":[{\"url\":\"http://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/3f925525b44d247e390e529e772a0dc0c0bc3557\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/435cc81be6b79cdec73b4002c0dae549b2f6ae6d\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/44a0fcf685db051c80b8c269812bb177f5802c58\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/4b37cd93f86e72feac866442988b549b5b7bf3e6\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/6fc191449109ea14bb7d61238f24a33fe08c651f\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/77889b56db939c323d29d1130f28f9aea2edb544\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/77d217c7c3775d8ca5af89e477e81568ef4572db\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/b3dd1bc562ed9996d1a0f249e056c16624046d28\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/d40b3439a9614a86e87b81a94c6811ec6fa2d7d2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/d61fd29d854b416feaaf128bf650325cd2182165\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/ed6b1693b8b3ae7eb0250a7e76fc888cdacf98c1\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/ff6fe1324663538167eca8b3d3eec61e1bd4fa51\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Mitigation\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-52881\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-11-06T21:06:59.235416Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-11-06T21:07:04.283Z\"}}], \"cna\": {\"title\": \"runc: LSM labels can be bypassed with malicious config using dummy procfs files\", \"source\": {\"advisory\": \"GHSA-cgrx-mc8f-2prm\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 7.3, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H\", \"userInteraction\": \"ACTIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"opencontainers\", \"product\": \"runc\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c= 1.2.7, \u003c 1.2.8\"}, {\"status\": \"affected\", \"version\": \"\u003c= 1.3.2, \u003c 1.3.3\"}, {\"status\": \"affected\", \"version\": \"\u003c= 1.4.0-rc.2, \u003c 1.4.0-rc.3\"}]}], \"references\": [{\"url\": \"https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm\", \"name\": \"https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r\", \"name\": \"https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2\", \"name\": \"https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480\", \"name\": \"https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/ff6fe1324663538167eca8b3d3eec61e1bd4fa51\", \"name\": \"https://github.com/opencontainers/runc/commit/ff6fe1324663538167eca8b3d3eec61e1bd4fa51\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/ed6b1693b8b3ae7eb0250a7e76fc888cdacf98c1\", \"name\": \"https://github.com/opencontainers/runc/commit/ed6b1693b8b3ae7eb0250a7e76fc888cdacf98c1\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64\", \"name\": \"https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/d61fd29d854b416feaaf128bf650325cd2182165\", \"name\": \"https://github.com/opencontainers/runc/commit/d61fd29d854b416feaaf128bf650325cd2182165\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/d40b3439a9614a86e87b81a94c6811ec6fa2d7d2\", \"name\": \"https://github.com/opencontainers/runc/commit/d40b3439a9614a86e87b81a94c6811ec6fa2d7d2\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/b3dd1bc562ed9996d1a0f249e056c16624046d28\", \"name\": \"https://github.com/opencontainers/runc/commit/b3dd1bc562ed9996d1a0f249e056c16624046d28\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/77d217c7c3775d8ca5af89e477e81568ef4572db\", \"name\": \"https://github.com/opencontainers/runc/commit/77d217c7c3775d8ca5af89e477e81568ef4572db\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/77889b56db939c323d29d1130f28f9aea2edb544\", \"name\": \"https://github.com/opencontainers/runc/commit/77889b56db939c323d29d1130f28f9aea2edb544\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/6fc191449109ea14bb7d61238f24a33fe08c651f\", \"name\": \"https://github.com/opencontainers/runc/commit/6fc191449109ea14bb7d61238f24a33fe08c651f\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/4b37cd93f86e72feac866442988b549b5b7bf3e6\", \"name\": \"https://github.com/opencontainers/runc/commit/4b37cd93f86e72feac866442988b549b5b7bf3e6\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/44a0fcf685db051c80b8c269812bb177f5802c58\", \"name\": \"https://github.com/opencontainers/runc/commit/44a0fcf685db051c80b8c269812bb177f5802c58\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/435cc81be6b79cdec73b4002c0dae549b2f6ae6d\", \"name\": \"https://github.com/opencontainers/runc/commit/435cc81be6b79cdec73b4002c0dae549b2f6ae6d\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/commit/3f925525b44d247e390e529e772a0dc0c0bc3557\", \"name\": \"https://github.com/opencontainers/runc/commit/3f925525b44d247e390e529e772a0dc0c0bc3557\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md\", \"name\": \"https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322\", \"name\": \"http://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3\", \"name\": \"http://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-61\", \"description\": \"CWE-61: UNIX Symbolic Link (Symlink) Following\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-363\", \"description\": \"CWE-363: Race Condition Enabling Link Following\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-11-06T20:23:36.237Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-52881\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-06T21:07:09.382Z\", \"dateReserved\": \"2025-06-20T17:42:25.708Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-11-06T20:23:36.237Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2025:4079-1
Vulnerability from csaf_suse - Published: 2025-11-12 12:48 - Updated: 2025-11-12 12:48Summary
Security update for podman
Severity
Important
Notes
Title of the patch: Security update for podman
Description of the patch: This update for podman fixes the following issues:
- CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252376)
- CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252376)
- CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252376)
Other fixes:
- podman and buildah with runc 1.3.2 fail with lots of warnings as rootless (bsc#1252543)
Patchnames: SUSE-2025-4079,SUSE-SLE-Micro-5.3-2025-4079,SUSE-SLE-Micro-5.4-2025-4079,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-4079,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-4079,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-4079,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-4079
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-4.9.5-150400.4.59.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-docker-4.9.5-150400.4.59.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-remote-4.9.5-150400.4.59.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-remote-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-docker-4.9.5-150400.4.59.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:podman-docker-4.9.5-150400.4.59.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-4.9.5-150400.4.59.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-docker-4.9.5-150400.4.59.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-remote-4.9.5-150400.4.59.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-remote-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-4.9.5-150400.4.59.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-docker-4.9.5-150400.4.59.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-remote-4.9.5-150400.4.59.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-remote-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-docker-4.9.5-150400.4.59.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:podman-docker-4.9.5-150400.4.59.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-4.9.5-150400.4.59.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-docker-4.9.5-150400.4.59.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-remote-4.9.5-150400.4.59.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-remote-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
36 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-4.9.5-150400.4.59.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-docker-4.9.5-150400.4.59.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-remote-4.9.5-150400.4.59.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-remote-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-docker-4.9.5-150400.4.59.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:podman-docker-4.9.5-150400.4.59.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-4.9.5-150400.4.59.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-docker-4.9.5-150400.4.59.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-remote-4.9.5-150400.4.59.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-remote-4.9.5-150400.4.59.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for podman",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for podman fixes the following issues:\n\n- CVE-2025-31133: Fixed container escape via \u0027masked path\u0027 abuse due to mount race conditions (bsc#1252376)\n- CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252376)\n- CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252376)\n \nOther fixes:\n- podman and buildah with runc 1.3.2 fail with lots of warnings as rootless (bsc#1252543)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-4079,SUSE-SLE-Micro-5.3-2025-4079,SUSE-SLE-Micro-5.4-2025-4079,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-4079,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-4079,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-4079,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-4079",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4079-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:4079-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20254079-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:4079-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023273.html"
},
{
"category": "self",
"summary": "SUSE Bug 1252376",
"url": "https://bugzilla.suse.com/1252376"
},
{
"category": "self",
"summary": "SUSE Bug 1252543",
"url": "https://bugzilla.suse.com/1252543"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31133 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52565 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52565/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52881/"
}
],
"title": "Security update for podman",
"tracking": {
"current_release_date": "2025-11-12T12:48:51Z",
"generator": {
"date": "2025-11-12T12:48:51Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:4079-1",
"initial_release_date": "2025-11-12T12:48:51Z",
"revision_history": [
{
"date": "2025-11-12T12:48:51Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "podman-4.9.5-150400.4.59.2.aarch64",
"product": {
"name": "podman-4.9.5-150400.4.59.2.aarch64",
"product_id": "podman-4.9.5-150400.4.59.2.aarch64"
}
},
{
"category": "product_version",
"name": "podman-remote-4.9.5-150400.4.59.2.aarch64",
"product": {
"name": "podman-remote-4.9.5-150400.4.59.2.aarch64",
"product_id": "podman-remote-4.9.5-150400.4.59.2.aarch64"
}
},
{
"category": "product_version",
"name": "podmansh-4.9.5-150400.4.59.2.aarch64",
"product": {
"name": "podmansh-4.9.5-150400.4.59.2.aarch64",
"product_id": "podmansh-4.9.5-150400.4.59.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-4.9.5-150400.4.59.2.i586",
"product": {
"name": "podman-4.9.5-150400.4.59.2.i586",
"product_id": "podman-4.9.5-150400.4.59.2.i586"
}
},
{
"category": "product_version",
"name": "podman-remote-4.9.5-150400.4.59.2.i586",
"product": {
"name": "podman-remote-4.9.5-150400.4.59.2.i586",
"product_id": "podman-remote-4.9.5-150400.4.59.2.i586"
}
},
{
"category": "product_version",
"name": "podmansh-4.9.5-150400.4.59.2.i586",
"product": {
"name": "podmansh-4.9.5-150400.4.59.2.i586",
"product_id": "podmansh-4.9.5-150400.4.59.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-docker-4.9.5-150400.4.59.2.noarch",
"product": {
"name": "podman-docker-4.9.5-150400.4.59.2.noarch",
"product_id": "podman-docker-4.9.5-150400.4.59.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-4.9.5-150400.4.59.2.ppc64le",
"product": {
"name": "podman-4.9.5-150400.4.59.2.ppc64le",
"product_id": "podman-4.9.5-150400.4.59.2.ppc64le"
}
},
{
"category": "product_version",
"name": "podman-remote-4.9.5-150400.4.59.2.ppc64le",
"product": {
"name": "podman-remote-4.9.5-150400.4.59.2.ppc64le",
"product_id": "podman-remote-4.9.5-150400.4.59.2.ppc64le"
}
},
{
"category": "product_version",
"name": "podmansh-4.9.5-150400.4.59.2.ppc64le",
"product": {
"name": "podmansh-4.9.5-150400.4.59.2.ppc64le",
"product_id": "podmansh-4.9.5-150400.4.59.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-4.9.5-150400.4.59.2.s390x",
"product": {
"name": "podman-4.9.5-150400.4.59.2.s390x",
"product_id": "podman-4.9.5-150400.4.59.2.s390x"
}
},
{
"category": "product_version",
"name": "podman-remote-4.9.5-150400.4.59.2.s390x",
"product": {
"name": "podman-remote-4.9.5-150400.4.59.2.s390x",
"product_id": "podman-remote-4.9.5-150400.4.59.2.s390x"
}
},
{
"category": "product_version",
"name": "podmansh-4.9.5-150400.4.59.2.s390x",
"product": {
"name": "podmansh-4.9.5-150400.4.59.2.s390x",
"product_id": "podmansh-4.9.5-150400.4.59.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-4.9.5-150400.4.59.2.x86_64",
"product": {
"name": "podman-4.9.5-150400.4.59.2.x86_64",
"product_id": "podman-4.9.5-150400.4.59.2.x86_64"
}
},
{
"category": "product_version",
"name": "podman-remote-4.9.5-150400.4.59.2.x86_64",
"product": {
"name": "podman-remote-4.9.5-150400.4.59.2.x86_64",
"product_id": "podman-remote-4.9.5-150400.4.59.2.x86_64"
}
},
{
"category": "product_version",
"name": "podmansh-4.9.5-150400.4.59.2.x86_64",
"product": {
"name": "podmansh-4.9.5-150400.4.59.2.x86_64",
"product_id": "podmansh-4.9.5-150400.4.59.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150400.4.59.2.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.aarch64"
},
"product_reference": "podman-4.9.5-150400.4.59.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150400.4.59.2.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.s390x"
},
"product_reference": "podman-4.9.5-150400.4.59.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150400.4.59.2.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.x86_64"
},
"product_reference": "podman-4.9.5-150400.4.59.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150400.4.59.2.aarch64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.aarch64"
},
"product_reference": "podman-remote-4.9.5-150400.4.59.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150400.4.59.2.s390x as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.s390x"
},
"product_reference": "podman-remote-4.9.5-150400.4.59.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150400.4.59.2.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.x86_64"
},
"product_reference": "podman-remote-4.9.5-150400.4.59.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150400.4.59.2.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.aarch64"
},
"product_reference": "podman-4.9.5-150400.4.59.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150400.4.59.2.s390x as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.s390x"
},
"product_reference": "podman-4.9.5-150400.4.59.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150400.4.59.2.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.x86_64"
},
"product_reference": "podman-4.9.5-150400.4.59.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150400.4.59.2.aarch64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.aarch64"
},
"product_reference": "podman-remote-4.9.5-150400.4.59.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150400.4.59.2.s390x as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.s390x"
},
"product_reference": "podman-remote-4.9.5-150400.4.59.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150400.4.59.2.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.x86_64"
},
"product_reference": "podman-remote-4.9.5-150400.4.59.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150400.4.59.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-4.9.5-150400.4.59.2.aarch64"
},
"product_reference": "podman-4.9.5-150400.4.59.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150400.4.59.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-4.9.5-150400.4.59.2.x86_64"
},
"product_reference": "podman-4.9.5-150400.4.59.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-4.9.5-150400.4.59.2.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-docker-4.9.5-150400.4.59.2.noarch"
},
"product_reference": "podman-docker-4.9.5-150400.4.59.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150400.4.59.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-remote-4.9.5-150400.4.59.2.aarch64"
},
"product_reference": "podman-remote-4.9.5-150400.4.59.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150400.4.59.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-remote-4.9.5-150400.4.59.2.x86_64"
},
"product_reference": "podman-remote-4.9.5-150400.4.59.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150400.4.59.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.aarch64"
},
