Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-58181 (GCVE-0-2025-58181)
Vulnerability from cvelistv5 – Published: 2025-11-19 20:33 – Updated: 2025-11-20 17:14
VLAI
EPSS
Title
Unbounded memory consumption in golang.org/x/crypto/ssh
Summary
SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| golang.org/x/crypto | golang.org/x/crypto/ssh |
Affected:
0 , < 0.45.0
(semver)
|
Credits
Jakub Ciolek
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-58181",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T20:49:06.918113Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T20:49:26.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "golang.org/x/crypto/ssh",
"product": "golang.org/x/crypto/ssh",
"programRoutines": [
{
"name": "parseGSSAPIPayload"
},
{
"name": "NewServerConn"
}
],
"vendor": "golang.org/x/crypto",
"versions": [
{
"lessThan": "0.45.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jakub Ciolek"
}
],
"descriptions": [
{
"lang": "en",
"value": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-1284",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T17:14:59.856Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"
},
{
"url": "https://go.dev/cl/721961"
},
{
"url": "https://go.dev/issue/76363"
},
{
"url": "https://pkg.go.dev/vuln/GO-2025-4134"
}
],
"title": "Unbounded memory consumption in golang.org/x/crypto/ssh"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2025-58181",
"datePublished": "2025-11-19T20:33:42.795Z",
"dateReserved": "2025-08-27T14:50:58.691Z",
"dateUpdated": "2025-11-20T17:14:59.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-58181",
"date": "2026-06-07",
"epss": "0.00046",
"percentile": "0.14461"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-58181\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2025-11-19T21:15:50.850\",\"lastModified\":\"2025-12-11T19:29:24.900\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:crypto:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"0.45.0\",\"matchCriteriaId\":\"0DB7D01D-5361-40FC-83A9-91A601A0321D\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/721961\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/76363\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2025-4134\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-58181\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-11-19T20:49:06.918113Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770 Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-11-19T20:48:46.369Z\"}}], \"cna\": {\"title\": \"Unbounded memory consumption in golang.org/x/crypto/ssh\", \"credits\": [{\"lang\": \"en\", \"value\": \"Jakub Ciolek\"}], \"affected\": [{\"vendor\": \"golang.org/x/crypto\", \"product\": \"golang.org/x/crypto/ssh\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"0.45.0\", \"versionType\": \"semver\"}], \"packageName\": \"golang.org/x/crypto/ssh\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"parseGSSAPIPayload\"}, {\"name\": \"NewServerConn\"}]}], \"references\": [{\"url\": \"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA\"}, {\"url\": \"https://go.dev/cl/721961\"}, {\"url\": \"https://go.dev/issue/76363\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2025-4134\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-1284\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2025-11-20T17:14:59.856Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-58181\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-20T17:14:59.856Z\", \"dateReserved\": \"2025-08-27T14:50:58.691Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2025-11-19T20:33:42.795Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
OPENSUSE-SU-2026:10127-1
Vulnerability from csaf_opensuse - Published: 2026-01-30 00:00 - Updated: 2026-01-30 00:00Summary
rekor-1.5.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: rekor-1.5.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the rekor-1.5.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10127
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rekor-1.5.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rekor-1.5.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rekor-1.5.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rekor-1.5.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rekor-1.5.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rekor-1.5.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rekor-1.5.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rekor-1.5.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:rekor-1.5.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rekor-1.5.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rekor-1.5.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:rekor-1.5.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "rekor-1.5.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the rekor-1.5.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10127",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10127-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23831 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-24117 page",
"url": "https://www.suse.com/security/cve/CVE-2026-24117/"
}
],
"title": "rekor-1.5.0-1.1 on GA media",
"tracking": {
"current_release_date": "2026-01-30T00:00:00Z",
"generator": {
"date": "2026-01-30T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10127-1",
"initial_release_date": "2026-01-30T00:00:00Z",
"revision_history": [
{
"date": "2026-01-30T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rekor-1.5.0-1.1.aarch64",
"product": {
"name": "rekor-1.5.0-1.1.aarch64",
"product_id": "rekor-1.5.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rekor-1.5.0-1.1.ppc64le",
"product": {
"name": "rekor-1.5.0-1.1.ppc64le",
"product_id": "rekor-1.5.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rekor-1.5.0-1.1.s390x",
"product": {
"name": "rekor-1.5.0-1.1.s390x",
"product_id": "rekor-1.5.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rekor-1.5.0-1.1.x86_64",
"product": {
"name": "rekor-1.5.0-1.1.x86_64",
"product_id": "rekor-1.5.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.5.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rekor-1.5.0-1.1.aarch64"
},
"product_reference": "rekor-1.5.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.5.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rekor-1.5.0-1.1.ppc64le"
},
"product_reference": "rekor-1.5.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.5.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rekor-1.5.0-1.1.s390x"
},
"product_reference": "rekor-1.5.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rekor-1.5.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rekor-1.5.0-1.1.x86_64"
},
"product_reference": "rekor-1.5.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-58181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58181"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rekor-1.5.0-1.1.aarch64",
"openSUSE Tumbleweed:rekor-1.5.0-1.1.ppc64le",
"openSUSE Tumbleweed:rekor-1.5.0-1.1.s390x",
"openSUSE Tumbleweed:rekor-1.5.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58181",
"url": "https://www.suse.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "SUSE Bug 1253784 for CVE-2025-58181",
"url": "https://bugzilla.suse.com/1253784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rekor-1.5.0-1.1.aarch64",
"openSUSE Tumbleweed:rekor-1.5.0-1.1.ppc64le",
"openSUSE Tumbleweed:rekor-1.5.0-1.1.s390x",
"openSUSE Tumbleweed:rekor-1.5.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rekor-1.5.0-1.1.aarch64",
"openSUSE Tumbleweed:rekor-1.5.0-1.1.ppc64le",
"openSUSE Tumbleweed:rekor-1.5.0-1.1.s390x",
"openSUSE Tumbleweed:rekor-1.5.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-30T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-58181"
},
{
"cve": "CVE-2026-23831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23831"
}
],
"notes": [
{
"category": "general",
"text": "Rekor is a software supply chain transparency log. In versions 1.4.3 and below, the entry implementation can panic on attacker-controlled input when canonicalizing a proposed entry with an empty spec.message, causing nil Pointer Dereference. Function validate() returns nil (success) when message is empty, leaving sign1Msg uninitialized, and Canonicalize() later dereferences v.sign1Msg.Payload. A malformed proposed entry of the cose/v0.0.1 type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error message and service still continues, so the availability impact of this is minimal. This issue has been fixed in version 1.5.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rekor-1.5.0-1.1.aarch64",
"openSUSE Tumbleweed:rekor-1.5.0-1.1.ppc64le",
"openSUSE Tumbleweed:rekor-1.5.0-1.1.s390x",
"openSUSE Tumbleweed:rekor-1.5.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23831",
"url": "https://www.suse.com/security/cve/CVE-2026-23831"
},
{
"category": "external",
"summary": "SUSE Bug 1257132 for CVE-2026-23831",
"url": "https://bugzilla.suse.com/1257132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rekor-1.5.0-1.1.aarch64",
"openSUSE Tumbleweed:rekor-1.5.0-1.1.ppc64le",
"openSUSE Tumbleweed:rekor-1.5.0-1.1.s390x",
"openSUSE Tumbleweed:rekor-1.5.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rekor-1.5.0-1.1.aarch64",
"openSUSE Tumbleweed:rekor-1.5.0-1.1.ppc64le",
"openSUSE Tumbleweed:rekor-1.5.0-1.1.s390x",
"openSUSE Tumbleweed:rekor-1.5.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-30T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-23831"
},
{
"cve": "CVE-2026-24117",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-24117"
}
],
"notes": [
{
"category": "general",
"text": "Rekor is a software supply chain transparency log. In versions 1.4.3 and below, attackers can trigger SSRF to arbitrary internal services because /api/v1/index/retrieve supports retrieving a public key via user-provided URL. Since the SSRF only can trigger GET requests, the request cannot mutate state. The response from the GET request is not returned to the caller so data exfiltration is not possible. A malicious actor could attempt to probe an internal network through Blind SSRF. The issue has been fixed in version 1.5.0. To workaround this issue, disable the search endpoint with --enable_retrieve_api=false.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rekor-1.5.0-1.1.aarch64",
"openSUSE Tumbleweed:rekor-1.5.0-1.1.ppc64le",
"openSUSE Tumbleweed:rekor-1.5.0-1.1.s390x",
"openSUSE Tumbleweed:rekor-1.5.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-24117",
"url": "https://www.suse.com/security/cve/CVE-2026-24117"
},
{
"category": "external",
"summary": "SUSE Bug 1257135 for CVE-2026-24117",
"url": "https://bugzilla.suse.com/1257135"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rekor-1.5.0-1.1.aarch64",
"openSUSE Tumbleweed:rekor-1.5.0-1.1.ppc64le",
"openSUSE Tumbleweed:rekor-1.5.0-1.1.s390x",
"openSUSE Tumbleweed:rekor-1.5.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rekor-1.5.0-1.1.aarch64",
"openSUSE Tumbleweed:rekor-1.5.0-1.1.ppc64le",
"openSUSE Tumbleweed:rekor-1.5.0-1.1.s390x",
"openSUSE Tumbleweed:rekor-1.5.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-30T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-24117"
}
]
}
OPENSUSE-SU-2026:10142-1
Vulnerability from csaf_opensuse - Published: 2026-02-03 00:00 - Updated: 2026-02-03 00:00Summary
traefik-3.6.7-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: traefik-3.6.7-1.1 on GA media
Description of the patch: These are all security issues fixed in the traefik-3.6.7-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10142
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:traefik-3.6.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:traefik-3.6.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:traefik-3.6.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:traefik-3.6.7-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:traefik-3.6.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:traefik-3.6.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:traefik-3.6.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:traefik-3.6.7-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "traefik-3.6.7-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the traefik-3.6.7-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10142",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10142-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-22045 page",
"url": "https://www.suse.com/security/cve/CVE-2026-22045/"
}
],
"title": "traefik-3.6.7-1.1 on GA media",
"tracking": {
