SUSE-SU-2026:2609-1
Vulnerability from csaf_suse - Published: 2026-06-24 08:46 - Updated: 2026-06-24 08:46Summary
Security update for apptainer
Severity
Important
Notes
Title of the patch: Security update for apptainer
Description of the patch: This update for apptainer fixes the following issues
- CVE-2026-24137: github.com/sigstore/sigstore/pkg/tuf: legacy TUF client allows for arbitrary file writes with target
cache path traversal (bsc#1264177).
- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo-
header (bsc#1260311).
- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE
(bsc#1265844).
- CVE-2026-34986: github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: crafted JWE input with a missing
encrypted key can lead to a denial of service (bsc#1262956).
- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation
bypass and privilege escalation (bsc#1266656).
- CVE-2026-39827: memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh
(bsc#1266202).
- CVE-2026-39828: bypass of certificate restrictions in golang.org/x/crypto/ssh (bsc#1266202).
- CVE-2026-39829: pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh (bsc#1266202).
- CVE-2026-39830: client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh
(bsc#1266202).
- CVE-2026-39831: bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh
(bsc#1266202).
- CVE-2026-39832: agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent
(bsc#1266202).
- CVE-2026-39833: key constraints not enforced in golang.org/x/crypto/ssh/agent (bsc#1266202).
- CVE-2026-39834: infinite loop on large channel writes in golang.org/x/crypto/ssh (bsc#1266202).
- CVE-2026-39835: server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh (bsc#1266202).
- CVE-2026-42508: auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts
(bsc#1266202).
- CVE-2026-46595: VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh
(bsc#1266202).
- CVE-2026-46597: byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh (bsc#1266202).
- CVE-2026-46598: pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent (bsc#1266202).
- CVE-2026-48785: incorrect path matching for limit container paths directive (bsc#1267982).
Changes for apptainer:
- Update apptainer to version v1.5.1
* Work around segmentation fault sometimes seen while `mksquashfs`
under proot is creating a SIF file.
* Update bundled PRoot to version 5.4.0-rootless.3 in order to
fix a problem where SIF files could be corrupted when
`mksquashfs` died with a signal. The proot command was not
passing back an error exit code.
* Updated bundled `squashfuse_ll` to version 0.6.2 in order to
fix a crash sometimes seen with apptainer in unprivileged
docker.
* Update bundled fuse2fs to version 1.47.4 instead of patching
the bugs in 1.47.3.
* Fix a crash that happened when `/etc/resolv.conf` was a
symlink while building from a definition file using the
localimage bootstrap.
* Support hosts that have an /etc/resolv.conf symlink pointing
to `../run` in addition to `/run`.
* Change the download-dependencies script to skip downloading
the PRoot source code on architectures that it is known to
not support (that is: ppc*, s390*, and riscv*).
In those situations Apptainer will skip trying to compile
and run proot. As a result original owners and groups of
files will not be preserved in SIF images built by
unprivileged users, as was the case for all architectures
prior to 1.5.0.
* Fix panic encountered during progress bar update while
pulling image.
* Fix fakeroot overwriting root's username in `/etc/passwd`
with the host user's name, a regression introduced in v1.5.0.
* Add nonested flag for --mount specifications to prevent
individual bind mounts from being passed to nested containers
via `APPTAINER_BIND`.