"product_reference": "podman-4.9.5-150400.4.59.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150400.4.59.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.x86_64"
},
"product_reference": "podman-4.9.5-150400.4.59.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-4.9.5-150400.4.59.2.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-docker-4.9.5-150400.4.59.2.noarch"
},
"product_reference": "podman-docker-4.9.5-150400.4.59.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150400.4.59.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.aarch64"
},
"product_reference": "podman-remote-4.9.5-150400.4.59.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150400.4.59.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.x86_64"
},
"product_reference": "podman-remote-4.9.5-150400.4.59.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150400.4.59.2.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.aarch64"
},
"product_reference": "podman-4.9.5-150400.4.59.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150400.4.59.2.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.ppc64le"
},
"product_reference": "podman-4.9.5-150400.4.59.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150400.4.59.2.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.s390x"
},
"product_reference": "podman-4.9.5-150400.4.59.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150400.4.59.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.x86_64"
},
"product_reference": "podman-4.9.5-150400.4.59.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-4.9.5-150400.4.59.2.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:podman-docker-4.9.5-150400.4.59.2.noarch"
},
"product_reference": "podman-docker-4.9.5-150400.4.59.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150400.4.59.2.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.aarch64"
},
"product_reference": "podman-remote-4.9.5-150400.4.59.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150400.4.59.2.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.ppc64le"
},
"product_reference": "podman-remote-4.9.5-150400.4.59.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150400.4.59.2.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.s390x"
},
"product_reference": "podman-remote-4.9.5-150400.4.59.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150400.4.59.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.x86_64"
},
"product_reference": "podman-remote-4.9.5-150400.4.59.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150400.4.59.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-4.9.5-150400.4.59.2.ppc64le"
},
"product_reference": "podman-4.9.5-150400.4.59.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150400.4.59.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-4.9.5-150400.4.59.2.x86_64"
},
"product_reference": "podman-4.9.5-150400.4.59.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-4.9.5-150400.4.59.2.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-docker-4.9.5-150400.4.59.2.noarch"
},
"product_reference": "podman-docker-4.9.5-150400.4.59.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150400.4.59.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-remote-4.9.5-150400.4.59.2.ppc64le"
},
"product_reference": "podman-remote-4.9.5-150400.4.59.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150400.4.59.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-remote-4.9.5-150400.4.59.2.x86_64"
},
"product_reference": "podman-remote-4.9.5-150400.4.59.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31133"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container\u0027s /dev/null) was actually a real /dev/null inode when using the container\u0027s /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-remote-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-remote-4.9.5-150400.4.59.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31133",
"url": "https://www.suse.com/security/cve/CVE-2025-31133"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-remote-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-remote-4.9.5-150400.4.59.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-remote-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-remote-4.9.5-150400.4.59.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-12T12:48:51Z",
"details": "important"
}
],
"title": "CVE-2025-31133"
},
{
"cve": "CVE-2025-52565",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52565"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-remote-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-remote-4.9.5-150400.4.59.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52565",
"url": "https://www.suse.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-remote-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-remote-4.9.5-150400.4.59.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-remote-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-remote-4.9.5-150400.4.59.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-12T12:48:51Z",
"details": "important"
}
],
"title": "CVE-2025-52565"
},
{
"cve": "CVE-2025-52881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52881"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-remote-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-remote-4.9.5-150400.4.59.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52881",
"url": "https://www.suse.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-remote-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-remote-4.9.5-150400.4.59.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.3:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.4:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Micro 5.4:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:podman-remote-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-4.9.5-150400.4.59.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-docker-4.9.5-150400.4.59.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-remote-4.9.5-150400.4.59.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:podman-remote-4.9.5-150400.4.59.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-12T12:48:51Z",
"details": "important"
}
],
"title": "CVE-2025-52881"
}
]
}
SUSE-SU-2025:4080-1
Vulnerability from csaf_suse - Published: 2025-11-12 12:49 - Updated: 2025-11-12 12:49Summary
Security update for podman
Severity
Important
Notes
Title of the patch: Security update for podman
Description of the patch: This update for podman fixes the following issues:
- CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252376)
- CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252376)
- CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252376)
Other fixes:
- Fix: podman and buildah with runc 1.3.2 fail with lots of warnings as rootless (bsc#1252543)
- Add symlink to catatonit in /usr/libexec/podman (bsc#1248988)
Patchnames: SUSE-2025-4080,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-4080,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-4080,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-4080,SUSE-SUSE-MicroOS-5.1-2025-4080,SUSE-SUSE-MicroOS-5.2-2025-4080,SUSE-Storage-7.1-2025-4080
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:podman-4.9.5-150300.9.63.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:podman-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:podman-remote-4.9.5-150300.9.63.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:podman-remote-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.9.5-150300.9.63.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-remote-4.9.5-150300.9.63.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-remote-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:podman-4.9.5-150300.9.63.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:podman-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:podman-remote-4.9.5-150300.9.63.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:podman-remote-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.9.5-150300.9.63.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-remote-4.9.5-150300.9.63.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-remote-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:podman-4.9.5-150300.9.63.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:podman-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:podman-remote-4.9.5-150300.9.63.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:podman-remote-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.9.5-150300.9.63.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-remote-4.9.5-150300.9.63.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-remote-4.9.5-150300.9.63.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
19 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for podman",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for podman fixes the following issues:\n\n- CVE-2025-31133: Fixed container escape via \u0027masked path\u0027 abuse due to mount race conditions (bsc#1252376)\n- CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252376)\n- CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252376)\n \nOther fixes:\n \n- Fix: podman and buildah with runc 1.3.2 fail with lots of warnings as rootless (bsc#1252543)\n- Add symlink to catatonit in /usr/libexec/podman (bsc#1248988)\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-4080,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-4080,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-4080,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-4080,SUSE-SUSE-MicroOS-5.1-2025-4080,SUSE-SUSE-MicroOS-5.2-2025-4080,SUSE-Storage-7.1-2025-4080",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4080-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:4080-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20254080-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:4080-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023272.html"
},
{
"category": "self",
"summary": "SUSE Bug 1248988",
"url": "https://bugzilla.suse.com/1248988"
},
{
"category": "self",
"summary": "SUSE Bug 1252376",
"url": "https://bugzilla.suse.com/1252376"
},
{
"category": "self",
"summary": "SUSE Bug 1252543",
"url": "https://bugzilla.suse.com/1252543"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31133 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52565 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52565/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52881/"
}
],
"title": "Security update for podman",
"tracking": {
"current_release_date": "2025-11-12T12:49:06Z",
"generator": {
"date": "2025-11-12T12:49:06Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:4080-1",
"initial_release_date": "2025-11-12T12:49:06Z",
"revision_history": [
{
"date": "2025-11-12T12:49:06Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "podman-4.9.5-150300.9.63.2.aarch64",
"product": {
"name": "podman-4.9.5-150300.9.63.2.aarch64",
"product_id": "podman-4.9.5-150300.9.63.2.aarch64"
}
},
{
"category": "product_version",
"name": "podman-remote-4.9.5-150300.9.63.2.aarch64",
"product": {
"name": "podman-remote-4.9.5-150300.9.63.2.aarch64",
"product_id": "podman-remote-4.9.5-150300.9.63.2.aarch64"
}
},
{
"category": "product_version",
"name": "podmansh-4.9.5-150300.9.63.2.aarch64",
"product": {
"name": "podmansh-4.9.5-150300.9.63.2.aarch64",
"product_id": "podmansh-4.9.5-150300.9.63.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-4.9.5-150300.9.63.2.i586",
"product": {
"name": "podman-4.9.5-150300.9.63.2.i586",
"product_id": "podman-4.9.5-150300.9.63.2.i586"
}
},
{
"category": "product_version",
"name": "podman-remote-4.9.5-150300.9.63.2.i586",
"product": {
"name": "podman-remote-4.9.5-150300.9.63.2.i586",
"product_id": "podman-remote-4.9.5-150300.9.63.2.i586"
}
},
{
"category": "product_version",
"name": "podmansh-4.9.5-150300.9.63.2.i586",
"product": {
"name": "podmansh-4.9.5-150300.9.63.2.i586",
"product_id": "podmansh-4.9.5-150300.9.63.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-docker-4.9.5-150300.9.63.2.noarch",
"product": {
"name": "podman-docker-4.9.5-150300.9.63.2.noarch",
"product_id": "podman-docker-4.9.5-150300.9.63.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-4.9.5-150300.9.63.2.ppc64le",
"product": {
"name": "podman-4.9.5-150300.9.63.2.ppc64le",
"product_id": "podman-4.9.5-150300.9.63.2.ppc64le"
}
},
{
"category": "product_version",
"name": "podman-remote-4.9.5-150300.9.63.2.ppc64le",
"product": {
"name": "podman-remote-4.9.5-150300.9.63.2.ppc64le",
"product_id": "podman-remote-4.9.5-150300.9.63.2.ppc64le"
}
},
{
"category": "product_version",
"name": "podmansh-4.9.5-150300.9.63.2.ppc64le",
"product": {
"name": "podmansh-4.9.5-150300.9.63.2.ppc64le",
"product_id": "podmansh-4.9.5-150300.9.63.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-4.9.5-150300.9.63.2.s390x",
"product": {
"name": "podman-4.9.5-150300.9.63.2.s390x",
"product_id": "podman-4.9.5-150300.9.63.2.s390x"
}
},
{
"category": "product_version",
"name": "podman-remote-4.9.5-150300.9.63.2.s390x",
"product": {
"name": "podman-remote-4.9.5-150300.9.63.2.s390x",
"product_id": "podman-remote-4.9.5-150300.9.63.2.s390x"
}
},
{
"category": "product_version",
"name": "podmansh-4.9.5-150300.9.63.2.s390x",
"product": {
"name": "podmansh-4.9.5-150300.9.63.2.s390x",
"product_id": "podmansh-4.9.5-150300.9.63.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-4.9.5-150300.9.63.2.x86_64",
"product": {
"name": "podman-4.9.5-150300.9.63.2.x86_64",
"product_id": "podman-4.9.5-150300.9.63.2.x86_64"
}
},
{
"category": "product_version",
"name": "podman-remote-4.9.5-150300.9.63.2.x86_64",
"product": {
"name": "podman-remote-4.9.5-150300.9.63.2.x86_64",
"product_id": "podman-remote-4.9.5-150300.9.63.2.x86_64"
}
},
{
"category": "product_version",
"name": "podmansh-4.9.5-150300.9.63.2.x86_64",
"product": {
"name": "podmansh-4.9.5-150300.9.63.2.x86_64",
"product_id": "podmansh-4.9.5-150300.9.63.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150300.9.63.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.aarch64"
},
"product_reference": "podman-4.9.5-150300.9.63.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150300.9.63.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.x86_64"
},
"product_reference": "podman-4.9.5-150300.9.63.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150300.9.63.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.aarch64"
},
"product_reference": "podman-remote-4.9.5-150300.9.63.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150300.9.63.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.x86_64"
},
"product_reference": "podman-remote-4.9.5-150300.9.63.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150300.9.63.2.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.aarch64"
},
"product_reference": "podman-4.9.5-150300.9.63.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150300.9.63.2.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.ppc64le"
},
"product_reference": "podman-4.9.5-150300.9.63.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150300.9.63.2.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.s390x"
},
"product_reference": "podman-4.9.5-150300.9.63.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150300.9.63.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.x86_64"
},
"product_reference": "podman-4.9.5-150300.9.63.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150300.9.63.2.aarch64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.aarch64"
},
"product_reference": "podman-remote-4.9.5-150300.9.63.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150300.9.63.2.ppc64le as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.ppc64le"
},
"product_reference": "podman-remote-4.9.5-150300.9.63.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150300.9.63.2.s390x as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.s390x"
},
"product_reference": "podman-remote-4.9.5-150300.9.63.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150300.9.63.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.x86_64"
},
"product_reference": "podman-remote-4.9.5-150300.9.63.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150300.9.63.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.9.5-150300.9.63.2.ppc64le"
},
"product_reference": "podman-4.9.5-150300.9.63.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150300.9.63.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.9.5-150300.9.63.2.x86_64"
},
"product_reference": "podman-4.9.5-150300.9.63.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150300.9.63.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-remote-4.9.5-150300.9.63.2.ppc64le"
},
"product_reference": "podman-remote-4.9.5-150300.9.63.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150300.9.63.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-remote-4.9.5-150300.9.63.2.x86_64"
},
"product_reference": "podman-remote-4.9.5-150300.9.63.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150300.9.63.2.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.aarch64"
},
"product_reference": "podman-4.9.5-150300.9.63.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150300.9.63.2.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.s390x"
},
"product_reference": "podman-4.9.5-150300.9.63.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150300.9.63.2.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.x86_64"
},