"current_release_date": "2026-02-03T00:00:00Z",
"generator": {
"date": "2026-02-03T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10142-1",
"initial_release_date": "2026-02-03T00:00:00Z",
"revision_history": [
{
"date": "2026-02-03T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "traefik-3.6.7-1.1.aarch64",
"product": {
"name": "traefik-3.6.7-1.1.aarch64",
"product_id": "traefik-3.6.7-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "traefik-3.6.7-1.1.ppc64le",
"product": {
"name": "traefik-3.6.7-1.1.ppc64le",
"product_id": "traefik-3.6.7-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "traefik-3.6.7-1.1.s390x",
"product": {
"name": "traefik-3.6.7-1.1.s390x",
"product_id": "traefik-3.6.7-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "traefik-3.6.7-1.1.x86_64",
"product": {
"name": "traefik-3.6.7-1.1.x86_64",
"product_id": "traefik-3.6.7-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "traefik-3.6.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:traefik-3.6.7-1.1.aarch64"
},
"product_reference": "traefik-3.6.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "traefik-3.6.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:traefik-3.6.7-1.1.ppc64le"
},
"product_reference": "traefik-3.6.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "traefik-3.6.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:traefik-3.6.7-1.1.s390x"
},
"product_reference": "traefik-3.6.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "traefik-3.6.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:traefik-3.6.7-1.1.x86_64"
},
"product_reference": "traefik-3.6.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-58181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58181"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:traefik-3.6.7-1.1.aarch64",
"openSUSE Tumbleweed:traefik-3.6.7-1.1.ppc64le",
"openSUSE Tumbleweed:traefik-3.6.7-1.1.s390x",
"openSUSE Tumbleweed:traefik-3.6.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58181",
"url": "https://www.suse.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "SUSE Bug 1253784 for CVE-2025-58181",
"url": "https://bugzilla.suse.com/1253784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:traefik-3.6.7-1.1.aarch64",
"openSUSE Tumbleweed:traefik-3.6.7-1.1.ppc64le",
"openSUSE Tumbleweed:traefik-3.6.7-1.1.s390x",
"openSUSE Tumbleweed:traefik-3.6.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:traefik-3.6.7-1.1.aarch64",
"openSUSE Tumbleweed:traefik-3.6.7-1.1.ppc64le",
"openSUSE Tumbleweed:traefik-3.6.7-1.1.s390x",
"openSUSE Tumbleweed:traefik-3.6.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-58181"
},
{
"cve": "CVE-2026-22045",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-22045"
}
],
"notes": [
{
"category": "general",
"text": "Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.35 and 3.6.7, there is a potential vulnerability in Traefik ACME TLS certificates\u0027 automatic generation: the ACME TLS-ALPN fast path can allow unauthenticated clients to tie up go routines and file descriptors indefinitely when the ACME TLS challenge is enabled. A malicious client can open many connections, send a minimal ClientHello with acme-tls/1, then stop responding, leading to denial of service of the entry point. The vulnerability is fixed in 2.11.35 and 3.6.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:traefik-3.6.7-1.1.aarch64",
"openSUSE Tumbleweed:traefik-3.6.7-1.1.ppc64le",
"openSUSE Tumbleweed:traefik-3.6.7-1.1.s390x",
"openSUSE Tumbleweed:traefik-3.6.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-22045",
"url": "https://www.suse.com/security/cve/CVE-2026-22045"
},
{
"category": "external",
"summary": "SUSE Bug 1256815 for CVE-2026-22045",
"url": "https://bugzilla.suse.com/1256815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:traefik-3.6.7-1.1.aarch64",
"openSUSE Tumbleweed:traefik-3.6.7-1.1.ppc64le",
"openSUSE Tumbleweed:traefik-3.6.7-1.1.s390x",
"openSUSE Tumbleweed:traefik-3.6.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:traefik-3.6.7-1.1.aarch64",
"openSUSE Tumbleweed:traefik-3.6.7-1.1.ppc64le",
"openSUSE Tumbleweed:traefik-3.6.7-1.1.s390x",
"openSUSE Tumbleweed:traefik-3.6.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-22045"
}
]
}
OPENSUSE-SU-2026:10143-1
Vulnerability from csaf_opensuse - Published: 2026-02-03 00:00 - Updated: 2026-02-03 00:00Summary
traefik2-2.11.35-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: traefik2-2.11.35-1.1 on GA media
Description of the patch: These are all security issues fixed in the traefik2-2.11.35-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10143
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.8 (Critical)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:traefik2-2.11.35-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:traefik2-2.11.35-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:traefik2-2.11.35-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:traefik2-2.11.35-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:traefik2-2.11.35-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:traefik2-2.11.35-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:traefik2-2.11.35-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:traefik2-2.11.35-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:traefik2-2.11.35-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:traefik2-2.11.35-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:traefik2-2.11.35-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:traefik2-2.11.35-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:traefik2-2.11.35-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:traefik2-2.11.35-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:traefik2-2.11.35-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:traefik2-2.11.35-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
14 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "traefik2-2.11.35-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the traefik2-2.11.35-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10143",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10143-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54386 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54386/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-66490 page",
"url": "https://www.suse.com/security/cve/CVE-2025-66490/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-22045 page",
"url": "https://www.suse.com/security/cve/CVE-2026-22045/"
}
],
"title": "traefik2-2.11.35-1.1 on GA media",
"tracking": {
"current_release_date": "2026-02-03T00:00:00Z",
"generator": {
"date": "2026-02-03T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10143-1",
"initial_release_date": "2026-02-03T00:00:00Z",
"revision_history": [
{
"date": "2026-02-03T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "traefik2-2.11.35-1.1.aarch64",
"product": {
"name": "traefik2-2.11.35-1.1.aarch64",
"product_id": "traefik2-2.11.35-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "traefik2-2.11.35-1.1.ppc64le",
"product": {
"name": "traefik2-2.11.35-1.1.ppc64le",
"product_id": "traefik2-2.11.35-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "traefik2-2.11.35-1.1.s390x",
"product": {
"name": "traefik2-2.11.35-1.1.s390x",
"product_id": "traefik2-2.11.35-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "traefik2-2.11.35-1.1.x86_64",
"product": {
"name": "traefik2-2.11.35-1.1.x86_64",
"product_id": "traefik2-2.11.35-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "traefik2-2.11.35-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:traefik2-2.11.35-1.1.aarch64"
},
"product_reference": "traefik2-2.11.35-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "traefik2-2.11.35-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:traefik2-2.11.35-1.1.ppc64le"
},
"product_reference": "traefik2-2.11.35-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "traefik2-2.11.35-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:traefik2-2.11.35-1.1.s390x"
},
"product_reference": "traefik2-2.11.35-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "traefik2-2.11.35-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:traefik2-2.11.35-1.1.x86_64"
},
"product_reference": "traefik2-2.11.35-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-54386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54386"
}
],
"notes": [
{
"category": "general",
"text": "Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik\u0027s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../ sequences, an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This can lead to remote code execution (RCE), privilege escalation, persistence, or denial of service. This is fixed in versions 2.11.28, 3.4.5 and 3.5.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.aarch64",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.ppc64le",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.s390x",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54386",
"url": "https://www.suse.com/security/cve/CVE-2025-54386"
},
{
"category": "external",
"summary": "SUSE Bug 1247524 for CVE-2025-54386",
"url": "https://bugzilla.suse.com/1247524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.aarch64",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.ppc64le",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.s390x",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.aarch64",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.ppc64le",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.s390x",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-03T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2025-54386"
},
{
"cve": "CVE-2025-58181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58181"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.aarch64",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.ppc64le",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.s390x",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58181",
"url": "https://www.suse.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "SUSE Bug 1253784 for CVE-2025-58181",
"url": "https://bugzilla.suse.com/1253784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.aarch64",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.ppc64le",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.s390x",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.aarch64",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.ppc64le",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.s390x",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-58181"
},
{
"cve": "CVE-2025-66490",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-66490"
}
],
"notes": [
{
"category": "general",
"text": "Traefik is an HTTP reverse proxy and load balancer. For versions prior to 2.11.32 and 2.11.31 through 3.6.2, requests using PathPrefix, Path or PathRegex matchers can bypass path normalization. When Traefik uses path-based routing, requests containing URL-encoded restricted characters (/, \\, Null, ;, ?, #) can bypass the middleware chain and reach unintended backends. For example, a request to http://mydomain.example.com/admin%2F could reach service-a without triggering my-security-middleware, bypassing security controls for the /admin/ path. This issue is fixed in versions 2.11.32 and 3.6.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.aarch64",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.ppc64le",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.s390x",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-66490",
"url": "https://www.suse.com/security/cve/CVE-2025-66490"
},
{
"category": "external",
"summary": "SUSE Bug 1254879 for CVE-2025-66490",
"url": "https://bugzilla.suse.com/1254879"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.aarch64",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.ppc64le",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.s390x",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.aarch64",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.ppc64le",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.s390x",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-66490"
},
{
"cve": "CVE-2026-22045",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-22045"
}
],
"notes": [
{
"category": "general",