Patchnames: SUSE-2026-2609,SUSE-SLE-Module-HPC-15-SP7-2026-2609,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2609
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.3 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
8.1 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
8.4 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.7 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
4.8 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
70 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apptainer",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for apptainer fixes the following issues\n\n- CVE-2026-24137: github.com/sigstore/sigstore/pkg/tuf: legacy TUF client allows for arbitrary file writes with target\n cache path traversal (bsc#1264177).\n- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo-\n header (bsc#1260311).\n- CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE\n (bsc#1265844).\n- CVE-2026-34986: github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: crafted JWE input with a missing\n encrypted key can lead to a denial of service (bsc#1262956).\n- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation\n bypass and privilege escalation (bsc#1266656).\n- CVE-2026-39827: memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh\n (bsc#1266202).\n- CVE-2026-39828: bypass of certificate restrictions in golang.org/x/crypto/ssh (bsc#1266202).\n- CVE-2026-39829: pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh (bsc#1266202).\n- CVE-2026-39830: client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh\n (bsc#1266202).\n- CVE-2026-39831: bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh\n (bsc#1266202).\n- CVE-2026-39832: agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent\n (bsc#1266202).\n- CVE-2026-39833: key constraints not enforced in golang.org/x/crypto/ssh/agent (bsc#1266202).\n- CVE-2026-39834: infinite loop on large channel writes in golang.org/x/crypto/ssh (bsc#1266202).\n- CVE-2026-39835: server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh (bsc#1266202).\n- CVE-2026-42508: auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts\n (bsc#1266202).\n- CVE-2026-46595: VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh\n (bsc#1266202).\n- CVE-2026-46597: byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh (bsc#1266202).\n- CVE-2026-46598: pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent (bsc#1266202). \n- CVE-2026-48785: incorrect path matching for limit container paths directive (bsc#1267982).\n\nChanges for apptainer:\n\n- Update apptainer to version v1.5.1\n \n * Work around segmentation fault sometimes seen while `mksquashfs`\n under proot is creating a SIF file.\n * Update bundled PRoot to version 5.4.0-rootless.3 in order to\n fix a problem where SIF files could be corrupted when\n `mksquashfs` died with a signal. The proot command was not\n passing back an error exit code.\n * Updated bundled `squashfuse_ll` to version 0.6.2 in order to\n fix a crash sometimes seen with apptainer in unprivileged\n docker.\n * Update bundled fuse2fs to version 1.47.4 instead of patching\n the bugs in 1.47.3.\n * Fix a crash that happened when `/etc/resolv.conf` was a\n symlink while building from a definition file using the\n localimage bootstrap.\n * Support hosts that have an /etc/resolv.conf symlink pointing\n to `../run` in addition to `/run`.\n * Change the download-dependencies script to skip downloading\n the PRoot source code on architectures that it is known to\n not support (that is: ppc*, s390*, and riscv*).\n In those situations Apptainer will skip trying to compile\n and run proot. As a result original owners and groups of\n files will not be preserved in SIF images built by\n unprivileged users, as was the case for all architectures\n prior to 1.5.0.\n * Fix panic encountered during progress bar update while\n pulling image.\n * Fix fakeroot overwriting root\u0027s username in `/etc/passwd`\n with the host user\u0027s name, a regression introduced in v1.5.0.\n * Add nonested flag for --mount specifications to prevent\n individual bind mounts from being passed to nested containers\n via `APPTAINER_BIND`.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-2609,SUSE-SLE-Module-HPC-15-SP7-2026-2609,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2609",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_2609-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:2609-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262609-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:2609-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047611.html"
},
{
"category": "self",
"summary": "SUSE Bug 1260311",
"url": "https://bugzilla.suse.com/1260311"
},
{
"category": "self",
"summary": "SUSE Bug 1262956",
"url": "https://bugzilla.suse.com/1262956"
},
{
"category": "self",
"summary": "SUSE Bug 1264177",
"url": "https://bugzilla.suse.com/1264177"
},
{
"category": "self",
"summary": "SUSE Bug 1265844",
"url": "https://bugzilla.suse.com/1265844"
},
{
"category": "self",
"summary": "SUSE Bug 1266202",
"url": "https://bugzilla.suse.com/1266202"
},
{
"category": "self",
"summary": "SUSE Bug 1266656",
"url": "https://bugzilla.suse.com/1266656"
},
{
"category": "self",
"summary": "SUSE Bug 1267982",
"url": "https://bugzilla.suse.com/1267982"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-24137 page",
"url": "https://www.suse.com/security/cve/CVE-2026-24137/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33186 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-34986 page",
"url": "https://www.suse.com/security/cve/CVE-2026-34986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39827 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39828 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39829 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39830 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39831 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39832 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39833 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39834 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39835 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42508 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46595 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46595/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46597 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46598 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46598/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-48785 page",