"product_reference": "podman-4.9.5-150300.9.63.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150300.9.63.2.aarch64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.aarch64"
},
"product_reference": "podman-remote-4.9.5-150300.9.63.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150300.9.63.2.s390x as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.s390x"
},
"product_reference": "podman-remote-4.9.5-150300.9.63.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150300.9.63.2.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.x86_64"
},
"product_reference": "podman-remote-4.9.5-150300.9.63.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150300.9.63.2.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.aarch64"
},
"product_reference": "podman-4.9.5-150300.9.63.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150300.9.63.2.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.s390x"
},
"product_reference": "podman-4.9.5-150300.9.63.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150300.9.63.2.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.x86_64"
},
"product_reference": "podman-4.9.5-150300.9.63.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150300.9.63.2.aarch64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.aarch64"
},
"product_reference": "podman-remote-4.9.5-150300.9.63.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150300.9.63.2.s390x as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.s390x"
},
"product_reference": "podman-remote-4.9.5-150300.9.63.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150300.9.63.2.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.x86_64"
},
"product_reference": "podman-remote-4.9.5-150300.9.63.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150300.9.63.2.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:podman-4.9.5-150300.9.63.2.aarch64"
},
"product_reference": "podman-4.9.5-150300.9.63.2.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150300.9.63.2.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:podman-4.9.5-150300.9.63.2.x86_64"
},
"product_reference": "podman-4.9.5-150300.9.63.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150300.9.63.2.aarch64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:podman-remote-4.9.5-150300.9.63.2.aarch64"
},
"product_reference": "podman-remote-4.9.5-150300.9.63.2.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150300.9.63.2.x86_64 as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:podman-remote-4.9.5-150300.9.63.2.x86_64"
},
"product_reference": "podman-remote-4.9.5-150300.9.63.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31133"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container\u0027s /dev/null) was actually a real /dev/null inode when using the container\u0027s /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Enterprise Storage 7.1:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Enterprise Storage 7.1:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Enterprise Storage 7.1:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-remote-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-remote-4.9.5-150300.9.63.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31133",
"url": "https://www.suse.com/security/cve/CVE-2025-31133"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Enterprise Storage 7.1:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Enterprise Storage 7.1:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Enterprise Storage 7.1:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-remote-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-remote-4.9.5-150300.9.63.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Enterprise Storage 7.1:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Enterprise Storage 7.1:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Enterprise Storage 7.1:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-remote-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-remote-4.9.5-150300.9.63.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-12T12:49:06Z",
"details": "important"
}
],
"title": "CVE-2025-31133"
},
{
"cve": "CVE-2025-52565",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52565"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Enterprise Storage 7.1:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Enterprise Storage 7.1:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Enterprise Storage 7.1:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-remote-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-remote-4.9.5-150300.9.63.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52565",
"url": "https://www.suse.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Enterprise Storage 7.1:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Enterprise Storage 7.1:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Enterprise Storage 7.1:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-remote-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-remote-4.9.5-150300.9.63.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Enterprise Storage 7.1:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Enterprise Storage 7.1:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Enterprise Storage 7.1:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-remote-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-remote-4.9.5-150300.9.63.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-12T12:49:06Z",
"details": "important"
}
],
"title": "CVE-2025-52565"
},
{
"cve": "CVE-2025-52881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52881"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Enterprise Storage 7.1:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Enterprise Storage 7.1:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Enterprise Storage 7.1:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-remote-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-remote-4.9.5-150300.9.63.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52881",
"url": "https://www.suse.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Enterprise Storage 7.1:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Enterprise Storage 7.1:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Enterprise Storage 7.1:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-remote-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-remote-4.9.5-150300.9.63.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Enterprise Storage 7.1:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Enterprise Storage 7.1:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Enterprise Storage 7.1:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.1:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Micro 5.2:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.aarch64",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.s390x",
"SUSE Linux Enterprise Server 15 SP3-LTSS:podman-remote-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-4.9.5-150300.9.63.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-remote-4.9.5-150300.9.63.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:podman-remote-4.9.5-150300.9.63.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-12T12:49:06Z",
"details": "important"
}
],
"title": "CVE-2025-52881"
}
]
}
SUSE-SU-2025:4081-1
Vulnerability from csaf_suse - Published: 2025-11-12 12:49 - Updated: 2025-11-12 12:49Summary
Security update for podman
Severity
Important
Notes
Title of the patch: Security update for podman
Description of the patch: This update for podman fixes the following issues:
- CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252376)
- CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252376)
- CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252376)
Other fixes:
- Fix: podman and buildah with runc 1.3.2 fail with lots of warnings as rootless (bsc#1252543)
Patchnames: SUSE-2025-4081,SUSE-SLE-Micro-5.5-2025-4081,SUSE-SLE-Module-Containers-15-SP6-2025-4081,SUSE-SLE-Module-Containers-15-SP7-2025-4081,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-4081,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-4081,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-4081,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-4081,openSUSE-SLE-15.6-2025-4081
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
86 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-docker-4.9.5-150500.3.56.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-remote-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-remote-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podmansh-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podmansh-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-docker-4.9.5-150500.3.56.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podman-docker-4.9.5-150500.3.56.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podman-docker-4.9.5-150500.3.56.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podman-docker-4.9.5-150500.3.56.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podman-docker-4.9.5-150500.3.56.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-docker-4.9.5-150500.3.56.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-remote-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-remote-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:podmansh-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:podmansh-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podman-docker-4.9.5-150500.3.56.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
86 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-docker-4.9.5-150500.3.56.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-remote-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-remote-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podmansh-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podmansh-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-docker-4.9.5-150500.3.56.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podman-docker-4.9.5-150500.3.56.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podman-docker-4.9.5-150500.3.56.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podman-docker-4.9.5-150500.3.56.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podman-docker-4.9.5-150500.3.56.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-docker-4.9.5-150500.3.56.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-remote-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-remote-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:podmansh-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:podmansh-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podman-docker-4.9.5-150500.3.56.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
86 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-docker-4.9.5-150500.3.56.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-remote-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-remote-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podmansh-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podmansh-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-docker-4.9.5-150500.3.56.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podman-docker-4.9.5-150500.3.56.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podman-docker-4.9.5-150500.3.56.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podman-docker-4.9.5-150500.3.56.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podman-docker-4.9.5-150500.3.56.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-docker-4.9.5-150500.3.56.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-remote-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-remote-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:podmansh-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP5:podmansh-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podman-docker-4.9.5-150500.3.56.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
18 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for podman",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for podman fixes the following issues:\n\n- CVE-2025-31133: Fixed container escape via \u0027masked path\u0027 abuse due to mount race conditions (bsc#1252376)\n- CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252376)\n- CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252376)\n \nOther fixes:\n \n- Fix: podman and buildah with runc 1.3.2 fail with lots of warnings as rootless (bsc#1252543)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-4081,SUSE-SLE-Micro-5.5-2025-4081,SUSE-SLE-Module-Containers-15-SP6-2025-4081,SUSE-SLE-Module-Containers-15-SP7-2025-4081,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-4081,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-4081,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-4081,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-4081,openSUSE-SLE-15.6-2025-4081",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_4081-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:4081-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20254081-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:4081-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-November/023271.html"
},
{
"category": "self",
"summary": "SUSE Bug 1252376",
"url": "https://bugzilla.suse.com/1252376"
},
{
"category": "self",
"summary": "SUSE Bug 1252543",
"url": "https://bugzilla.suse.com/1252543"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31133 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52565 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52565/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52881/"
}
],
"title": "Security update for podman",
"tracking": {
"current_release_date": "2025-11-12T12:49:35Z",
"generator": {
"date": "2025-11-12T12:49:35Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:4081-1",
"initial_release_date": "2025-11-12T12:49:35Z",
"revision_history": [
{
"date": "2025-11-12T12:49:35Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "podman-4.9.5-150500.3.56.2.aarch64",
"product": {
"name": "podman-4.9.5-150500.3.56.2.aarch64",
"product_id": "podman-4.9.5-150500.3.56.2.aarch64"
}
},
{
"category": "product_version",
"name": "podman-remote-4.9.5-150500.3.56.2.aarch64",
"product": {
"name": "podman-remote-4.9.5-150500.3.56.2.aarch64",
"product_id": "podman-remote-4.9.5-150500.3.56.2.aarch64"
}
},
{
"category": "product_version",
"name": "podmansh-4.9.5-150500.3.56.2.aarch64",
"product": {
"name": "podmansh-4.9.5-150500.3.56.2.aarch64",
"product_id": "podmansh-4.9.5-150500.3.56.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-4.9.5-150500.3.56.2.i586",
"product": {
"name": "podman-4.9.5-150500.3.56.2.i586",
"product_id": "podman-4.9.5-150500.3.56.2.i586"
}
},
{
"category": "product_version",
"name": "podman-remote-4.9.5-150500.3.56.2.i586",
"product": {
"name": "podman-remote-4.9.5-150500.3.56.2.i586",
"product_id": "podman-remote-4.9.5-150500.3.56.2.i586"
}
},
{
"category": "product_version",
"name": "podmansh-4.9.5-150500.3.56.2.i586",
"product": {
"name": "podmansh-4.9.5-150500.3.56.2.i586",
"product_id": "podmansh-4.9.5-150500.3.56.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-docker-4.9.5-150500.3.56.2.noarch",
"product": {
"name": "podman-docker-4.9.5-150500.3.56.2.noarch",
"product_id": "podman-docker-4.9.5-150500.3.56.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-4.9.5-150500.3.56.2.ppc64le",
"product": {
"name": "podman-4.9.5-150500.3.56.2.ppc64le",
"product_id": "podman-4.9.5-150500.3.56.2.ppc64le"
}
},
{
"category": "product_version",
"name": "podman-remote-4.9.5-150500.3.56.2.ppc64le",
"product": {
"name": "podman-remote-4.9.5-150500.3.56.2.ppc64le",
"product_id": "podman-remote-4.9.5-150500.3.56.2.ppc64le"
}
},
{
"category": "product_version",
"name": "podmansh-4.9.5-150500.3.56.2.ppc64le",
"product": {
"name": "podmansh-4.9.5-150500.3.56.2.ppc64le",
"product_id": "podmansh-4.9.5-150500.3.56.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-4.9.5-150500.3.56.2.s390x",
"product": {
"name": "podman-4.9.5-150500.3.56.2.s390x",
"product_id": "podman-4.9.5-150500.3.56.2.s390x"
}
},
{
"category": "product_version",
"name": "podman-remote-4.9.5-150500.3.56.2.s390x",
"product": {
"name": "podman-remote-4.9.5-150500.3.56.2.s390x",
"product_id": "podman-remote-4.9.5-150500.3.56.2.s390x"
}
},
{
"category": "product_version",
"name": "podmansh-4.9.5-150500.3.56.2.s390x",
"product": {
"name": "podmansh-4.9.5-150500.3.56.2.s390x",
"product_id": "podmansh-4.9.5-150500.3.56.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-4.9.5-150500.3.56.2.x86_64",
"product": {
"name": "podman-4.9.5-150500.3.56.2.x86_64",
"product_id": "podman-4.9.5-150500.3.56.2.x86_64"
}
},
{
"category": "product_version",
"name": "podman-remote-4.9.5-150500.3.56.2.x86_64",
"product": {
"name": "podman-remote-4.9.5-150500.3.56.2.x86_64",
"product_id": "podman-remote-4.9.5-150500.3.56.2.x86_64"
}
},
{
"category": "product_version",
"name": "podmansh-4.9.5-150500.3.56.2.x86_64",
"product": {
"name": "podmansh-4.9.5-150500.3.56.2.x86_64",
"product_id": "podmansh-4.9.5-150500.3.56.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150500.3.56.2.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.aarch64"
},
"product_reference": "podman-4.9.5-150500.3.56.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150500.3.56.2.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.ppc64le"