"text": "Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.35 and 3.6.7, there is a potential vulnerability in Traefik ACME TLS certificates\u0027 automatic generation: the ACME TLS-ALPN fast path can allow unauthenticated clients to tie up go routines and file descriptors indefinitely when the ACME TLS challenge is enabled. A malicious client can open many connections, send a minimal ClientHello with acme-tls/1, then stop responding, leading to denial of service of the entry point. The vulnerability is fixed in 2.11.35 and 3.6.7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.aarch64",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.ppc64le",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.s390x",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-22045",
"url": "https://www.suse.com/security/cve/CVE-2026-22045"
},
{
"category": "external",
"summary": "SUSE Bug 1256815 for CVE-2026-22045",
"url": "https://bugzilla.suse.com/1256815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.aarch64",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.ppc64le",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.s390x",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.aarch64",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.ppc64le",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.s390x",
"openSUSE Tumbleweed:traefik2-2.11.35-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-22045"
}
]
}
OPENSUSE-SU-2026:10230-1
Vulnerability from csaf_opensuse - Published: 2026-02-19 00:00 - Updated: 2026-02-19 00:00Summary
vexctl-0.4.1+git78.f951e3a-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: vexctl-0.4.1+git78.f951e3a-1.1 on GA media
Description of the patch: These are all security issues fixed in the vexctl-0.4.1+git78.f951e3a-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10230
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.8 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
33 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "vexctl-0.4.1+git78.f951e3a-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the vexctl-0.4.1+git78.f951e3a-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10230",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10230-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45337 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45337/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22868 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27144 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27144/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-30204 page",
"url": "https://www.suse.com/security/cve/CVE-2025-30204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-22772 page",
"url": "https://www.suse.com/security/cve/CVE-2026-22772/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-24137 page",
"url": "https://www.suse.com/security/cve/CVE-2026-24137/"
}
],
"title": "vexctl-0.4.1+git78.f951e3a-1.1 on GA media",
"tracking": {
"current_release_date": "2026-02-19T00:00:00Z",
"generator": {
"date": "2026-02-19T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10230-1",
"initial_release_date": "2026-02-19T00:00:00Z",
"revision_history": [
{
"date": "2026-02-19T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"product": {
"name": "vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"product_id": "vexctl-0.4.1+git78.f951e3a-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"product": {
"name": "vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"product_id": "vexctl-0.4.1+git78.f951e3a-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"product": {
"name": "vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"product_id": "vexctl-0.4.1+git78.f951e3a-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "vexctl-0.4.1+git78.f951e3a-1.1.x86_64",
"product": {
"name": "vexctl-0.4.1+git78.f951e3a-1.1.x86_64",
"product_id": "vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "vexctl-0.4.1+git78.f951e3a-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64"
},
"product_reference": "vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vexctl-0.4.1+git78.f951e3a-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le"
},
"product_reference": "vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vexctl-0.4.1+git78.f951e3a-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x"
},
"product_reference": "vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "vexctl-0.4.1+git78.f951e3a-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
},
"product_reference": "vexctl-0.4.1+git78.f951e3a-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45337",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45337"
}
],
"notes": [
{
"category": "general",
"text": "Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that \"A call to this function does not guarantee that the key offered is in fact used to authenticate.\" Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45337",
"url": "https://www.suse.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "SUSE Bug 1234482 for CVE-2024-45337",
"url": "https://bugzilla.suse.com/1234482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-19T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-45337"
},
{
"cve": "CVE-2025-22868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22868"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22868",
"url": "https://www.suse.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "SUSE Bug 1239185 for CVE-2025-22868",
"url": "https://bugzilla.suse.com/1239185"
},
{
"category": "external",
"summary": "SUSE Bug 1239186 for CVE-2025-22868",
"url": "https://bugzilla.suse.com/1239186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-19T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-22868"
},
{
"cve": "CVE-2025-22869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22869"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22869",
"url": "https://www.suse.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "SUSE Bug 1239322 for CVE-2025-22869",
"url": "https://bugzilla.suse.com/1239322"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-19T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-22869"
},
{
"cve": "CVE-2025-22870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22870"
}
],
"notes": [
{
"category": "general",
"text": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22870",
"url": "https://www.suse.com/security/cve/CVE-2025-22870"
},
{
"category": "external",
"summary": "SUSE Bug 1238572 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238572"
},
{
"category": "external",
"summary": "SUSE Bug 1238611 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-19T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-22870"
},
{
"cve": "CVE-2025-27144",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27144"
}
],
"notes": [
{
"category": "general",
"text": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, \".\") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27144",
"url": "https://www.suse.com/security/cve/CVE-2025-27144"
},
{
"category": "external",
"summary": "SUSE Bug 1237608 for CVE-2025-27144",
"url": "https://bugzilla.suse.com/1237608"
},
{
"category": "external",
"summary": "SUSE Bug 1237609 for CVE-2025-27144",
"url": "https://bugzilla.suse.com/1237609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-19T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-27144"
},
{
"cve": "CVE-2025-30204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-30204"
}
],
"notes": [
{
"category": "general",
"text": "golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function\u0027s argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-30204",
"url": "https://www.suse.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "SUSE Bug 1240441 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240441"
},
{
"category": "external",
"summary": "SUSE Bug 1240442 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-19T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-30204"
},
{
"cve": "CVE-2025-58181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58181"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58181",
"url": "https://www.suse.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "SUSE Bug 1253784 for CVE-2025-58181",
"url": "https://bugzilla.suse.com/1253784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-19T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-58181"
},
{
"cve": "CVE-2026-22772",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-22772"
}
],
"notes": [
{
"category": "general",
"text": "Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect (OIDC) identity. Prior to 1.8.5, Fulcio\u0027s metaRegex() function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal services. Since the SSRF only can trigger GET requests, the request cannot mutate state. The response from the GET request is not returned to the caller so data exfiltration is not possible. A malicious actor could attempt to probe an internal network through Blind SSRF. This vulnerability is fixed in 1.8.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-22772",
"url": "https://www.suse.com/security/cve/CVE-2026-22772"
},
{
"category": "external",
"summary": "SUSE Bug 1256532 for CVE-2026-22772",
"url": "https://bugzilla.suse.com/1256532"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-19T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-22772"
},
{
"cve": "CVE-2026-24137",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-24137"
}
],
"notes": [
{
"category": "general",
"text": "sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client (pkg/tuf/client.go) supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from signed target metadata; however, it does not validate that the resulting path stays within the cache base directory. A malicious TUF repository can trigger arbitrary file overwriting, limited to the permissions that the calling process has. Note that this should only affect clients that are directly using the TUF client in sigstore/sigstore or are using an older version of Cosign. Public Sigstore deployment users are unaffected, as TUF metadata is validated by a quorum of trusted collaborators. This issue has been fixed in version 1.10.4. As a workaround, users can disable disk caching for the legacy client by setting SIGSTORE_NO_CACHE=true in the environment, migrate to https://github.com/sigstore/sigstore-go/tree/main/pkg/tuf, or upgrade to the latest sigstore/sigstore release.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-24137",
"url": "https://www.suse.com/security/cve/CVE-2026-24137"
},
{
"category": "external",
"summary": "SUSE Bug 1257137 for CVE-2026-24137",
"url": "https://bugzilla.suse.com/1257137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.aarch64",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.ppc64le",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.s390x",
"openSUSE Tumbleweed:vexctl-0.4.1+git78.f951e3a-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-19T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-24137"
}
]
}
OPENSUSE-SU-2026:10232-1
Vulnerability from csaf_opensuse - Published: 2026-02-20 00:00 - Updated: 2026-02-20 00:00Summary
cosign-3.0.4-2.1 on GA media
Severity
Moderate
Notes
Title of the patch: cosign-3.0.4-2.1 on GA media
Description of the patch: These are all security issues fixed in the cosign-3.0.4-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10232
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.5 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cosign-3.0.4-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-3.0.4-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-3.0.4-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-3.0.4-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cosign-3.0.4-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-3.0.4-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-3.0.4-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-3.0.4-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:cosign-3.0.4-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-3.0.4-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-3.0.4-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-3.0.4-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cosign-3.0.4-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the cosign-3.0.4-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10232",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10232-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-11065 page",
"url": "https://www.suse.com/security/cve/CVE-2025-11065/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-22703 page",
"url": "https://www.suse.com/security/cve/CVE-2026-22703/"
}
],
"title": "cosign-3.0.4-2.1 on GA media",
"tracking": {
"current_release_date": "2026-02-20T00:00:00Z",