},
"product_reference": "podman-4.9.5-150500.3.56.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150500.3.56.2.s390x as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.s390x"
},
"product_reference": "podman-4.9.5-150500.3.56.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150500.3.56.2.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.x86_64"
},
"product_reference": "podman-4.9.5-150500.3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-4.9.5-150500.3.56.2.noarch as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:podman-docker-4.9.5-150500.3.56.2.noarch"
},
"product_reference": "podman-docker-4.9.5-150500.3.56.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150500.3.56.2.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.aarch64"
},
"product_reference": "podman-remote-4.9.5-150500.3.56.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150500.3.56.2.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.ppc64le"
},
"product_reference": "podman-remote-4.9.5-150500.3.56.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150500.3.56.2.s390x as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.s390x"
},
"product_reference": "podman-remote-4.9.5-150500.3.56.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150500.3.56.2.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.x86_64"
},
"product_reference": "podman-remote-4.9.5-150500.3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-4.9.5-150500.3.56.2.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.aarch64"
},
"product_reference": "podmansh-4.9.5-150500.3.56.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-4.9.5-150500.3.56.2.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.ppc64le"
},
"product_reference": "podmansh-4.9.5-150500.3.56.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-4.9.5-150500.3.56.2.s390x as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.s390x"
},
"product_reference": "podmansh-4.9.5-150500.3.56.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-4.9.5-150500.3.56.2.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.x86_64"
},
"product_reference": "podmansh-4.9.5-150500.3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150500.3.56.2.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.aarch64"
},
"product_reference": "podman-4.9.5-150500.3.56.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150500.3.56.2.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.ppc64le"
},
"product_reference": "podman-4.9.5-150500.3.56.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150500.3.56.2.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.s390x"
},
"product_reference": "podman-4.9.5-150500.3.56.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150500.3.56.2.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.x86_64"
},
"product_reference": "podman-4.9.5-150500.3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-4.9.5-150500.3.56.2.noarch as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:podman-docker-4.9.5-150500.3.56.2.noarch"
},
"product_reference": "podman-docker-4.9.5-150500.3.56.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150500.3.56.2.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.aarch64"
},
"product_reference": "podman-remote-4.9.5-150500.3.56.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150500.3.56.2.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.ppc64le"
},
"product_reference": "podman-remote-4.9.5-150500.3.56.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150500.3.56.2.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.s390x"
},
"product_reference": "podman-remote-4.9.5-150500.3.56.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150500.3.56.2.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.x86_64"
},
"product_reference": "podman-remote-4.9.5-150500.3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-4.9.5-150500.3.56.2.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.aarch64"
},
"product_reference": "podmansh-4.9.5-150500.3.56.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-4.9.5-150500.3.56.2.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.ppc64le"
},
"product_reference": "podmansh-4.9.5-150500.3.56.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-4.9.5-150500.3.56.2.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.s390x"
},
"product_reference": "podmansh-4.9.5-150500.3.56.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-4.9.5-150500.3.56.2.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.x86_64"
},
"product_reference": "podmansh-4.9.5-150500.3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150500.3.56.2.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.aarch64"
},
"product_reference": "podman-4.9.5-150500.3.56.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150500.3.56.2.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.ppc64le"
},
"product_reference": "podman-4.9.5-150500.3.56.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150500.3.56.2.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.s390x"
},
"product_reference": "podman-4.9.5-150500.3.56.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150500.3.56.2.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.x86_64"
},
"product_reference": "podman-4.9.5-150500.3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-4.9.5-150500.3.56.2.noarch as component of SUSE Linux Enterprise Module for Containers 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP7:podman-docker-4.9.5-150500.3.56.2.noarch"
},
"product_reference": "podman-docker-4.9.5-150500.3.56.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150500.3.56.2.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.aarch64"
},
"product_reference": "podman-remote-4.9.5-150500.3.56.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150500.3.56.2.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.ppc64le"
},
"product_reference": "podman-remote-4.9.5-150500.3.56.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150500.3.56.2.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.s390x"
},
"product_reference": "podman-remote-4.9.5-150500.3.56.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150500.3.56.2.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.x86_64"
},
"product_reference": "podman-remote-4.9.5-150500.3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-4.9.5-150500.3.56.2.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.aarch64"
},
"product_reference": "podmansh-4.9.5-150500.3.56.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-4.9.5-150500.3.56.2.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.ppc64le"
},
"product_reference": "podmansh-4.9.5-150500.3.56.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-4.9.5-150500.3.56.2.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.s390x"
},
"product_reference": "podmansh-4.9.5-150500.3.56.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-4.9.5-150500.3.56.2.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.x86_64"
},
"product_reference": "podmansh-4.9.5-150500.3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150500.3.56.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-4.9.5-150500.3.56.2.aarch64"
},
"product_reference": "podman-4.9.5-150500.3.56.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150500.3.56.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-4.9.5-150500.3.56.2.x86_64"
},
"product_reference": "podman-4.9.5-150500.3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-4.9.5-150500.3.56.2.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-docker-4.9.5-150500.3.56.2.noarch"
},
"product_reference": "podman-docker-4.9.5-150500.3.56.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150500.3.56.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-remote-4.9.5-150500.3.56.2.aarch64"
},
"product_reference": "podman-remote-4.9.5-150500.3.56.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150500.3.56.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-remote-4.9.5-150500.3.56.2.x86_64"
},
"product_reference": "podman-remote-4.9.5-150500.3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-4.9.5-150500.3.56.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podmansh-4.9.5-150500.3.56.2.aarch64"
},
"product_reference": "podmansh-4.9.5-150500.3.56.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-4.9.5-150500.3.56.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podmansh-4.9.5-150500.3.56.2.x86_64"
},
"product_reference": "podmansh-4.9.5-150500.3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150500.3.56.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.aarch64"
},
"product_reference": "podman-4.9.5-150500.3.56.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150500.3.56.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.x86_64"
},
"product_reference": "podman-4.9.5-150500.3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-4.9.5-150500.3.56.2.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-docker-4.9.5-150500.3.56.2.noarch"
},
"product_reference": "podman-docker-4.9.5-150500.3.56.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150500.3.56.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.aarch64"
},
"product_reference": "podman-remote-4.9.5-150500.3.56.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150500.3.56.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.x86_64"
},
"product_reference": "podman-remote-4.9.5-150500.3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-4.9.5-150500.3.56.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.aarch64"
},
"product_reference": "podmansh-4.9.5-150500.3.56.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-4.9.5-150500.3.56.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.x86_64"
},
"product_reference": "podmansh-4.9.5-150500.3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150500.3.56.2.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.aarch64"
},
"product_reference": "podman-4.9.5-150500.3.56.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150500.3.56.2.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.ppc64le"
},
"product_reference": "podman-4.9.5-150500.3.56.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150500.3.56.2.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.s390x"
},
"product_reference": "podman-4.9.5-150500.3.56.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150500.3.56.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.x86_64"
},
"product_reference": "podman-4.9.5-150500.3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-4.9.5-150500.3.56.2.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:podman-docker-4.9.5-150500.3.56.2.noarch"
},
"product_reference": "podman-docker-4.9.5-150500.3.56.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150500.3.56.2.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.aarch64"
},
"product_reference": "podman-remote-4.9.5-150500.3.56.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150500.3.56.2.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.ppc64le"
},
"product_reference": "podman-remote-4.9.5-150500.3.56.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150500.3.56.2.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.s390x"
},
"product_reference": "podman-remote-4.9.5-150500.3.56.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150500.3.56.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.x86_64"
},
"product_reference": "podman-remote-4.9.5-150500.3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-4.9.5-150500.3.56.2.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.aarch64"
},
"product_reference": "podmansh-4.9.5-150500.3.56.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-4.9.5-150500.3.56.2.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.ppc64le"
},
"product_reference": "podmansh-4.9.5-150500.3.56.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-4.9.5-150500.3.56.2.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.s390x"
},
"product_reference": "podmansh-4.9.5-150500.3.56.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-4.9.5-150500.3.56.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.x86_64"
},
"product_reference": "podmansh-4.9.5-150500.3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150500.3.56.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-4.9.5-150500.3.56.2.ppc64le"
},
"product_reference": "podman-4.9.5-150500.3.56.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150500.3.56.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-4.9.5-150500.3.56.2.x86_64"
},
"product_reference": "podman-4.9.5-150500.3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-4.9.5-150500.3.56.2.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-docker-4.9.5-150500.3.56.2.noarch"
},
"product_reference": "podman-docker-4.9.5-150500.3.56.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150500.3.56.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-remote-4.9.5-150500.3.56.2.ppc64le"
},
"product_reference": "podman-remote-4.9.5-150500.3.56.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150500.3.56.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-remote-4.9.5-150500.3.56.2.x86_64"
},
"product_reference": "podman-remote-4.9.5-150500.3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-4.9.5-150500.3.56.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:podmansh-4.9.5-150500.3.56.2.ppc64le"
},
"product_reference": "podmansh-4.9.5-150500.3.56.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-4.9.5-150500.3.56.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:podmansh-4.9.5-150500.3.56.2.x86_64"
},
"product_reference": "podmansh-4.9.5-150500.3.56.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150500.3.56.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.aarch64"
},
"product_reference": "podman-4.9.5-150500.3.56.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150500.3.56.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.ppc64le"
},
"product_reference": "podman-4.9.5-150500.3.56.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150500.3.56.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.s390x"
},
"product_reference": "podman-4.9.5-150500.3.56.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-4.9.5-150500.3.56.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.x86_64"
},
"product_reference": "podman-4.9.5-150500.3.56.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-4.9.5-150500.3.56.2.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:podman-docker-4.9.5-150500.3.56.2.noarch"
},
"product_reference": "podman-docker-4.9.5-150500.3.56.2.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150500.3.56.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.aarch64"
},
"product_reference": "podman-remote-4.9.5-150500.3.56.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150500.3.56.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.ppc64le"
},
"product_reference": "podman-remote-4.9.5-150500.3.56.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150500.3.56.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.s390x"
},
"product_reference": "podman-remote-4.9.5-150500.3.56.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-4.9.5-150500.3.56.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.x86_64"
},
"product_reference": "podman-remote-4.9.5-150500.3.56.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-4.9.5-150500.3.56.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.aarch64"
},
"product_reference": "podmansh-4.9.5-150500.3.56.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-4.9.5-150500.3.56.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.ppc64le"
},
"product_reference": "podmansh-4.9.5-150500.3.56.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-4.9.5-150500.3.56.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.s390x"
},
"product_reference": "podmansh-4.9.5-150500.3.56.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-4.9.5-150500.3.56.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.x86_64"
},
"product_reference": "podmansh-4.9.5-150500.3.56.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31133"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container\u0027s /dev/null) was actually a real /dev/null inode when using the container\u0027s /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podmansh-4.9.5-150500.3.56.2.x86_64",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.aarch64",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.ppc64le",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.s390x",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.x86_64",
"openSUSE Leap 15.6:podman-docker-4.9.5-150500.3.56.2.noarch",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.aarch64",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.s390x",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.x86_64",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.aarch64",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.ppc64le",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.s390x",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31133",
"url": "https://www.suse.com/security/cve/CVE-2025-31133"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podmansh-4.9.5-150500.3.56.2.x86_64",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.aarch64",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.ppc64le",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.s390x",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.x86_64",
"openSUSE Leap 15.6:podman-docker-4.9.5-150500.3.56.2.noarch",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.aarch64",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.s390x",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.x86_64",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.aarch64",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.ppc64le",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.s390x",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podmansh-4.9.5-150500.3.56.2.x86_64",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.aarch64",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.ppc64le",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.s390x",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.x86_64",
"openSUSE Leap 15.6:podman-docker-4.9.5-150500.3.56.2.noarch",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.aarch64",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.s390x",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.x86_64",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.aarch64",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.ppc64le",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.s390x",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-12T12:49:35Z",
"details": "important"
}
],
"title": "CVE-2025-31133"
},
{
"cve": "CVE-2025-52565",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52565"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podmansh-4.9.5-150500.3.56.2.x86_64",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.aarch64",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.ppc64le",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.s390x",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.x86_64",
"openSUSE Leap 15.6:podman-docker-4.9.5-150500.3.56.2.noarch",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.aarch64",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.s390x",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.x86_64",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.aarch64",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.ppc64le",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.s390x",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52565",
"url": "https://www.suse.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podmansh-4.9.5-150500.3.56.2.x86_64",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.aarch64",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.ppc64le",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.s390x",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.x86_64",
"openSUSE Leap 15.6:podman-docker-4.9.5-150500.3.56.2.noarch",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.aarch64",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.s390x",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.x86_64",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.aarch64",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.ppc64le",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.s390x",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podmansh-4.9.5-150500.3.56.2.x86_64",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.aarch64",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.ppc64le",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.s390x",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.x86_64",
"openSUSE Leap 15.6:podman-docker-4.9.5-150500.3.56.2.noarch",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.aarch64",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.s390x",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.x86_64",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.aarch64",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.ppc64le",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.s390x",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-12T12:49:35Z",
"details": "important"
}
],
"title": "CVE-2025-52565"
},
{
"cve": "CVE-2025-52881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52881"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podmansh-4.9.5-150500.3.56.2.x86_64",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.aarch64",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.ppc64le",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.s390x",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.x86_64",
"openSUSE Leap 15.6:podman-docker-4.9.5-150500.3.56.2.noarch",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.aarch64",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.s390x",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.x86_64",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.aarch64",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.ppc64le",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.s390x",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52881",
"url": "https://www.suse.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podmansh-4.9.5-150500.3.56.2.x86_64",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.aarch64",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.ppc64le",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.s390x",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.x86_64",
"openSUSE Leap 15.6:podman-docker-4.9.5-150500.3.56.2.noarch",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.aarch64",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.s390x",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.x86_64",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.aarch64",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.ppc64le",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.s390x",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Micro 5.5:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Micro 5.5:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Micro 5.5:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP6:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP7:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP7:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:podmansh-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-docker-4.9.5-150500.3.56.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podman-remote-4.9.5-150500.3.56.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podmansh-4.9.5-150500.3.56.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:podmansh-4.9.5-150500.3.56.2.x86_64",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.aarch64",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.ppc64le",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.s390x",
"openSUSE Leap 15.6:podman-4.9.5-150500.3.56.2.x86_64",
"openSUSE Leap 15.6:podman-docker-4.9.5-150500.3.56.2.noarch",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.aarch64",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.ppc64le",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.s390x",
"openSUSE Leap 15.6:podman-remote-4.9.5-150500.3.56.2.x86_64",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.aarch64",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.ppc64le",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.s390x",
"openSUSE Leap 15.6:podmansh-4.9.5-150500.3.56.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-12T12:49:35Z",
"details": "important"
}
],
"title": "CVE-2025-52881"
}
]
}
SUSE-SU-2026:0327-1
Vulnerability from csaf_suse - Published: 2026-01-28 15:38 - Updated: 2026-01-28 15:38Summary
Security update for alloy
Severity
Important
Notes
Title of the patch: Security update for alloy
Description of the patch: This update for alloy fixes the following issues:
Update to 1.12.2:
Security fixes:
- CVE-2025-68156: github.com/expr-lang/expr/builtin: Fixed potential DoS via unbounded recursion (bsc#1255333):
- CVE-2025-31133, CVE-2025-52565, CVE-2025-52881: github.com/opencontainers/runc: Fixed container
breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1255074)
Other fixes:
- Add missing configuration parameter
deployment_name_from_replicaset to k8sattributes processor
(5b90a9d) (@dehaansa)
- database_observability: Fix schema_details collector to fetch
column definitions with case sensitive table names (#4872)
(560dff4) (@jharvey10, @fridgepoet)
- deps: Update jose2go to 1.7.0 (#4858) (dfdd341) (@jharvey10)
- deps: Update npm dependencies [backport] (#5201) (8e06c26)
(@jharvey10)
- Ensure the squid exporter wrapper properly brackets ipv6
addresses [backport] (#5205) (e329cc6) (@dehaansa)
- Preserve meta labels in loki.source.podlogs (#5097) (ab4b21e)
(@kalleep)
- Prevent panic in import.git when update fails [backport]
(#5204) (c82fbae) (@dehaansa, @jharvey10)
- show correct fallback alloy version instead of v1.13.0
(#5110) (b72be99) (@dehaansa, @jharvey10)
Patchnames: SUSE-2026-327,SUSE-SLE-Module-Basesystem-15-SP7-2026-327
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for alloy",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for alloy fixes the following issues:\n\nUpdate to 1.12.2:\n\nSecurity fixes:\n\n- CVE-2025-68156: github.com/expr-lang/expr/builtin: Fixed potential DoS via unbounded recursion (bsc#1255333):\n- CVE-2025-31133, CVE-2025-52565, CVE-2025-52881: github.com/opencontainers/runc: Fixed container\n breakouts by bypassing runc\u0027s restrictions for writing to arbitrary /proc files (bsc#1255074)\n\nOther fixes:\n\n - Add missing configuration parameter\n deployment_name_from_replicaset to k8sattributes processor\n (5b90a9d) (@dehaansa)\n - database_observability: Fix schema_details collector to fetch\n column definitions with case sensitive table names (#4872)\n (560dff4) (@jharvey10, @fridgepoet)\n - deps: Update jose2go to 1.7.0 (#4858) (dfdd341) (@jharvey10)\n - deps: Update npm dependencies [backport] (#5201) (8e06c26)\n (@jharvey10)\n - Ensure the squid exporter wrapper properly brackets ipv6\n addresses [backport] (#5205) (e329cc6) (@dehaansa)\n - Preserve meta labels in loki.source.podlogs (#5097) (ab4b21e)\n (@kalleep)\n - Prevent panic in import.git when update fails [backport]\n (#5204) (c82fbae) (@dehaansa, @jharvey10)\n - show correct fallback alloy version instead of v1.13.0\n (#5110) (b72be99) (@dehaansa, @jharvey10)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-327,SUSE-SLE-Module-Basesystem-15-SP7-2026-327",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0327-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0327-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260327-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0327-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023974.html"
},
{
"category": "self",
"summary": "SUSE Bug 1255074",
"url": "https://bugzilla.suse.com/1255074"
},
{
"category": "self",
"summary": "SUSE Bug 1255333",
"url": "https://bugzilla.suse.com/1255333"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31133 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52565 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52565/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68156 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68156/"
}
],
"title": "Security update for alloy",
"tracking": {
"current_release_date": "2026-01-28T15:38:58Z",
"generator": {
"date": "2026-01-28T15:38:58Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0327-1",
"initial_release_date": "2026-01-28T15:38:58Z",
"revision_history": [
{
"date": "2026-01-28T15:38:58Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "alloy-1.12.2-150700.15.15.1.aarch64",
"product": {
"name": "alloy-1.12.2-150700.15.15.1.aarch64",
"product_id": "alloy-1.12.2-150700.15.15.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "alloy-1.12.2-150700.15.15.1.ppc64le",
"product": {
"name": "alloy-1.12.2-150700.15.15.1.ppc64le",
"product_id": "alloy-1.12.2-150700.15.15.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "alloy-1.12.2-150700.15.15.1.s390x",
"product": {
"name": "alloy-1.12.2-150700.15.15.1.s390x",
"product_id": "alloy-1.12.2-150700.15.15.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "alloy-1.12.2-150700.15.15.1.x86_64",
"product": {
"name": "alloy-1.12.2-150700.15.15.1.x86_64",
"product_id": "alloy-1.12.2-150700.15.15.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.12.2-150700.15.15.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.aarch64"
},
"product_reference": "alloy-1.12.2-150700.15.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.12.2-150700.15.15.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.ppc64le"
},
"product_reference": "alloy-1.12.2-150700.15.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.12.2-150700.15.15.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.s390x"
},
"product_reference": "alloy-1.12.2-150700.15.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.12.2-150700.15.15.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.x86_64"
},
"product_reference": "alloy-1.12.2-150700.15.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31133"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container\u0027s /dev/null) was actually a real /dev/null inode when using the container\u0027s /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31133",
"url": "https://www.suse.com/security/cve/CVE-2025-31133"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T15:38:58Z",
"details": "important"
}
],
"title": "CVE-2025-31133"
},
{
"cve": "CVE-2025-52565",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52565"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52565",
"url": "https://www.suse.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T15:38:58Z",
"details": "important"
}
],
"title": "CVE-2025-52565"
},
{
"cve": "CVE-2025-52881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52881"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52881",
"url": "https://www.suse.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T15:38:58Z",
"details": "important"
}
],
"title": "CVE-2025-52881"
},
{
"cve": "CVE-2025-68156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68156"
}
],
"notes": [
{
"category": "general",
"text": "Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation environment contains deeply nested or cyclic data structures, these functions may recurse indefinitely until exceed the Go runtime stack limit. This results in a stack overflow panic, causing the host application to crash. While exploitability depends on whether an attacker can influence or inject cyclic or pathologically deep data into the\nevaluation environment, this behavior represents a denial-of-service (DoS) risk and affects overall library robustness. Instead of returning a recoverable evaluation error, the process may terminate unexpectedly. In affected versions, evaluation of expressions that invoke certain builtin functions on untrusted or insufficiently validated data structures can lead to a process-level crash due to stack exhaustion. This issue is most relevant in scenarios where Expr is used to evaluate expressions against externally supplied or dynamically constructed environments; cyclic references (directly or indirectly) can be introduced into arrays, maps, or structs; and there are no application-level safeguards preventing deeply nested input data. In typical use cases with controlled, acyclic data, the issue may not manifest. However, when present, the resulting panic can be used to reliably crash the application, constituting a denial of service. The issue has been fixed in the v1.17.7 versions of Expr. The patch introduces a maximum recursion depth limit for affected builtin functions. When this limit is exceeded, evaluation aborts gracefully and returns a descriptive error instead of panicking. Additionally, the maximum depth can be customized by users via `builtin.MaxDepth`, allowing applications with legitimate deep structures to raise the limit in a controlled manner. Users are strongly encouraged to upgrade to the patched release, which includes both the recursion guard and comprehensive test coverage to prevent regressions. For users who cannot immediately upgrade, some mitigations are recommended. Ensure that evaluation environments cannot contain cyclic references, validate or sanitize externally supplied data structures before passing them to Expr, and/or wrap expression evaluation with panic recovery to prevent a full process crash (as a last-resort defensive measure). These workarounds reduce risk but do not fully eliminate the issue without the patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68156",
"url": "https://www.suse.com/security/cve/CVE-2025-68156"
},
{
"category": "external",
"summary": "SUSE Bug 1255330 for CVE-2025-68156",
"url": "https://bugzilla.suse.com/1255330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP7:alloy-1.12.2-150700.15.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-28T15:38:58Z",
"details": "important"
}
],
"title": "CVE-2025-68156"
}
]
}
SUSE-SU-2026:20103-1
Vulnerability from csaf_suse - Published: 2026-01-21 11:08 - Updated: 2026-01-21 11:08Summary
Security update for podman
Severity
Important
Notes
Title of the patch: Security update for podman
Description of the patch: This update for podman fixes the following issues:
- CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1252376).
- CVE-2025-9566: kube play command may overwrite host files (bsc#1249154).