"generator": {
"date": "2026-02-20T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10232-1",
"initial_release_date": "2026-02-20T00:00:00Z",
"revision_history": [
{
"date": "2026-02-20T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cosign-3.0.4-2.1.aarch64",
"product": {
"name": "cosign-3.0.4-2.1.aarch64",
"product_id": "cosign-3.0.4-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "cosign-bash-completion-3.0.4-2.1.aarch64",
"product": {
"name": "cosign-bash-completion-3.0.4-2.1.aarch64",
"product_id": "cosign-bash-completion-3.0.4-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "cosign-fish-completion-3.0.4-2.1.aarch64",
"product": {
"name": "cosign-fish-completion-3.0.4-2.1.aarch64",
"product_id": "cosign-fish-completion-3.0.4-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "cosign-zsh-completion-3.0.4-2.1.aarch64",
"product": {
"name": "cosign-zsh-completion-3.0.4-2.1.aarch64",
"product_id": "cosign-zsh-completion-3.0.4-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cosign-3.0.4-2.1.ppc64le",
"product": {
"name": "cosign-3.0.4-2.1.ppc64le",
"product_id": "cosign-3.0.4-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "cosign-bash-completion-3.0.4-2.1.ppc64le",
"product": {
"name": "cosign-bash-completion-3.0.4-2.1.ppc64le",
"product_id": "cosign-bash-completion-3.0.4-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "cosign-fish-completion-3.0.4-2.1.ppc64le",
"product": {
"name": "cosign-fish-completion-3.0.4-2.1.ppc64le",
"product_id": "cosign-fish-completion-3.0.4-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "cosign-zsh-completion-3.0.4-2.1.ppc64le",
"product": {
"name": "cosign-zsh-completion-3.0.4-2.1.ppc64le",
"product_id": "cosign-zsh-completion-3.0.4-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cosign-3.0.4-2.1.s390x",
"product": {
"name": "cosign-3.0.4-2.1.s390x",
"product_id": "cosign-3.0.4-2.1.s390x"
}
},
{
"category": "product_version",
"name": "cosign-bash-completion-3.0.4-2.1.s390x",
"product": {
"name": "cosign-bash-completion-3.0.4-2.1.s390x",
"product_id": "cosign-bash-completion-3.0.4-2.1.s390x"
}
},
{
"category": "product_version",
"name": "cosign-fish-completion-3.0.4-2.1.s390x",
"product": {
"name": "cosign-fish-completion-3.0.4-2.1.s390x",
"product_id": "cosign-fish-completion-3.0.4-2.1.s390x"
}
},
{
"category": "product_version",
"name": "cosign-zsh-completion-3.0.4-2.1.s390x",
"product": {
"name": "cosign-zsh-completion-3.0.4-2.1.s390x",
"product_id": "cosign-zsh-completion-3.0.4-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cosign-3.0.4-2.1.x86_64",
"product": {
"name": "cosign-3.0.4-2.1.x86_64",
"product_id": "cosign-3.0.4-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "cosign-bash-completion-3.0.4-2.1.x86_64",
"product": {
"name": "cosign-bash-completion-3.0.4-2.1.x86_64",
"product_id": "cosign-bash-completion-3.0.4-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "cosign-fish-completion-3.0.4-2.1.x86_64",
"product": {
"name": "cosign-fish-completion-3.0.4-2.1.x86_64",
"product_id": "cosign-fish-completion-3.0.4-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "cosign-zsh-completion-3.0.4-2.1.x86_64",
"product": {
"name": "cosign-zsh-completion-3.0.4-2.1.x86_64",
"product_id": "cosign-zsh-completion-3.0.4-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cosign-3.0.4-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cosign-3.0.4-2.1.aarch64"
},
"product_reference": "cosign-3.0.4-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cosign-3.0.4-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cosign-3.0.4-2.1.ppc64le"
},
"product_reference": "cosign-3.0.4-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cosign-3.0.4-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cosign-3.0.4-2.1.s390x"
},
"product_reference": "cosign-3.0.4-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cosign-3.0.4-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cosign-3.0.4-2.1.x86_64"
},
"product_reference": "cosign-3.0.4-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cosign-bash-completion-3.0.4-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.aarch64"
},
"product_reference": "cosign-bash-completion-3.0.4-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cosign-bash-completion-3.0.4-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.ppc64le"
},
"product_reference": "cosign-bash-completion-3.0.4-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cosign-bash-completion-3.0.4-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.s390x"
},
"product_reference": "cosign-bash-completion-3.0.4-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cosign-bash-completion-3.0.4-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.x86_64"
},
"product_reference": "cosign-bash-completion-3.0.4-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cosign-fish-completion-3.0.4-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.aarch64"
},
"product_reference": "cosign-fish-completion-3.0.4-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cosign-fish-completion-3.0.4-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.ppc64le"
},
"product_reference": "cosign-fish-completion-3.0.4-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cosign-fish-completion-3.0.4-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.s390x"
},
"product_reference": "cosign-fish-completion-3.0.4-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cosign-fish-completion-3.0.4-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.x86_64"
},
"product_reference": "cosign-fish-completion-3.0.4-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cosign-zsh-completion-3.0.4-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.aarch64"
},
"product_reference": "cosign-zsh-completion-3.0.4-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cosign-zsh-completion-3.0.4-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.ppc64le"
},
"product_reference": "cosign-zsh-completion-3.0.4-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cosign-zsh-completion-3.0.4-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.s390x"
},
"product_reference": "cosign-zsh-completion-3.0.4-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cosign-zsh-completion-3.0.4-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.x86_64"
},
"product_reference": "cosign-zsh-completion-3.0.4-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-11065",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-11065"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in security-critical contexts.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cosign-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-3.0.4-2.1.x86_64",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.x86_64",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.x86_64",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-11065",
"url": "https://www.suse.com/security/cve/CVE-2025-11065"
},
{
"category": "external",
"summary": "SUSE Bug 1250608 for CVE-2025-11065",
"url": "https://bugzilla.suse.com/1250608"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cosign-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-3.0.4-2.1.x86_64",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.x86_64",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.x86_64",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cosign-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-3.0.4-2.1.x86_64",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.x86_64",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.x86_64",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-20T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-11065"
},
{
"cve": "CVE-2025-58181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58181"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cosign-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-3.0.4-2.1.x86_64",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.x86_64",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.x86_64",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58181",
"url": "https://www.suse.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "SUSE Bug 1253784 for CVE-2025-58181",
"url": "https://bugzilla.suse.com/1253784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cosign-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-3.0.4-2.1.x86_64",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.x86_64",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.x86_64",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cosign-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-3.0.4-2.1.x86_64",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.x86_64",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.x86_64",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-20T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-58181"
},
{
"cve": "CVE-2026-22703",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-22703"
}
],
"notes": [
{
"category": "general",
"text": "Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact\u0027s digest, signature or public key. When verifying a Rekor entry, Cosign verifies the Rekor entry signature, and also compares the artifact\u0027s digest, the user\u0027s public key from either a Fulcio certificate or provided by the user, and the artifact signature to the Rekor entry contents. Without these comparisons, Cosign would accept any response from Rekor as valid. A malicious actor that has compromised a user\u0027s identity or signing key could construct a valid Cosign bundle by including any arbitrary Rekor entry, thus preventing the user from being able to audit the signing event. This issue has been patched in versions 2.6.2 and 3.0.4.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cosign-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-3.0.4-2.1.x86_64",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.x86_64",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.x86_64",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-22703",
"url": "https://www.suse.com/security/cve/CVE-2026-22703"
},
{
"category": "external",
"summary": "SUSE Bug 1256496 for CVE-2026-22703",
"url": "https://bugzilla.suse.com/1256496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cosign-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-3.0.4-2.1.x86_64",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.x86_64",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.x86_64",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cosign-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-3.0.4-2.1.x86_64",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-bash-completion-3.0.4-2.1.x86_64",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-fish-completion-3.0.4-2.1.x86_64",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.aarch64",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.ppc64le",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.s390x",
"openSUSE Tumbleweed:cosign-zsh-completion-3.0.4-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-20T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-22703"
}
]
}
OPENSUSE-SU-2026:10255-1
Vulnerability from csaf_opensuse - Published: 2026-02-25 00:00 - Updated: 2026-02-25 00:00Summary
docker-stable-24.0.9_ce-17.1 on GA media
Severity
Moderate
Notes
Title of the patch: docker-stable-24.0.9_ce-17.1 on GA media
Description of the patch: These are all security issues fixed in the docker-stable-24.0.9_ce-17.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10255
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "docker-stable-24.0.9_ce-17.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the docker-stable-24.0.9_ce-17.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10255",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10255-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-30204 page",
"url": "https://www.suse.com/security/cve/CVE-2025-30204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58181/"
}
],
"title": "docker-stable-24.0.9_ce-17.1 on GA media",
"tracking": {
"current_release_date": "2026-02-25T00:00:00Z",
"generator": {
"date": "2026-02-25T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10255-1",
"initial_release_date": "2026-02-25T00:00:00Z",
"revision_history": [
{
"date": "2026-02-25T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-17.1.aarch64",
"product": {
"name": "docker-stable-24.0.9_ce-17.1.aarch64",
"product_id": "docker-stable-24.0.9_ce-17.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-stable-bash-completion-24.0.9_ce-17.1.aarch64",