Patchnames: SUSE-SLES-16.0-161
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for podman",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for podman fixes the following issues:\n\n- CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: container breakouts by bypassing runc\u0027s restrictions for writing to arbitrary /proc files (bsc#1252376).\n- CVE-2025-9566: kube play command may overwrite host files (bsc#1249154).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-161",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20103-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20103-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620103-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20103-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023881.html"
},
{
"category": "self",
"summary": "SUSE Bug 1249154",
"url": "https://bugzilla.suse.com/1249154"
},
{
"category": "self",
"summary": "SUSE Bug 1252376",
"url": "https://bugzilla.suse.com/1252376"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31133 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52565 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52565/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-9566 page",
"url": "https://www.suse.com/security/cve/CVE-2025-9566/"
}
],
"title": "Security update for podman",
"tracking": {
"current_release_date": "2026-01-21T11:08:51Z",
"generator": {
"date": "2026-01-21T11:08:51Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20103-1",
"initial_release_date": "2026-01-21T11:08:51Z",
"revision_history": [
{
"date": "2026-01-21T11:08:51Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.3.1.aarch64",
"product": {
"name": "podman-5.4.2-160000.3.1.aarch64",
"product_id": "podman-5.4.2-160000.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.3.1.aarch64",
"product": {
"name": "podman-remote-5.4.2-160000.3.1.aarch64",
"product_id": "podman-remote-5.4.2-160000.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.3.1.aarch64",
"product": {
"name": "podmansh-5.4.2-160000.3.1.aarch64",
"product_id": "podmansh-5.4.2-160000.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-docker-5.4.2-160000.3.1.noarch",
"product": {
"name": "podman-docker-5.4.2-160000.3.1.noarch",
"product_id": "podman-docker-5.4.2-160000.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.3.1.ppc64le",
"product": {
"name": "podman-5.4.2-160000.3.1.ppc64le",
"product_id": "podman-5.4.2-160000.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.3.1.ppc64le",
"product": {
"name": "podman-remote-5.4.2-160000.3.1.ppc64le",
"product_id": "podman-remote-5.4.2-160000.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.3.1.ppc64le",
"product": {
"name": "podmansh-5.4.2-160000.3.1.ppc64le",
"product_id": "podmansh-5.4.2-160000.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.3.1.s390x",
"product": {
"name": "podman-5.4.2-160000.3.1.s390x",
"product_id": "podman-5.4.2-160000.3.1.s390x"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.3.1.s390x",
"product": {
"name": "podman-remote-5.4.2-160000.3.1.s390x",
"product_id": "podman-remote-5.4.2-160000.3.1.s390x"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.3.1.s390x",
"product": {
"name": "podmansh-5.4.2-160000.3.1.s390x",
"product_id": "podmansh-5.4.2-160000.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.3.1.x86_64",
"product": {
"name": "podman-5.4.2-160000.3.1.x86_64",
"product_id": "podman-5.4.2-160000.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.3.1.x86_64",
"product": {
"name": "podman-remote-5.4.2-160000.3.1.x86_64",
"product_id": "podman-remote-5.4.2-160000.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.3.1.x86_64",
"product": {
"name": "podmansh-5.4.2-160000.3.1.x86_64",
"product_id": "podmansh-5.4.2-160000.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.3.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.aarch64"
},
"product_reference": "podman-5.4.2-160000.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.3.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.ppc64le"
},
"product_reference": "podman-5.4.2-160000.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.3.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.s390x"
},
"product_reference": "podman-5.4.2-160000.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.3.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.x86_64"
},
"product_reference": "podman-5.4.2-160000.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-5.4.2-160000.3.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.3.1.noarch"
},
"product_reference": "podman-docker-5.4.2-160000.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.3.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.aarch64"
},
"product_reference": "podman-remote-5.4.2-160000.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.3.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.ppc64le"
},
"product_reference": "podman-remote-5.4.2-160000.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.3.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.s390x"
},
"product_reference": "podman-remote-5.4.2-160000.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.3.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.x86_64"
},
"product_reference": "podman-remote-5.4.2-160000.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.3.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.aarch64"
},
"product_reference": "podmansh-5.4.2-160000.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.3.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.ppc64le"
},
"product_reference": "podmansh-5.4.2-160000.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.3.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.s390x"
},
"product_reference": "podmansh-5.4.2-160000.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.3.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.x86_64"
},
"product_reference": "podmansh-5.4.2-160000.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.aarch64"
},
"product_reference": "podman-5.4.2-160000.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.ppc64le"
},
"product_reference": "podman-5.4.2-160000.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.3.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.s390x"
},
"product_reference": "podman-5.4.2-160000.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.x86_64"
},
"product_reference": "podman-5.4.2-160000.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-5.4.2-160000.3.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.3.1.noarch"
},
"product_reference": "podman-docker-5.4.2-160000.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.aarch64"
},
"product_reference": "podman-remote-5.4.2-160000.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.ppc64le"
},
"product_reference": "podman-remote-5.4.2-160000.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.3.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.s390x"
},
"product_reference": "podman-remote-5.4.2-160000.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.x86_64"
},
"product_reference": "podman-remote-5.4.2-160000.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.aarch64"
},
"product_reference": "podmansh-5.4.2-160000.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.3.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.ppc64le"
},
"product_reference": "podmansh-5.4.2-160000.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.3.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.s390x"
},
"product_reference": "podmansh-5.4.2-160000.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.3.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.x86_64"
},
"product_reference": "podmansh-5.4.2-160000.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31133"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container\u0027s /dev/null) was actually a real /dev/null inode when using the container\u0027s /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31133",
"url": "https://www.suse.com/security/cve/CVE-2025-31133"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-21T11:08:51Z",
"details": "important"
}
],
"title": "CVE-2025-31133"
},
{
"cve": "CVE-2025-52565",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52565"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52565",
"url": "https://www.suse.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-21T11:08:51Z",
"details": "important"
}
],
"title": "CVE-2025-52565"
},
{
"cve": "CVE-2025-52881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52881"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52881",
"url": "https://www.suse.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-21T11:08:51Z",
"details": "important"
}
],
"title": "CVE-2025-52881"
},
{
"cve": "CVE-2025-9566",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-9566"
}
],
"notes": [
{
"category": "general",
"text": "There\u0027s a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file.\n\nBinary-Affected: podman\nUpstream-version-introduced: v4.0.0\nUpstream-version-fixed: v5.6.1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-9566",
"url": "https://www.suse.com/security/cve/CVE-2025-9566"
},
{
"category": "external",
"summary": "SUSE Bug 1249154 for CVE-2025-9566",
"url": "https://bugzilla.suse.com/1249154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-21T11:08:51Z",
"details": "important"
}
],
"title": "CVE-2025-9566"
}
]
}
SUSE-SU-2026:20116-1
Vulnerability from csaf_suse - Published: 2026-01-21 11:08 - Updated: 2026-01-21 11:08Summary
Security update for podman
Severity
Important
Notes
Title of the patch: Security update for podman
Description of the patch: This update for podman fixes the following issues:
- CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1252376).
- CVE-2025-9566: kube play command may overwrite host files (bsc#1249154).
Patchnames: SUSE-SL-Micro-6.2-161
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for podman",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for podman fixes the following issues:\n\n- CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: container breakouts by bypassing runc\u0027s restrictions for writing to arbitrary /proc files (bsc#1252376).\n- CVE-2025-9566: kube play command may overwrite host files (bsc#1249154).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SL-Micro-6.2-161",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20116-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20116-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620116-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20116-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023875.html"
},
{
"category": "self",
"summary": "SUSE Bug 1249154",
"url": "https://bugzilla.suse.com/1249154"
},
{
"category": "self",
"summary": "SUSE Bug 1252376",
"url": "https://bugzilla.suse.com/1252376"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31133 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52565 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52565/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-9566 page",
"url": "https://www.suse.com/security/cve/CVE-2025-9566/"
}
],
"title": "Security update for podman",
"tracking": {
"current_release_date": "2026-01-21T11:08:51Z",
"generator": {
"date": "2026-01-21T11:08:51Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20116-1",
"initial_release_date": "2026-01-21T11:08:51Z",
"revision_history": [
{
"date": "2026-01-21T11:08:51Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.3.1.aarch64",
"product": {
"name": "podman-5.4.2-160000.3.1.aarch64",
"product_id": "podman-5.4.2-160000.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.3.1.aarch64",
"product": {
"name": "podman-remote-5.4.2-160000.3.1.aarch64",
"product_id": "podman-remote-5.4.2-160000.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.3.1.aarch64",
"product": {
"name": "podmansh-5.4.2-160000.3.1.aarch64",
"product_id": "podmansh-5.4.2-160000.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-docker-5.4.2-160000.3.1.noarch",
"product": {
"name": "podman-docker-5.4.2-160000.3.1.noarch",
"product_id": "podman-docker-5.4.2-160000.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.3.1.ppc64le",
"product": {
"name": "podman-5.4.2-160000.3.1.ppc64le",
"product_id": "podman-5.4.2-160000.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.3.1.ppc64le",
"product": {
"name": "podman-remote-5.4.2-160000.3.1.ppc64le",
"product_id": "podman-remote-5.4.2-160000.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.3.1.ppc64le",
"product": {
"name": "podmansh-5.4.2-160000.3.1.ppc64le",
"product_id": "podmansh-5.4.2-160000.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.3.1.s390x",
"product": {
"name": "podman-5.4.2-160000.3.1.s390x",
"product_id": "podman-5.4.2-160000.3.1.s390x"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.3.1.s390x",
"product": {
"name": "podman-remote-5.4.2-160000.3.1.s390x",
"product_id": "podman-remote-5.4.2-160000.3.1.s390x"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.3.1.s390x",
"product": {
"name": "podmansh-5.4.2-160000.3.1.s390x",
"product_id": "podmansh-5.4.2-160000.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.3.1.x86_64",
"product": {
"name": "podman-5.4.2-160000.3.1.x86_64",
"product_id": "podman-5.4.2-160000.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.3.1.x86_64",
"product": {
"name": "podman-remote-5.4.2-160000.3.1.x86_64",
"product_id": "podman-remote-5.4.2-160000.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.3.1.x86_64",
"product": {
"name": "podmansh-5.4.2-160000.3.1.x86_64",
"product_id": "podmansh-5.4.2-160000.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.2",
"product": {
"name": "SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:transactional"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.3.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.aarch64"
},
"product_reference": "podman-5.4.2-160000.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.3.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.ppc64le"
},
"product_reference": "podman-5.4.2-160000.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.3.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.s390x"
},
"product_reference": "podman-5.4.2-160000.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.3.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.x86_64"
},
"product_reference": "podman-5.4.2-160000.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-5.4.2-160000.3.1.noarch as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.3.1.noarch"
},
"product_reference": "podman-docker-5.4.2-160000.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.3.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.aarch64"
},
"product_reference": "podman-remote-5.4.2-160000.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.3.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.ppc64le"
},
"product_reference": "podman-remote-5.4.2-160000.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.3.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.s390x"
},
"product_reference": "podman-remote-5.4.2-160000.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.3.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.x86_64"
},
"product_reference": "podman-remote-5.4.2-160000.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.3.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.aarch64"
},
"product_reference": "podmansh-5.4.2-160000.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.3.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.ppc64le"
},
"product_reference": "podmansh-5.4.2-160000.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.3.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.s390x"
},
"product_reference": "podmansh-5.4.2-160000.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.3.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.x86_64"
},
"product_reference": "podmansh-5.4.2-160000.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31133"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container\u0027s /dev/null) was actually a real /dev/null inode when using the container\u0027s /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31133",
"url": "https://www.suse.com/security/cve/CVE-2025-31133"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-21T11:08:51Z",
"details": "important"
}
],
"title": "CVE-2025-31133"
},
{
"cve": "CVE-2025-52565",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52565"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52565",
"url": "https://www.suse.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-21T11:08:51Z",
"details": "important"
}
],
"title": "CVE-2025-52565"
},
{
"cve": "CVE-2025-52881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52881"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52881",
"url": "https://www.suse.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-21T11:08:51Z",
"details": "important"
}
],
"title": "CVE-2025-52881"
},
{
"cve": "CVE-2025-9566",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-9566"
}
],
"notes": [
{
"category": "general",
"text": "There\u0027s a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file.\n\nBinary-Affected: podman\nUpstream-version-introduced: v4.0.0\nUpstream-version-fixed: v5.6.1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-9566",
"url": "https://www.suse.com/security/cve/CVE-2025-9566"
},
{
"category": "external",
"summary": "SUSE Bug 1249154 for CVE-2025-9566",
"url": "https://bugzilla.suse.com/1249154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.3.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.3.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-21T11:08:51Z",
"details": "important"
}
],
"title": "CVE-2025-9566"
}
]
}
SUSE-SU-2026:20123-1
Vulnerability from csaf_suse - Published: 2026-01-22 13:01 - Updated: 2026-01-22 13:01Summary
Security update for buildah
Severity
Important
Notes
Title of the patch: Security update for buildah
Description of the patch: This update for buildah fixes the following issues:
- CVE-2025-47914: golang.org/x/crypto/ssh/agent: Fixed non validated message size causing a panic due to an out
of bounds read (bsc#1254054)
- CVE-2025-47913: golang.org/x/crypto/ssh/agent: Fixed client process termination when receiving an unexpected
message type in response to a key listing or signing request (bsc#1253598)
- CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Fixed container breakouts by bypassing runc's restrictions for writing to arbitrary /proc
files (bsc#1253096)
Other fixes:
- Updated to version 1.39.5.