"product": {
"name": "docker-stable-bash-completion-24.0.9_ce-17.1.aarch64",
"product_id": "docker-stable-bash-completion-24.0.9_ce-17.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-17.1.aarch64",
"product": {
"name": "docker-stable-buildx-0.25.0-17.1.aarch64",
"product_id": "docker-stable-buildx-0.25.0-17.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-stable-fish-completion-24.0.9_ce-17.1.aarch64",
"product": {
"name": "docker-stable-fish-completion-24.0.9_ce-17.1.aarch64",
"product_id": "docker-stable-fish-completion-24.0.9_ce-17.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-stable-rootless-extras-24.0.9_ce-17.1.aarch64",
"product": {
"name": "docker-stable-rootless-extras-24.0.9_ce-17.1.aarch64",
"product_id": "docker-stable-rootless-extras-24.0.9_ce-17.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-stable-zsh-completion-24.0.9_ce-17.1.aarch64",
"product": {
"name": "docker-stable-zsh-completion-24.0.9_ce-17.1.aarch64",
"product_id": "docker-stable-zsh-completion-24.0.9_ce-17.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-17.1.ppc64le",
"product": {
"name": "docker-stable-24.0.9_ce-17.1.ppc64le",
"product_id": "docker-stable-24.0.9_ce-17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-stable-bash-completion-24.0.9_ce-17.1.ppc64le",
"product": {
"name": "docker-stable-bash-completion-24.0.9_ce-17.1.ppc64le",
"product_id": "docker-stable-bash-completion-24.0.9_ce-17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-17.1.ppc64le",
"product": {
"name": "docker-stable-buildx-0.25.0-17.1.ppc64le",
"product_id": "docker-stable-buildx-0.25.0-17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-stable-fish-completion-24.0.9_ce-17.1.ppc64le",
"product": {
"name": "docker-stable-fish-completion-24.0.9_ce-17.1.ppc64le",
"product_id": "docker-stable-fish-completion-24.0.9_ce-17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-stable-rootless-extras-24.0.9_ce-17.1.ppc64le",
"product": {
"name": "docker-stable-rootless-extras-24.0.9_ce-17.1.ppc64le",
"product_id": "docker-stable-rootless-extras-24.0.9_ce-17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-stable-zsh-completion-24.0.9_ce-17.1.ppc64le",
"product": {
"name": "docker-stable-zsh-completion-24.0.9_ce-17.1.ppc64le",
"product_id": "docker-stable-zsh-completion-24.0.9_ce-17.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-17.1.s390x",
"product": {
"name": "docker-stable-24.0.9_ce-17.1.s390x",
"product_id": "docker-stable-24.0.9_ce-17.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-stable-bash-completion-24.0.9_ce-17.1.s390x",
"product": {
"name": "docker-stable-bash-completion-24.0.9_ce-17.1.s390x",
"product_id": "docker-stable-bash-completion-24.0.9_ce-17.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-17.1.s390x",
"product": {
"name": "docker-stable-buildx-0.25.0-17.1.s390x",
"product_id": "docker-stable-buildx-0.25.0-17.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-stable-fish-completion-24.0.9_ce-17.1.s390x",
"product": {
"name": "docker-stable-fish-completion-24.0.9_ce-17.1.s390x",
"product_id": "docker-stable-fish-completion-24.0.9_ce-17.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-stable-rootless-extras-24.0.9_ce-17.1.s390x",
"product": {
"name": "docker-stable-rootless-extras-24.0.9_ce-17.1.s390x",
"product_id": "docker-stable-rootless-extras-24.0.9_ce-17.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-stable-zsh-completion-24.0.9_ce-17.1.s390x",
"product": {
"name": "docker-stable-zsh-completion-24.0.9_ce-17.1.s390x",
"product_id": "docker-stable-zsh-completion-24.0.9_ce-17.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-17.1.x86_64",
"product": {
"name": "docker-stable-24.0.9_ce-17.1.x86_64",
"product_id": "docker-stable-24.0.9_ce-17.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-stable-bash-completion-24.0.9_ce-17.1.x86_64",
"product": {
"name": "docker-stable-bash-completion-24.0.9_ce-17.1.x86_64",
"product_id": "docker-stable-bash-completion-24.0.9_ce-17.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-17.1.x86_64",
"product": {
"name": "docker-stable-buildx-0.25.0-17.1.x86_64",
"product_id": "docker-stable-buildx-0.25.0-17.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-stable-fish-completion-24.0.9_ce-17.1.x86_64",
"product": {
"name": "docker-stable-fish-completion-24.0.9_ce-17.1.x86_64",
"product_id": "docker-stable-fish-completion-24.0.9_ce-17.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-stable-rootless-extras-24.0.9_ce-17.1.x86_64",
"product": {
"name": "docker-stable-rootless-extras-24.0.9_ce-17.1.x86_64",
"product_id": "docker-stable-rootless-extras-24.0.9_ce-17.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-stable-zsh-completion-24.0.9_ce-17.1.x86_64",
"product": {
"name": "docker-stable-zsh-completion-24.0.9_ce-17.1.x86_64",
"product_id": "docker-stable-zsh-completion-24.0.9_ce-17.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-17.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.aarch64"
},
"product_reference": "docker-stable-24.0.9_ce-17.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-17.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.ppc64le"
},
"product_reference": "docker-stable-24.0.9_ce-17.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-17.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.s390x"
},
"product_reference": "docker-stable-24.0.9_ce-17.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-17.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-17.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-17.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.aarch64"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-17.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-17.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.ppc64le"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-17.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-17.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.s390x"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-17.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-17.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.x86_64"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-17.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-17.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.aarch64"
},
"product_reference": "docker-stable-buildx-0.25.0-17.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-17.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.ppc64le"
},
"product_reference": "docker-stable-buildx-0.25.0-17.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-17.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.s390x"
},
"product_reference": "docker-stable-buildx-0.25.0-17.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-17.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.x86_64"
},
"product_reference": "docker-stable-buildx-0.25.0-17.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-fish-completion-24.0.9_ce-17.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.aarch64"
},
"product_reference": "docker-stable-fish-completion-24.0.9_ce-17.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-fish-completion-24.0.9_ce-17.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.ppc64le"
},
"product_reference": "docker-stable-fish-completion-24.0.9_ce-17.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-fish-completion-24.0.9_ce-17.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.s390x"
},
"product_reference": "docker-stable-fish-completion-24.0.9_ce-17.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-fish-completion-24.0.9_ce-17.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.x86_64"
},
"product_reference": "docker-stable-fish-completion-24.0.9_ce-17.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-rootless-extras-24.0.9_ce-17.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.aarch64"
},
"product_reference": "docker-stable-rootless-extras-24.0.9_ce-17.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-rootless-extras-24.0.9_ce-17.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.ppc64le"
},
"product_reference": "docker-stable-rootless-extras-24.0.9_ce-17.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-rootless-extras-24.0.9_ce-17.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.s390x"
},
"product_reference": "docker-stable-rootless-extras-24.0.9_ce-17.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-rootless-extras-24.0.9_ce-17.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.x86_64"
},
"product_reference": "docker-stable-rootless-extras-24.0.9_ce-17.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-zsh-completion-24.0.9_ce-17.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.aarch64"
},
"product_reference": "docker-stable-zsh-completion-24.0.9_ce-17.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-zsh-completion-24.0.9_ce-17.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.ppc64le"
},
"product_reference": "docker-stable-zsh-completion-24.0.9_ce-17.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-zsh-completion-24.0.9_ce-17.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.s390x"
},
"product_reference": "docker-stable-zsh-completion-24.0.9_ce-17.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-zsh-completion-24.0.9_ce-17.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.x86_64"
},
"product_reference": "docker-stable-zsh-completion-24.0.9_ce-17.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-30204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-30204"
}
],
"notes": [
{
"category": "general",
"text": "golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function\u0027s argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-30204",
"url": "https://www.suse.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "SUSE Bug 1240441 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240441"
},
{
"category": "external",
"summary": "SUSE Bug 1240442 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-30204"
},
{
"cve": "CVE-2025-58181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58181"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58181",
"url": "https://www.suse.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "SUSE Bug 1253784 for CVE-2025-58181",
"url": "https://bugzilla.suse.com/1253784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-bash-completion-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-buildx-0.25.0-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-fish-completion-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-rootless-extras-24.0.9_ce-17.1.x86_64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.aarch64",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.ppc64le",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.s390x",
"openSUSE Tumbleweed:docker-stable-zsh-completion-24.0.9_ce-17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-58181"
}
]
}
OPENSUSE-SU-2026:20132-1
Vulnerability from csaf_opensuse - Published: 2026-01-29 15:32 - Updated: 2026-01-29 15:32Summary
Security update for elemental-register, elemental-toolkit
Severity
Important
Notes
Title of the patch: Security update for elemental-register, elemental-toolkit
Description of the patch: This update for elemental-register, elemental-toolkit fixes the following issues:
elemental-register was updated to 1.8.1:
Changes on top of v1.8.1:
* Update headers to 2026
* Update questions to include SL Micro 6.2
Update to v1.8.1:
* Install yip config files in before-install step
* Bump github.com/rancher-sandbox/go-tpm and its dependencies
This includes few CVE fixes:
* bsc#1241826 (CVE-2025-22872)
* bsc#1241857 (CVE-2025-22872)
* bsc#1251511 (CVE-2025-47911)
* bsc#1251679 (CVE-2025-58190)
elemental-toolkit was updated to v2.3.2:
* Bump golang.org/x/crypto library
This includes few CVE fixes:
* bsc#1241826 (CVE-2025-22872)
* bsc#1241857 (CVE-2025-22872)
* bsc#1251511 (CVE-2025-47911)
* bsc#1251679 (CVE-2025-58190)
* bsc#1253581 (CVE-2025-47913)
* bsc#1253901 (CVE-2025-58181)
* bsc#1254079 (CVE-2025-47914)
Patchnames: openSUSE-Leap-16.0-217
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
27 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for elemental-register, elemental-toolkit",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for elemental-register, elemental-toolkit fixes the following issues:\n\nelemental-register was updated to 1.8.1:\n\nChanges on top of v1.8.1:\n\n * Update headers to 2026\n * Update questions to include SL Micro 6.2\n\nUpdate to v1.8.1:\n\n * Install yip config files in before-install step\n * Bump github.com/rancher-sandbox/go-tpm and its dependencies\n This includes few CVE fixes:\n * bsc#1241826 (CVE-2025-22872)\n * bsc#1241857 (CVE-2025-22872)\n * bsc#1251511 (CVE-2025-47911)\n * bsc#1251679 (CVE-2025-58190)\n\nelemental-toolkit was updated to v2.3.2:\n\n * Bump golang.org/x/crypto library\n This includes few CVE fixes:\n * bsc#1241826 (CVE-2025-22872)\n * bsc#1241857 (CVE-2025-22872)\n * bsc#1251511 (CVE-2025-47911)\n * bsc#1251679 (CVE-2025-58190)\n * bsc#1253581 (CVE-2025-47913)\n * bsc#1253901 (CVE-2025-58181)\n * bsc#1254079 (CVE-2025-47914)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-217",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20132-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1241826",
"url": "https://bugzilla.suse.com/1241826"
},
{
"category": "self",
"summary": "SUSE Bug 1241857",
"url": "https://bugzilla.suse.com/1241857"
},
{
"category": "self",
"summary": "SUSE Bug 1251511",
"url": "https://bugzilla.suse.com/1251511"
},
{
"category": "self",
"summary": "SUSE Bug 1251679",
"url": "https://bugzilla.suse.com/1251679"
},
{
"category": "self",
"summary": "SUSE Bug 1253581",
"url": "https://bugzilla.suse.com/1253581"
},
{
"category": "self",
"summary": "SUSE Bug 1253901",
"url": "https://bugzilla.suse.com/1253901"
},
{
"category": "self",
"summary": "SUSE Bug 1254079",
"url": "https://bugzilla.suse.com/1254079"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22872 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58190 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58190/"
}
],
"title": "Security update for elemental-register, elemental-toolkit",
"tracking": {
"current_release_date": "2026-01-29T15:32:26Z",
"generator": {
"date": "2026-01-29T15:32:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20132-1",
"initial_release_date": "2026-01-29T15:32:26Z",
"revision_history": [
{
"date": "2026-01-29T15:32:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "elemental-register-1.8.1-160000.1.1.aarch64",
"product": {
"name": "elemental-register-1.8.1-160000.1.1.aarch64",
"product_id": "elemental-register-1.8.1-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "elemental-support-1.8.1-160000.1.1.aarch64",
"product": {
"name": "elemental-support-1.8.1-160000.1.1.aarch64",
"product_id": "elemental-support-1.8.1-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "elemental-toolkit-2.3.2-160000.1.1.aarch64",
"product": {
"name": "elemental-toolkit-2.3.2-160000.1.1.aarch64",
"product_id": "elemental-toolkit-2.3.2-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"product": {
"name": "elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"product_id": "elemental-toolkit-2.3.2-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "elemental-toolkit-2.3.2-160000.1.1.s390x",
"product": {
"name": "elemental-toolkit-2.3.2-160000.1.1.s390x",
"product_id": "elemental-toolkit-2.3.2-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "elemental-register-1.8.1-160000.1.1.x86_64",
"product": {
"name": "elemental-register-1.8.1-160000.1.1.x86_64",
"product_id": "elemental-register-1.8.1-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "elemental-support-1.8.1-160000.1.1.x86_64",
"product": {
"name": "elemental-support-1.8.1-160000.1.1.x86_64",
"product_id": "elemental-support-1.8.1-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "elemental-toolkit-2.3.2-160000.1.1.x86_64",
"product": {
"name": "elemental-toolkit-2.3.2-160000.1.1.x86_64",
"product_id": "elemental-toolkit-2.3.2-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-register-1.8.1-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64"
},
"product_reference": "elemental-register-1.8.1-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-register-1.8.1-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64"
},
"product_reference": "elemental-register-1.8.1-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-support-1.8.1-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64"
},
"product_reference": "elemental-support-1.8.1-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-support-1.8.1-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64"
},
"product_reference": "elemental-support-1.8.1-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-toolkit-2.3.2-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64"
},
"product_reference": "elemental-toolkit-2.3.2-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-toolkit-2.3.2-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le"
},
"product_reference": "elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-toolkit-2.3.2-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x"
},
"product_reference": "elemental-toolkit-2.3.2-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-toolkit-2.3.2-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
},
"product_reference": "elemental-toolkit-2.3.2-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22872"
}
],
"notes": [
{
"category": "general",
"text": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22872",
"url": "https://www.suse.com/security/cve/CVE-2025-22872"
},
{
"category": "external",
"summary": "SUSE Bug 1241710 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1241710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-29T15:32:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-22872"
},
{
"cve": "CVE-2025-47911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47911"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47911",
"url": "https://www.suse.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "SUSE Bug 1251308 for CVE-2025-47911",
"url": "https://bugzilla.suse.com/1251308"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-29T15:32:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-47911"
},
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-29T15:32:26Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2025-47914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47914"
}
],
"notes": [
{
"category": "general",
"text": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47914",
"url": "https://www.suse.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "SUSE Bug 1253967 for CVE-2025-47914",
"url": "https://bugzilla.suse.com/1253967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-29T15:32:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-47914"
},
{
"cve": "CVE-2025-58181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58181"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58181",
"url": "https://www.suse.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "SUSE Bug 1253784 for CVE-2025-58181",
"url": "https://bugzilla.suse.com/1253784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-29T15:32:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-58181"
},
{
"cve": "CVE-2025-58190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58190"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58190",
"url": "https://www.suse.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "SUSE Bug 1251309 for CVE-2025-58190",
"url": "https://bugzilla.suse.com/1251309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-29T15:32:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-58190"
}
]
}
OPENSUSE-SU-2026:20249-1
Vulnerability from csaf_opensuse - Published: 2026-02-18 09:41 - Updated: 2026-02-18 09:41Summary
Security update for docker
Severity
Moderate
Notes
Title of the patch: Security update for docker
Description of the patch: This update for docker fixes the following issues:
- CVE-2025-58181: not validating the number of mechanisms can cause unlimited memory consumption (bsc#1253904).
Patchnames: openSUSE-Leap-16.0-294
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-bash-completion-28.5.1_ce-160000.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-fish-completion-28.5.1_ce-160000.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-rootless-extras-28.5.1_ce-160000.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-zsh-completion-28.5.1_ce-160000.5.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
6 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for docker",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for docker fixes the following issues:\n\n- CVE-2025-58181: not validating the number of mechanisms can cause unlimited memory consumption (bsc#1253904).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-294",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20249-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1253904",
"url": "https://bugzilla.suse.com/1253904"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58181/"
}
],
"title": "Security update for docker",
"tracking": {
"current_release_date": "2026-02-18T09:41:33Z",
"generator": {
"date": "2026-02-18T09:41:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20249-1",
"initial_release_date": "2026-02-18T09:41:33Z",
"revision_history": [
{
"date": "2026-02-18T09:41:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-28.5.1_ce-160000.5.1.aarch64",
"product": {
"name": "docker-28.5.1_ce-160000.5.1.aarch64",
"product_id": "docker-28.5.1_ce-160000.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-buildx-0.29.0-160000.5.1.aarch64",
"product": {
"name": "docker-buildx-0.29.0-160000.5.1.aarch64",
"product_id": "docker-buildx-0.29.0-160000.5.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-bash-completion-28.5.1_ce-160000.5.1.noarch",
"product": {
"name": "docker-bash-completion-28.5.1_ce-160000.5.1.noarch",
"product_id": "docker-bash-completion-28.5.1_ce-160000.5.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-fish-completion-28.5.1_ce-160000.5.1.noarch",
"product": {
"name": "docker-fish-completion-28.5.1_ce-160000.5.1.noarch",
"product_id": "docker-fish-completion-28.5.1_ce-160000.5.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-rootless-extras-28.5.1_ce-160000.5.1.noarch",
"product": {
"name": "docker-rootless-extras-28.5.1_ce-160000.5.1.noarch",
"product_id": "docker-rootless-extras-28.5.1_ce-160000.5.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-28.5.1_ce-160000.5.1.noarch",
"product": {
"name": "docker-zsh-completion-28.5.1_ce-160000.5.1.noarch",
"product_id": "docker-zsh-completion-28.5.1_ce-160000.5.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-28.5.1_ce-160000.5.1.ppc64le",
"product": {
"name": "docker-28.5.1_ce-160000.5.1.ppc64le",
"product_id": "docker-28.5.1_ce-160000.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-buildx-0.29.0-160000.5.1.ppc64le",
"product": {
"name": "docker-buildx-0.29.0-160000.5.1.ppc64le",
"product_id": "docker-buildx-0.29.0-160000.5.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-28.5.1_ce-160000.5.1.s390x",
"product": {
"name": "docker-28.5.1_ce-160000.5.1.s390x",
"product_id": "docker-28.5.1_ce-160000.5.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-buildx-0.29.0-160000.5.1.s390x",
"product": {
"name": "docker-buildx-0.29.0-160000.5.1.s390x",
"product_id": "docker-buildx-0.29.0-160000.5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-28.5.1_ce-160000.5.1.x86_64",
"product": {
"name": "docker-28.5.1_ce-160000.5.1.x86_64",
"product_id": "docker-28.5.1_ce-160000.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-buildx-0.29.0-160000.5.1.x86_64",
"product": {
"name": "docker-buildx-0.29.0-160000.5.1.x86_64",
"product_id": "docker-buildx-0.29.0-160000.5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-28.5.1_ce-160000.5.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.aarch64"
},
"product_reference": "docker-28.5.1_ce-160000.5.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-28.5.1_ce-160000.5.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.ppc64le"
},
"product_reference": "docker-28.5.1_ce-160000.5.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-28.5.1_ce-160000.5.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.s390x"
},
"product_reference": "docker-28.5.1_ce-160000.5.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-28.5.1_ce-160000.5.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.x86_64"
},
"product_reference": "docker-28.5.1_ce-160000.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-28.5.1_ce-160000.5.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-bash-completion-28.5.1_ce-160000.5.1.noarch"
},
"product_reference": "docker-bash-completion-28.5.1_ce-160000.5.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-buildx-0.29.0-160000.5.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.aarch64"
},
"product_reference": "docker-buildx-0.29.0-160000.5.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-buildx-0.29.0-160000.5.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.ppc64le"