Patchnames: SUSE-SLES-16.0-169
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
25 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for buildah",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for buildah fixes the following issues:\n\n- CVE-2025-47914: golang.org/x/crypto/ssh/agent: Fixed non validated message size causing a panic due to an out\n of bounds read (bsc#1254054)\n- CVE-2025-47913: golang.org/x/crypto/ssh/agent: Fixed client process termination when receiving an unexpected\n message type in response to a key listing or signing request (bsc#1253598)\n- CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Fixed container breakouts by bypassing runc\u0027s restrictions for writing to arbitrary /proc\n files (bsc#1253096)\n\nOther fixes:\n\n- Updated to version 1.39.5.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-169",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20123-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20123-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620123-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20123-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-January/043749.html"
},
{
"category": "self",
"summary": "SUSE Bug 1253096",
"url": "https://bugzilla.suse.com/1253096"
},
{
"category": "self",
"summary": "SUSE Bug 1253598",
"url": "https://bugzilla.suse.com/1253598"
},
{
"category": "self",
"summary": "SUSE Bug 1254054",
"url": "https://bugzilla.suse.com/1254054"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31133 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52565 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52565/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52881/"
}
],
"title": "Security update for buildah",
"tracking": {
"current_release_date": "2026-01-22T13:01:23Z",
"generator": {
"date": "2026-01-22T13:01:23Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20123-1",
"initial_release_date": "2026-01-22T13:01:23Z",
"revision_history": [
{
"date": "2026-01-22T13:01:23Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.39.5-160000.1.1.aarch64",
"product": {
"name": "buildah-1.39.5-160000.1.1.aarch64",
"product_id": "buildah-1.39.5-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.39.5-160000.1.1.ppc64le",
"product": {
"name": "buildah-1.39.5-160000.1.1.ppc64le",
"product_id": "buildah-1.39.5-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.39.5-160000.1.1.s390x",
"product": {
"name": "buildah-1.39.5-160000.1.1.s390x",
"product_id": "buildah-1.39.5-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "buildah-1.39.5-160000.1.1.x86_64",
"product": {
"name": "buildah-1.39.5-160000.1.1.x86_64",
"product_id": "buildah-1.39.5-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.39.5-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64"
},
"product_reference": "buildah-1.39.5-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.39.5-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le"
},
"product_reference": "buildah-1.39.5-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.39.5-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x"
},
"product_reference": "buildah-1.39.5-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.39.5-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64"
},
"product_reference": "buildah-1.39.5-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.39.5-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64"
},
"product_reference": "buildah-1.39.5-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.39.5-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le"
},
"product_reference": "buildah-1.39.5-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.39.5-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x"
},
"product_reference": "buildah-1.39.5-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "buildah-1.39.5-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
},
"product_reference": "buildah-1.39.5-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31133"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container\u0027s /dev/null) was actually a real /dev/null inode when using the container\u0027s /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31133",
"url": "https://www.suse.com/security/cve/CVE-2025-31133"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T13:01:23Z",
"details": "important"
}
],
"title": "CVE-2025-31133"
},
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T13:01:23Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2025-47914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47914"
}
],
"notes": [
{
"category": "general",
"text": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47914",
"url": "https://www.suse.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "SUSE Bug 1253967 for CVE-2025-47914",
"url": "https://bugzilla.suse.com/1253967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T13:01:23Z",
"details": "moderate"
}
],
"title": "CVE-2025-47914"
},
{
"cve": "CVE-2025-52565",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52565"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52565",
"url": "https://www.suse.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T13:01:23Z",
"details": "important"
}
],
"title": "CVE-2025-52565"
},
{
"cve": "CVE-2025-52881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52881"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52881",
"url": "https://www.suse.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:buildah-1.39.5-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:buildah-1.39.5-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-22T13:01:23Z",
"details": "important"
}
],
"title": "CVE-2025-52881"
}
]
}
SUSE-SU-2026:20214-1
Vulnerability from csaf_suse - Published: 2026-01-30 14:35 - Updated: 2026-01-30 14:35Summary
Security update for alloy
Severity
Important
Notes
Title of the patch: Security update for alloy
Description of the patch: This update for alloy fixes the following issues:
Update to 1.12.2:
Security fixes:
- CVE-2025-68156: github.com/expr-lang/expr/builtin: Fixed potential DoS via unbounded recursion (bsc#1255333):
- CVE-2025-31133, CVE-2025-52565, CVE-2025-52881: github.com/opencontainers/runc: Fixed container
breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1255074)
Other fixes:
- Add missing configuration parameter
deployment_name_from_replicaset to k8sattributes processor
(5b90a9d) (@dehaansa)
- database_observability: Fix schema_details collector to fetch
column definitions with case sensitive table names (#4872)
(560dff4) (@jharvey10, @fridgepoet)
- deps: Update jose2go to 1.7.0 (#4858) (dfdd341) (@jharvey10)
- deps: Update npm dependencies [backport] (#5201) (8e06c26)
(@jharvey10)
- Ensure the squid exporter wrapper properly brackets ipv6
addresses [backport] (#5205) (e329cc6) (@dehaansa)
- Preserve meta labels in loki.source.podlogs (#5097) (ab4b21e)
(@kalleep)
- Prevent panic in import.git when update fails [backport]
(#5204) (c82fbae) (@dehaansa, @jharvey10)
- show correct fallback alloy version instead of v1.13.0
(#5110) (b72be99) (@dehaansa, @jharvey10)
Patchnames: SUSE-SLES-16.0-225
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
21 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for alloy",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for alloy fixes the following issues:\n\nUpdate to 1.12.2:\n\nSecurity fixes:\n\n- CVE-2025-68156: github.com/expr-lang/expr/builtin: Fixed potential DoS via unbounded recursion (bsc#1255333):\n- CVE-2025-31133, CVE-2025-52565, CVE-2025-52881: github.com/opencontainers/runc: Fixed container\n breakouts by bypassing runc\u0027s restrictions for writing to arbitrary /proc files (bsc#1255074)\n\nOther fixes:\n\n - Add missing configuration parameter\n deployment_name_from_replicaset to k8sattributes processor\n (5b90a9d) (@dehaansa)\n - database_observability: Fix schema_details collector to fetch\n column definitions with case sensitive table names (#4872)\n (560dff4) (@jharvey10, @fridgepoet)\n - deps: Update jose2go to 1.7.0 (#4858) (dfdd341) (@jharvey10)\n - deps: Update npm dependencies [backport] (#5201) (8e06c26)\n (@jharvey10)\n - Ensure the squid exporter wrapper properly brackets ipv6\n addresses [backport] (#5205) (e329cc6) (@dehaansa)\n - Preserve meta labels in loki.source.podlogs (#5097) (ab4b21e)\n (@kalleep)\n - Prevent panic in import.git when update fails [backport]\n (#5204) (c82fbae) (@dehaansa, @jharvey10)\n - show correct fallback alloy version instead of v1.13.0\n (#5110) (b72be99) (@dehaansa, @jharvey10)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-225",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20214-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20214-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620214-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20214-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024072.html"
},
{
"category": "self",
"summary": "SUSE Bug 1255074",
"url": "https://bugzilla.suse.com/1255074"
},
{
"category": "self",
"summary": "SUSE Bug 1255333",
"url": "https://bugzilla.suse.com/1255333"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31133 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52565 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52565/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68156 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68156/"
}
],
"title": "Security update for alloy",
"tracking": {
"current_release_date": "2026-01-30T14:35:10Z",
"generator": {
"date": "2026-01-30T14:35:10Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20214-1",
"initial_release_date": "2026-01-30T14:35:10Z",
"revision_history": [
{
"date": "2026-01-30T14:35:10Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "alloy-1.12.2-160000.1.1.aarch64",
"product": {
"name": "alloy-1.12.2-160000.1.1.aarch64",
"product_id": "alloy-1.12.2-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "alloy-1.12.2-160000.1.1.ppc64le",
"product": {
"name": "alloy-1.12.2-160000.1.1.ppc64le",
"product_id": "alloy-1.12.2-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "alloy-1.12.2-160000.1.1.s390x",
"product": {
"name": "alloy-1.12.2-160000.1.1.s390x",
"product_id": "alloy-1.12.2-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "alloy-1.12.2-160000.1.1.x86_64",
"product": {
"name": "alloy-1.12.2-160000.1.1.x86_64",
"product_id": "alloy-1.12.2-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.12.2-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.aarch64"
},
"product_reference": "alloy-1.12.2-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.12.2-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.ppc64le"
},
"product_reference": "alloy-1.12.2-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.12.2-160000.1.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.s390x"
},
"product_reference": "alloy-1.12.2-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.12.2-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.x86_64"
},
"product_reference": "alloy-1.12.2-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.12.2-160000.1.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.aarch64"
},
"product_reference": "alloy-1.12.2-160000.1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.12.2-160000.1.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.ppc64le"
},
"product_reference": "alloy-1.12.2-160000.1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.12.2-160000.1.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.s390x"
},
"product_reference": "alloy-1.12.2-160000.1.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "alloy-1.12.2-160000.1.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.x86_64"
},
"product_reference": "alloy-1.12.2-160000.1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-31133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31133"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container\u0027s /dev/null) was actually a real /dev/null inode when using the container\u0027s /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31133",
"url": "https://www.suse.com/security/cve/CVE-2025-31133"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-30T14:35:10Z",
"details": "important"
}
],
"title": "CVE-2025-31133"
},
{
"cve": "CVE-2025-52565",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52565"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52565",
"url": "https://www.suse.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-30T14:35:10Z",
"details": "important"
}
],
"title": "CVE-2025-52565"
},
{
"cve": "CVE-2025-52881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52881"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52881",
"url": "https://www.suse.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-30T14:35:10Z",
"details": "important"
}
],
"title": "CVE-2025-52881"
},
{
"cve": "CVE-2025-68156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68156"
}
],
"notes": [
{
"category": "general",
"text": "Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation environment contains deeply nested or cyclic data structures, these functions may recurse indefinitely until exceed the Go runtime stack limit. This results in a stack overflow panic, causing the host application to crash. While exploitability depends on whether an attacker can influence or inject cyclic or pathologically deep data into the\nevaluation environment, this behavior represents a denial-of-service (DoS) risk and affects overall library robustness. Instead of returning a recoverable evaluation error, the process may terminate unexpectedly. In affected versions, evaluation of expressions that invoke certain builtin functions on untrusted or insufficiently validated data structures can lead to a process-level crash due to stack exhaustion. This issue is most relevant in scenarios where Expr is used to evaluate expressions against externally supplied or dynamically constructed environments; cyclic references (directly or indirectly) can be introduced into arrays, maps, or structs; and there are no application-level safeguards preventing deeply nested input data. In typical use cases with controlled, acyclic data, the issue may not manifest. However, when present, the resulting panic can be used to reliably crash the application, constituting a denial of service. The issue has been fixed in the v1.17.7 versions of Expr. The patch introduces a maximum recursion depth limit for affected builtin functions. When this limit is exceeded, evaluation aborts gracefully and returns a descriptive error instead of panicking. Additionally, the maximum depth can be customized by users via `builtin.MaxDepth`, allowing applications with legitimate deep structures to raise the limit in a controlled manner. Users are strongly encouraged to upgrade to the patched release, which includes both the recursion guard and comprehensive test coverage to prevent regressions. For users who cannot immediately upgrade, some mitigations are recommended. Ensure that evaluation environments cannot contain cyclic references, validate or sanitize externally supplied data structures before passing them to Expr, and/or wrap expression evaluation with panic recovery to prevent a full process crash (as a last-resort defensive measure). These workarounds reduce risk but do not fully eliminate the issue without the patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68156",
"url": "https://www.suse.com/security/cve/CVE-2025-68156"
},
{
"category": "external",
"summary": "SUSE Bug 1255330 for CVE-2025-68156",
"url": "https://bugzilla.suse.com/1255330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server 16.0:alloy-1.12.2-160000.1.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:alloy-1.12.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-30T14:35:10Z",
"details": "important"
}
],
"title": "CVE-2025-68156"
}
]
}
SUSE-SU-2026:20626-1
Vulnerability from csaf_suse - Published: 2026-03-03 16:04 - Updated: 2026-03-03 16:04Summary
Security update for podman
Severity
Important
Notes
Title of the patch: Security update for podman
Description of the patch: This update for podman fixes the following issues:
Changes in podman:
- Add symlink to catatonit in /usr/libexec/podman (bsc#1248988)
- CVE-2025-47914: Fixed golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read (bsc#1253993)
- CVE-2025-47913: Fixed golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253542):
- CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Fixed runc: Container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1252376):
- CVE-2025-9566: Fixed that podman kube play command may overwrite host files (bsc#1249154):
Patchnames: SUSE-SLES-16.0-343
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.3 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
26 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
36 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for podman",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for podman fixes the following issues:\n\nChanges in podman:\n\n- Add symlink to catatonit in /usr/libexec/podman (bsc#1248988)\n\n- CVE-2025-47914: Fixed golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read (bsc#1253993)\n- CVE-2025-47913: Fixed golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253542):\n\n- CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Fixed runc: Container breakouts by bypassing runc\u0027s restrictions for writing to arbitrary /proc files (bsc#1252376):\n- CVE-2025-9566: Fixed that podman kube play command may overwrite host files (bsc#1249154):\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-343",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20626-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20626-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620626-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20626-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024648.html"
},
{
"category": "self",
"summary": "SUSE Bug 1248988",
"url": "https://bugzilla.suse.com/1248988"
},
{
"category": "self",
"summary": "SUSE Bug 1249154",