},
"product_reference": "docker-buildx-0.29.0-160000.5.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-buildx-0.29.0-160000.5.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.s390x"
},
"product_reference": "docker-buildx-0.29.0-160000.5.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-buildx-0.29.0-160000.5.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.x86_64"
},
"product_reference": "docker-buildx-0.29.0-160000.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-fish-completion-28.5.1_ce-160000.5.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-fish-completion-28.5.1_ce-160000.5.1.noarch"
},
"product_reference": "docker-fish-completion-28.5.1_ce-160000.5.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-rootless-extras-28.5.1_ce-160000.5.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-rootless-extras-28.5.1_ce-160000.5.1.noarch"
},
"product_reference": "docker-rootless-extras-28.5.1_ce-160000.5.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-zsh-completion-28.5.1_ce-160000.5.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-zsh-completion-28.5.1_ce-160000.5.1.noarch"
},
"product_reference": "docker-zsh-completion-28.5.1_ce-160000.5.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-58181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58181"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.aarch64",
"openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.ppc64le",
"openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.s390x",
"openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.x86_64",
"openSUSE Leap 16.0:docker-bash-completion-28.5.1_ce-160000.5.1.noarch",
"openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.s390x",
"openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:docker-fish-completion-28.5.1_ce-160000.5.1.noarch",
"openSUSE Leap 16.0:docker-rootless-extras-28.5.1_ce-160000.5.1.noarch",
"openSUSE Leap 16.0:docker-zsh-completion-28.5.1_ce-160000.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58181",
"url": "https://www.suse.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "SUSE Bug 1253784 for CVE-2025-58181",
"url": "https://bugzilla.suse.com/1253784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.aarch64",
"openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.ppc64le",
"openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.s390x",
"openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.x86_64",
"openSUSE Leap 16.0:docker-bash-completion-28.5.1_ce-160000.5.1.noarch",
"openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.s390x",
"openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:docker-fish-completion-28.5.1_ce-160000.5.1.noarch",
"openSUSE Leap 16.0:docker-rootless-extras-28.5.1_ce-160000.5.1.noarch",
"openSUSE Leap 16.0:docker-zsh-completion-28.5.1_ce-160000.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.aarch64",
"openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.ppc64le",
"openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.s390x",
"openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.x86_64",
"openSUSE Leap 16.0:docker-bash-completion-28.5.1_ce-160000.5.1.noarch",
"openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.s390x",
"openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:docker-fish-completion-28.5.1_ce-160000.5.1.noarch",
"openSUSE Leap 16.0:docker-rootless-extras-28.5.1_ce-160000.5.1.noarch",
"openSUSE Leap 16.0:docker-zsh-completion-28.5.1_ce-160000.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-18T09:41:33Z",
"details": "moderate"
}
],
"title": "CVE-2025-58181"
}
]
}
OPENSUSE-SU-2026:20366-1
Vulnerability from csaf_opensuse - Published: 2026-03-16 15:57 - Updated: 2026-03-16 15:57Summary
Security update for docker-stable
Severity
Important
Notes
Title of the patch: Security update for docker-stable
Description of the patch: This update for docker-stable fixes the following issues:
- CVE-2025-58181: Fixed unbounded memory consumption. (bsc#1253904)
- CVE-2025-30204: Fixed a bug in jwt-go which allows excessive memory allocation during header parsing. (bsc#1240513)
Patchnames: openSUSE-Leap-16.0-389
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for docker-stable",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for docker-stable fixes the following issues:\n\n- CVE-2025-58181: Fixed unbounded memory consumption. (bsc#1253904)\n- CVE-2025-30204: Fixed a bug in jwt-go which allows excessive memory allocation during header parsing. (bsc#1240513)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-389",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20366-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1240513",
"url": "https://bugzilla.suse.com/1240513"
},
{
"category": "self",
"summary": "SUSE Bug 1253904",
"url": "https://bugzilla.suse.com/1253904"
},
{
"category": "self",
"summary": "SUSE Bug 1254206",
"url": "https://bugzilla.suse.com/1254206"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-30204 page",
"url": "https://www.suse.com/security/cve/CVE-2025-30204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58181/"
}
],
"title": "Security update for docker-stable",
"tracking": {
"current_release_date": "2026-03-16T15:57:03Z",
"generator": {
"date": "2026-03-16T15:57:03Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20366-1",
"initial_release_date": "2026-03-16T15:57:03Z",
"revision_history": [
{
"date": "2026-03-16T15:57:03Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-160000.4.1.aarch64",
"product": {
"name": "docker-stable-24.0.9_ce-160000.4.1.aarch64",
"product_id": "docker-stable-24.0.9_ce-160000.4.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-160000.4.1.aarch64",
"product": {
"name": "docker-stable-buildx-0.25.0-160000.4.1.aarch64",
"product_id": "docker-stable-buildx-0.25.0-160000.4.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch",
"product": {
"name": "docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch",
"product_id": "docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch",
"product": {
"name": "docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch",
"product_id": "docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch",
"product": {
"name": "docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch",
"product_id": "docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch",
"product": {
"name": "docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch",
"product_id": "docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-160000.4.1.ppc64le",
"product": {
"name": "docker-stable-24.0.9_ce-160000.4.1.ppc64le",
"product_id": "docker-stable-24.0.9_ce-160000.4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-160000.4.1.ppc64le",
"product": {
"name": "docker-stable-buildx-0.25.0-160000.4.1.ppc64le",
"product_id": "docker-stable-buildx-0.25.0-160000.4.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-160000.4.1.s390x",
"product": {
"name": "docker-stable-24.0.9_ce-160000.4.1.s390x",
"product_id": "docker-stable-24.0.9_ce-160000.4.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-160000.4.1.s390x",
"product": {
"name": "docker-stable-buildx-0.25.0-160000.4.1.s390x",
"product_id": "docker-stable-buildx-0.25.0-160000.4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-160000.4.1.x86_64",
"product": {
"name": "docker-stable-24.0.9_ce-160000.4.1.x86_64",
"product_id": "docker-stable-24.0.9_ce-160000.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-160000.4.1.x86_64",
"product": {
"name": "docker-stable-buildx-0.25.0-160000.4.1.x86_64",
"product_id": "docker-stable-buildx-0.25.0-160000.4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-160000.4.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.aarch64"
},
"product_reference": "docker-stable-24.0.9_ce-160000.4.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-160000.4.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.ppc64le"
},
"product_reference": "docker-stable-24.0.9_ce-160000.4.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-160000.4.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.s390x"
},
"product_reference": "docker-stable-24.0.9_ce-160000.4.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-160000.4.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-160000.4.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-160000.4.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.aarch64"
},
"product_reference": "docker-stable-buildx-0.25.0-160000.4.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-160000.4.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.ppc64le"
},
"product_reference": "docker-stable-buildx-0.25.0-160000.4.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-160000.4.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.s390x"
},
"product_reference": "docker-stable-buildx-0.25.0-160000.4.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-160000.4.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.x86_64"
},
"product_reference": "docker-stable-buildx-0.25.0-160000.4.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch"
},
"product_reference": "docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch"
},
"product_reference": "docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch"
},
"product_reference": "docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-30204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-30204"
}
],
"notes": [
{
"category": "general",
"text": "golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function\u0027s argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-30204",
"url": "https://www.suse.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "SUSE Bug 1240441 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240441"
},
{
"category": "external",
"summary": "SUSE Bug 1240442 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-16T15:57:03Z",
"details": "important"
}
],
"title": "CVE-2025-30204"
},
{
"cve": "CVE-2025-58181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58181"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58181",
"url": "https://www.suse.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "SUSE Bug 1253784 for CVE-2025-58181",
"url": "https://bugzilla.suse.com/1253784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-16T15:57:03Z",
"details": "moderate"
}
],
"title": "CVE-2025-58181"
}
]
}
RHSA-2026:15979
Vulnerability from csaf_redhat - Published: 2026-05-11 11:23 - Updated: 2026-06-07 21:40Summary
Red Hat Security Advisory: Red Hat Ceph Storage
Severity
Important
Notes
Topic: A new version of Red Hat build of Ceph Storage has been released
Details: The Red Hat Storage Ceph container images are based on the latest ubi9 base image and Ceph 8.1.
This release updates to the latest version.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the email to the attacker's external address instead of the intended internal recipient. This could lead to a significant data leak of sensitive information and allow an attacker to bypass security filters and access controls.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in the SSH Agent servers component (golang.org/x/crypto/ssh/agent). This vulnerability allows a remote attacker to cause a denial of service (DoS) by sending a specially crafted, malformed message during new identity requests. The server fails to validate the size of these messages, leading to an out-of-bounds read that can cause the program to panic and terminate.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64 | — |
Vendor Fix
fix
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in golang.org/x/crypto/ssh. An attacker can exploit this vulnerability by sending specially crafted GSSAPI (Generic Security Service Application Program Interface) authentication requests to an SSH (Secure Shell) server. The server fails to validate the number of mechanisms specified in these requests, leading to unbounded memory consumption. This can result in a Denial of Service (DoS), making the SSH server unavailable to legitimate users.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64 | — |
Vendor Fix
fix
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le | — |
Threats
Impact
Moderate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64 | — |
Vendor Fix
fix
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le | — |
Threats
Impact
Important
A prototype pollution flaw has been discovered in the js-yaml npm library. It's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (__proto__). All users who parse untrusted yaml documents may be impacted.