"url": "https://bugzilla.suse.com/1249154"
},
{
"category": "self",
"summary": "SUSE Bug 1252376",
"url": "https://bugzilla.suse.com/1252376"
},
{
"category": "self",
"summary": "SUSE Bug 1253542",
"url": "https://bugzilla.suse.com/1253542"
},
{
"category": "self",
"summary": "SUSE Bug 1253993",
"url": "https://bugzilla.suse.com/1253993"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31133 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52565 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52565/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-6032 page",
"url": "https://www.suse.com/security/cve/CVE-2025-6032/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-9566 page",
"url": "https://www.suse.com/security/cve/CVE-2025-9566/"
}
],
"title": "Security update for podman",
"tracking": {
"current_release_date": "2026-03-03T16:04:58Z",
"generator": {
"date": "2026-03-03T16:04:58Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20626-1",
"initial_release_date": "2026-03-03T16:04:58Z",
"revision_history": [
{
"date": "2026-03-03T16:04:58Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.4.1.aarch64",
"product": {
"name": "podman-5.4.2-160000.4.1.aarch64",
"product_id": "podman-5.4.2-160000.4.1.aarch64"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.4.1.aarch64",
"product": {
"name": "podman-remote-5.4.2-160000.4.1.aarch64",
"product_id": "podman-remote-5.4.2-160000.4.1.aarch64"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.4.1.aarch64",
"product": {
"name": "podmansh-5.4.2-160000.4.1.aarch64",
"product_id": "podmansh-5.4.2-160000.4.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-docker-5.4.2-160000.4.1.noarch",
"product": {
"name": "podman-docker-5.4.2-160000.4.1.noarch",
"product_id": "podman-docker-5.4.2-160000.4.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.4.1.ppc64le",
"product": {
"name": "podman-5.4.2-160000.4.1.ppc64le",
"product_id": "podman-5.4.2-160000.4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.4.1.ppc64le",
"product": {
"name": "podman-remote-5.4.2-160000.4.1.ppc64le",
"product_id": "podman-remote-5.4.2-160000.4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.4.1.ppc64le",
"product": {
"name": "podmansh-5.4.2-160000.4.1.ppc64le",
"product_id": "podmansh-5.4.2-160000.4.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.4.1.s390x",
"product": {
"name": "podman-5.4.2-160000.4.1.s390x",
"product_id": "podman-5.4.2-160000.4.1.s390x"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.4.1.s390x",
"product": {
"name": "podman-remote-5.4.2-160000.4.1.s390x",
"product_id": "podman-remote-5.4.2-160000.4.1.s390x"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.4.1.s390x",
"product": {
"name": "podmansh-5.4.2-160000.4.1.s390x",
"product_id": "podmansh-5.4.2-160000.4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.4.1.x86_64",
"product": {
"name": "podman-5.4.2-160000.4.1.x86_64",
"product_id": "podman-5.4.2-160000.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.4.1.x86_64",
"product": {
"name": "podman-remote-5.4.2-160000.4.1.x86_64",
"product_id": "podman-remote-5.4.2-160000.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.4.1.x86_64",
"product": {
"name": "podmansh-5.4.2-160000.4.1.x86_64",
"product_id": "podmansh-5.4.2-160000.4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podman-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podman-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x"
},
"product_reference": "podman-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podman-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-5.4.2-160000.4.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch"
},
"product_reference": "podman-docker-5.4.2-160000.4.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podmansh-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podmansh-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.s390x as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x"
},
"product_reference": "podmansh-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podmansh-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podman-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podman-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x"
},
"product_reference": "podman-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podman-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-5.4.2-160000.4.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch"
},
"product_reference": "podman-docker-5.4.2-160000.4.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podmansh-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podmansh-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x"
},
"product_reference": "podmansh-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podmansh-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22869"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22869",
"url": "https://www.suse.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "SUSE Bug 1239322 for CVE-2025-22869",
"url": "https://bugzilla.suse.com/1239322"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-22869"
},
{
"cve": "CVE-2025-31133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31133"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container\u0027s /dev/null) was actually a real /dev/null inode when using the container\u0027s /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31133",
"url": "https://www.suse.com/security/cve/CVE-2025-31133"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-31133"
},
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2025-47914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47914"
}
],
"notes": [
{
"category": "general",
"text": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47914",
"url": "https://www.suse.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "SUSE Bug 1253967 for CVE-2025-47914",
"url": "https://bugzilla.suse.com/1253967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-47914"
},
{
"cve": "CVE-2025-52565",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52565"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52565",
"url": "https://www.suse.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-52565"
},
{
"cve": "CVE-2025-52881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52881"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52881",
"url": "https://www.suse.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-52881"
},
{
"cve": "CVE-2025-6032",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-6032"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-6032",
"url": "https://www.suse.com/security/cve/CVE-2025-6032"
},
{
"category": "external",
"summary": "SUSE Bug 1245320 for CVE-2025-6032",
"url": "https://bugzilla.suse.com/1245320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-6032"
},
{
"cve": "CVE-2025-9566",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-9566"
}
],
"notes": [
{
"category": "general",
"text": "There\u0027s a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file.\n\nBinary-Affected: podman\nUpstream-version-introduced: v4.0.0\nUpstream-version-fixed: v5.6.1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-9566",
"url": "https://www.suse.com/security/cve/CVE-2025-9566"
},
{
"category": "external",
"summary": "SUSE Bug 1249154 for CVE-2025-9566",
"url": "https://bugzilla.suse.com/1249154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server 16.0:podmansh-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Enterprise Server for SAP applications 16.0:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-9566"
}
]
}
SUSE-SU-2026:20641-1
Vulnerability from csaf_suse - Published: 2026-03-03 16:04 - Updated: 2026-03-03 16:04Summary
Security update for podman
Severity
Important
Notes
Title of the patch: Security update for podman
Description of the patch: This update for podman fixes the following issues:
Changes in podman:
- Add symlink to catatonit in /usr/libexec/podman (bsc#1248988)
- CVE-2025-47914: Fixed golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read (bsc#1253993)
- CVE-2025-47913: Fixed golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253542):
- CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Fixed runc: Container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1252376):
- CVE-2025-9566: Fixed that podman kube play command may overwrite host files (bsc#1249154):
Patchnames: SUSE-SL-Micro-6.2-343
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.3 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
36 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for podman",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for podman fixes the following issues:\n\nChanges in podman:\n\n- Add symlink to catatonit in /usr/libexec/podman (bsc#1248988)\n\n- CVE-2025-47914: Fixed golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read (bsc#1253993)\n- CVE-2025-47913: Fixed golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253542):\n\n- CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Fixed runc: Container breakouts by bypassing runc\u0027s restrictions for writing to arbitrary /proc files (bsc#1252376):\n- CVE-2025-9566: Fixed that podman kube play command may overwrite host files (bsc#1249154):\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SL-Micro-6.2-343",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20641-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20641-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620641-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20641-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024659.html"
},
{
"category": "self",
"summary": "SUSE Bug 1248988",
"url": "https://bugzilla.suse.com/1248988"
},
{
"category": "self",
"summary": "SUSE Bug 1249154",
"url": "https://bugzilla.suse.com/1249154"
},
{
"category": "self",
"summary": "SUSE Bug 1252376",
"url": "https://bugzilla.suse.com/1252376"
},
{
"category": "self",
"summary": "SUSE Bug 1253542",
"url": "https://bugzilla.suse.com/1253542"
},
{
"category": "self",
"summary": "SUSE Bug 1253993",
"url": "https://bugzilla.suse.com/1253993"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31133 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52565 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52565/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-52881 page",
"url": "https://www.suse.com/security/cve/CVE-2025-52881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-6032 page",
"url": "https://www.suse.com/security/cve/CVE-2025-6032/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-9566 page",
"url": "https://www.suse.com/security/cve/CVE-2025-9566/"
}
],
"title": "Security update for podman",
"tracking": {
"current_release_date": "2026-03-03T16:04:58Z",
"generator": {
"date": "2026-03-03T16:04:58Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20641-1",
"initial_release_date": "2026-03-03T16:04:58Z",
"revision_history": [
{
"date": "2026-03-03T16:04:58Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.4.1.aarch64",
"product": {
"name": "podman-5.4.2-160000.4.1.aarch64",
"product_id": "podman-5.4.2-160000.4.1.aarch64"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.4.1.aarch64",
"product": {
"name": "podman-remote-5.4.2-160000.4.1.aarch64",
"product_id": "podman-remote-5.4.2-160000.4.1.aarch64"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.4.1.aarch64",
"product": {
"name": "podmansh-5.4.2-160000.4.1.aarch64",
"product_id": "podmansh-5.4.2-160000.4.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-docker-5.4.2-160000.4.1.noarch",
"product": {
"name": "podman-docker-5.4.2-160000.4.1.noarch",
"product_id": "podman-docker-5.4.2-160000.4.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.4.1.ppc64le",
"product": {
"name": "podman-5.4.2-160000.4.1.ppc64le",
"product_id": "podman-5.4.2-160000.4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.4.1.ppc64le",
"product": {
"name": "podman-remote-5.4.2-160000.4.1.ppc64le",
"product_id": "podman-remote-5.4.2-160000.4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.4.1.ppc64le",
"product": {
"name": "podmansh-5.4.2-160000.4.1.ppc64le",
"product_id": "podmansh-5.4.2-160000.4.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.4.1.s390x",
"product": {
"name": "podman-5.4.2-160000.4.1.s390x",
"product_id": "podman-5.4.2-160000.4.1.s390x"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.4.1.s390x",
"product": {
"name": "podman-remote-5.4.2-160000.4.1.s390x",
"product_id": "podman-remote-5.4.2-160000.4.1.s390x"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.4.1.s390x",
"product": {
"name": "podmansh-5.4.2-160000.4.1.s390x",
"product_id": "podmansh-5.4.2-160000.4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "podman-5.4.2-160000.4.1.x86_64",
"product": {
"name": "podman-5.4.2-160000.4.1.x86_64",
"product_id": "podman-5.4.2-160000.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "podman-remote-5.4.2-160000.4.1.x86_64",
"product": {
"name": "podman-remote-5.4.2-160000.4.1.x86_64",
"product_id": "podman-remote-5.4.2-160000.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "podmansh-5.4.2-160000.4.1.x86_64",
"product": {
"name": "podmansh-5.4.2-160000.4.1.x86_64",
"product_id": "podmansh-5.4.2-160000.4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.2",
"product": {
"name": "SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:transactional"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podman-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podman-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x"
},
"product_reference": "podman-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podman-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-docker-5.4.2-160000.4.1.noarch as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch"
},
"product_reference": "podman-docker-5.4.2-160000.4.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podman-remote-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podman-remote-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64"
},
"product_reference": "podmansh-5.4.2-160000.4.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le"
},
"product_reference": "podmansh-5.4.2-160000.4.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x"
},
"product_reference": "podmansh-5.4.2-160000.4.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "podmansh-5.4.2-160000.4.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
},
"product_reference": "podmansh-5.4.2-160000.4.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22869"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22869",
"url": "https://www.suse.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "SUSE Bug 1239322 for CVE-2025-22869",
"url": "https://bugzilla.suse.com/1239322"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-22869"
},
{
"cve": "CVE-2025-31133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31133"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container\u0027s /dev/null) was actually a real /dev/null inode when using the container\u0027s /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31133",
"url": "https://www.suse.com/security/cve/CVE-2025-31133"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-31133",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-31133"
},
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2025-47914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47914"
}
],
"notes": [
{
"category": "general",
"text": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47914",
"url": "https://www.suse.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "SUSE Bug 1253967 for CVE-2025-47914",
"url": "https://bugzilla.suse.com/1253967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "moderate"
}
],
"title": "CVE-2025-47914"
},
{
"cve": "CVE-2025-52565",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52565"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52565",
"url": "https://www.suse.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52565",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-52565"
},
{
"cve": "CVE-2025-52881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-52881"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-52881",
"url": "https://www.suse.com/security/cve/CVE-2025-52881"
},
{
"category": "external",
"summary": "SUSE Bug 1252232 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1252232"
},
{
"category": "external",
"summary": "SUSE Bug 1255063 for CVE-2025-52881",
"url": "https://bugzilla.suse.com/1255063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-52881"
},
{
"cve": "CVE-2025-6032",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-6032"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-6032",
"url": "https://www.suse.com/security/cve/CVE-2025-6032"
},
{
"category": "external",
"summary": "SUSE Bug 1245320 for CVE-2025-6032",
"url": "https://bugzilla.suse.com/1245320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-6032"
},
{
"cve": "CVE-2025-9566",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-9566"
}
],
"notes": [
{
"category": "general",
"text": "There\u0027s a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file.\n\nBinary-Affected: podman\nUpstream-version-introduced: v4.0.0\nUpstream-version-fixed: v5.6.1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-9566",
"url": "https://www.suse.com/security/cve/CVE-2025-9566"
},
{
"category": "external",
"summary": "SUSE Bug 1249154 for CVE-2025-9566",
"url": "https://bugzilla.suse.com/1249154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podman-docker-5.4.2-160000.4.1.noarch",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podman-remote-5.4.2-160000.4.1.x86_64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.aarch64",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.ppc64le",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.s390x",
"SUSE Linux Micro 6.2:podmansh-5.4.2-160000.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-03T16:04:58Z",
"details": "important"
}
],
"title": "CVE-2025-9566"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…