5.3 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service (DoS) via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic and application crash.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
24 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le | — |
Workaround
|
Threats
Impact
Important
References
59 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new version of Red Hat build of Ceph Storage has been released",
"title": "Topic"
},
{
"category": "general",
"text": "The Red Hat Storage Ceph container images are based on the latest ubi9 base image and Ceph 8.1.\nThis release updates to the latest version.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:15979",
"url": "https://access.redhat.com/errata/RHSA-2026:15979"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-13033",
"url": "https://access.redhat.com/security/cve/CVE-2025-13033"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47914",
"url": "https://access.redhat.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58181",
"url": "https://access.redhat.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64718",
"url": "https://access.redhat.com/security/cve/CVE-2025-64718"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64756",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68156",
"url": "https://access.redhat.com/security/cve/CVE-2025-68156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_ceph_storage/",
"url": "https://docs.redhat.com/en/documentation/red_hat_ceph_storage/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_15979.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ceph Storage",
"tracking": {
"current_release_date": "2026-06-07T21:40:36+00:00",
"generator": {
"date": "2026-06-07T21:40:36+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2026:15979",
"initial_release_date": "2026-05-11T11:23:46+00:00",
"revision_history": [
{
"date": "2026-05-11T11:23:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-11T11:23:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-07T21:40:36+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ceph Storage 8.1",
"product": {
"name": "Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ceph_storage:8.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ceph Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256%3A3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566546"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566519"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256%3A2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566772"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"product": {
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"product_id": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oauth2-proxy-rhel9@sha256%3A9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566148"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3Ae0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566201"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"product_id": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256%3Ab2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1778049929"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256%3A808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777567370"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
"product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256%3Ac27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566546"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566519"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256%3Aaeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566772"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"product": {
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"product_id": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oauth2-proxy-rhel9@sha256%3Af76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566148"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3A3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566201"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"product_id": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256%3Af7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1778049929"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256%3A7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777567370"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256%3Aa6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566546"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566519"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256%3Afa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566772"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"product": {
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"product_id": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oauth2-proxy-rhel9@sha256%3A0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566148"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3A28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566201"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"product_id": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256%3A5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1778049929"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256%3A5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777567370"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256%3A67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566546"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566519"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256%3A02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566772"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"product_id": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oauth2-proxy-rhel9@sha256%3A1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566148"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3Acbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566201"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"product_id": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256%3Adf6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1778049929"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256%3Abf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777567370"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64 as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64 as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64 as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64 as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x"
},
"product_reference": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64 as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64"
},
"product_reference": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64 as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64"
},
"product_reference": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64 as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64 as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64 as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64 as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64 as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64 as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64 as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64 as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-13033",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-10-07T15:03:14.483722+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2402179"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the email to the attacker\u0027s external address instead of the intended internal recipient. This could lead to a significant data leak of sensitive information and allow an attacker to bypass security filters and access controls.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodemailer: Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability allows an attacker to force nodemailer to send an email to an attacker-owned email address by leveraging the incorrect handling of quoted local-parts containing the \u0027@\u0027 character in the destination email address. When successfully exploited, this vulnerability may allow an attacker to exfiltrate data by misrouting emails to an unintended domain, presenting a high impact on data confidentiality.\n\nThis vulnerability has been assessed as having a Moderate impact on Red Hat Products by the Red Hat Product Security team. This is because for an attacker successfully exploit this vulnerability, the malicious actor needs to have direct control over the destination email input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
],
"known_not_affected": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13033"
},
{
"category": "external",
"summary": "RHBZ#2402179",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402179"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13033",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13033"
},
{
"category": "external",
"summary": "https://github.com/nodemailer/nodemailer",
"url": "https://github.com/nodemailer/nodemailer"
},
{
"category": "external",
"summary": "https://github.com/nodemailer/nodemailer/commit/1150d99fba77280df2cfb1885c43df23109a8626",
"url": "https://github.com/nodemailer/nodemailer/commit/1150d99fba77280df2cfb1885c43df23109a8626"
},
{
"category": "external",
"summary": "https://github.com/nodemailer/nodemailer/security/advisories/GHSA-mm7p-fcc7-pg87",
"url": "https://github.com/nodemailer/nodemailer/security/advisories/GHSA-mm7p-fcc7-pg87"
}
],
"release_date": "2025-10-07T13:42:02+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T11:23:46+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:15979"
},
{
"category": "workaround",
"details": "Currently there\u0027s no available mitigation for this flaw.",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodemailer: Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict"
},
{
"cve": "CVE-2025-47914",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-19T21:01:06.202641+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416000"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SSH Agent servers component (golang.org/x/crypto/ssh/agent). This vulnerability allows a remote attacker to cause a denial of service (DoS) by sending a specially crafted, malformed message during new identity requests. The server fails to validate the size of these messages, leading to an out-of-bounds read that can cause the program to panic and terminate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. The golang.org/x/crypto/ssh/agent library, when used in SSH Agent servers, does not properly validate the size of messages during new identity requests. A specially crafted malformed message can lead to an out-of-bounds read, causing the program to panic and resulting in a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
],
"known_not_affected": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "RHBZ#2416000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47914"
},
{
"category": "external",
"summary": "https://go.dev/cl/721960",
"url": "https://go.dev/cl/721960"
},
{
"category": "external",
"summary": "https://go.dev/issue/76364",
"url": "https://go.dev/issue/76364"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
"url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4135",
"url": "https://pkg.go.dev/vuln/GO-2025-4135"
}
],
"release_date": "2025-11-19T20:33:43.126000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T11:23:46+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:15979"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages"
},
{
"cve": "CVE-2025-58181",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-11-19T21:00:50.197590+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2415997"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. An attacker can exploit this vulnerability by sending specially crafted GSSAPI (Generic Security Service Application Program Interface) authentication requests to an SSH (Secure Shell) server. The server fails to validate the number of mechanisms specified in these requests, leading to unbounded memory consumption. This can result in a Denial of Service (DoS), making the SSH server unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. SSH servers utilizing `golang.org/x/crypto/ssh` and configured to process GSSAPI authentication requests are susceptible to unbounded memory consumption. An attacker can exploit this by sending specially crafted GSSAPI authentication requests, potentially leading to a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
],
"known_not_affected": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "RHBZ#2415997",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415997"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181"
},
{
"category": "external",
"summary": "https://go.dev/cl/721961",
"url": "https://go.dev/cl/721961"
},
{
"category": "external",
"summary": "https://go.dev/issue/76363",
"url": "https://go.dev/issue/76363"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
"url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4134",
"url": "https://pkg.go.dev/vuln/GO-2025-4134"
}
],
"release_date": "2025-11-19T20:33:42.795000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T11:23:46+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:15979"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
],
"known_not_affected": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T11:23:46+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:15979"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-64718",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2025-11-13T16:01:24.744054+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2414854"
}
],
"notes": [
{
"category": "description",
"text": "A prototype pollution flaw has been discovered in the js-yaml npm library. It\u0027s possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (__proto__). All users who parse untrusted yaml documents may be impacted.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "js-yaml: js-yaml prototype pollution in merge",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
],
"known_not_affected": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64718"
},
{
"category": "external",
"summary": "RHBZ#2414854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414854"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64718"
},
{
"category": "external",
"summary": "https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879",
"url": "https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879"
},
{
"category": "external",
"summary": "https://github.com/nodeca/js-yaml/security/advisories/GHSA-mh29-5h37-fv8m",
"url": "https://github.com/nodeca/js-yaml/security/advisories/GHSA-mh29-5h37-fv8m"
}
],
"release_date": "2025-11-13T15:32:44.634000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T11:23:46+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:15979"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "js-yaml: js-yaml prototype pollution in merge"
},
{
"cve": "CVE-2025-64756",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2025-11-17T18:01:28.077927+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2415451"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glob: glob: Command Injection Vulnerability via Malicious Filenames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in glob allows arbitrary command execution when the `glob` command-line interface is used with the `-c/--cmd` option to process files with malicious names. The vulnerability is triggered by shell metacharacters in filenames, leading to command injection. The glob CLI tool utilizes the -c option to execute shell commands over the files which matched the searched pattern by using the shell:true parameter when creating the subprocess which will further execute the command informed via \u0027-c\u0027 option, this parameter allows the shell meta characters to be used and processed when executing the command. Given that information glob misses to sanitize the file name to eliminate such characters and expressions from the filename, leading to code execution as when performing the shell expansion such characters will be interpreted as shell commands.\n\nTo exploit this vulnerability the targeted system should run the glob CLI over a file with a maliciously crafted filename, additionally the attacker needs to have enough permission to create such file or trick the user to download and process the required file with the glob CLI.\n\nThis flaw is present in the command line interface of the nodejs-glob package. When the package is used by npm, the command line interface is not used at all, so it cannot be triggered. However, the command line interface implementation is still present on the system, but not directly exposed to the user\u0027s $PATH. To reflect this condition, nodejs packages have been rated with a low severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
],
"known_not_affected": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "RHBZ#2415451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415451"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146",
"url": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2",
"url": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2"
}
],
"release_date": "2025-11-17T17:29:08.029000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T11:23:46+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:15979"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using the `glob` command-line interface with the `-c` or `--cmd` option when processing filenames from untrusted sources. If programmatic use of `glob` is necessary, ensure that filenames are thoroughly sanitized before being passed to commands executed with shell interpretation enabled.",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "glob: glob: Command Injection Vulnerability via Malicious Filenames"
},
{
"cve": "CVE-2025-68156",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-16T19:01:42.049157+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2422891"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service (DoS) via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic and application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products utilizing the `Expr` Go library because it can lead to a denial-of-service. Exploitation requires an application to evaluate expressions against untrusted or insufficiently validated data structures containing deeply nested or cyclic references, which can cause a stack overflow and application crash. Products that do not process untrusted input with `Expr` are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
],
"known_not_affected": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68156"
},
{
"category": "external",
"summary": "RHBZ#2422891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422891"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68156",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68156"
},
{
"category": "external",
"summary": "https://github.com/expr-lang/expr/pull/870",
"url": "https://github.com/expr-lang/expr/pull/870"
},
{
"category": "external",
"summary": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6",
"url": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6"
}
],
"release_date": "2025-12-16T18:24:11.648000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T11:23:46+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:15979"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications using the `Expr` library should ensure that evaluation environments do not contain cyclic references. Additionally, externally supplied data structures must be validated or sanitized before being passed to `Expr` for evaluation. As a last-resort defensive measure, expression evaluation can be wrapped with panic recovery to prevent a full process crash.",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…