"url": "https://www.suse.com/security/cve/CVE-2026-48785/"
}
],
"title": "Security update for apptainer",
"tracking": {
"current_release_date": "2026-06-24T08:46:20Z",
"generator": {
"date": "2026-06-24T08:46:20Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:2609-1",
"initial_release_date": "2026-06-24T08:46:20Z",
"revision_history": [
{
"date": "2026-06-24T08:46:20Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apptainer-1.5.1-150600.4.24.1.aarch64",
"product": {
"name": "apptainer-1.5.1-150600.4.24.1.aarch64",
"product_id": "apptainer-1.5.1-150600.4.24.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "apptainer-leap-1.5.1-150600.4.24.1.noarch",
"product": {
"name": "apptainer-leap-1.5.1-150600.4.24.1.noarch",
"product_id": "apptainer-leap-1.5.1-150600.4.24.1.noarch"
}
},
{
"category": "product_version",
"name": "apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"product": {
"name": "apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"product_id": "apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
}
},
{
"category": "product_version",
"name": "apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"product": {
"name": "apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"product_id": "apptainer-sle15_7-1.5.1-150600.4.24.1.noarch"
}
},
{
"category": "product_version",
"name": "apptainer-sle16-1.5.1-150600.4.24.1.noarch",
"product": {
"name": "apptainer-sle16-1.5.1-150600.4.24.1.noarch",
"product_id": "apptainer-sle16-1.5.1-150600.4.24.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "apptainer-1.5.1-150600.4.24.1.x86_64",
"product": {
"name": "apptainer-1.5.1-150600.4.24.1.x86_64",
"product_id": "apptainer-1.5.1-150600.4.24.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for HPC 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for HPC 15 SP7",
"product_id": "SUSE Linux Enterprise Module for HPC 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-hpc:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP7",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP7",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP6",
"product_id": "SUSE Linux Enterprise Server 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:15:sp6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-1.5.1-150600.4.24.1.aarch64 as component of SUSE Linux Enterprise Module for HPC 15 SP7",
"product_id": "SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64"
},
"product_reference": "apptainer-1.5.1-150600.4.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for HPC 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-1.5.1-150600.4.24.1.x86_64 as component of SUSE Linux Enterprise Module for HPC 15 SP7",
"product_id": "SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64"
},
"product_reference": "apptainer-1.5.1-150600.4.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for HPC 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-sle15_7-1.5.1-150600.4.24.1.noarch as component of SUSE Linux Enterprise Module for HPC 15 SP7",
"product_id": "SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch"
},
"product_reference": "apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for HPC 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-1.5.1-150600.4.24.1.aarch64 as component of SUSE Linux Enterprise Module for HPC 15 SP7",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64"
},
"product_reference": "apptainer-1.5.1-150600.4.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-1.5.1-150600.4.24.1.x86_64 as component of SUSE Linux Enterprise Module for HPC 15 SP7",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64"
},
"product_reference": "apptainer-1.5.1-150600.4.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-sle15_7-1.5.1-150600.4.24.1.noarch as component of SUSE Linux Enterprise Module for HPC 15 SP7",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch"
},
"product_reference": "apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-1.5.1-150600.4.24.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64"
},
"product_reference": "apptainer-1.5.1-150600.4.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-1.5.1-150600.4.24.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64"
},
"product_reference": "apptainer-1.5.1-150600.4.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-sle15_6-1.5.1-150600.4.24.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
},
"product_reference": "apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-1.5.1-150600.4.24.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64"
},
"product_reference": "apptainer-1.5.1-150600.4.24.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-1.5.1-150600.4.24.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64"
},
"product_reference": "apptainer-1.5.1-150600.4.24.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-sle15_6-1.5.1-150600.4.24.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
},
"product_reference": "apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-24137",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-24137"
}
],
"notes": [
{
"category": "general",
"text": "sigstore framework is a common go library shared across sigstore services and clients. In versions 1.10.3 and below, the legacy TUF client (pkg/tuf/client.go) supports caching target files to disk. It constructs a filesystem path by joining a cache base directory with a target name sourced from signed target metadata; however, it does not validate that the resulting path stays within the cache base directory. A malicious TUF repository can trigger arbitrary file overwriting, limited to the permissions that the calling process has. Note that this should only affect clients that are directly using the TUF client in sigstore/sigstore or are using an older version of Cosign. Public Sigstore deployment users are unaffected, as TUF metadata is validated by a quorum of trusted collaborators. This issue has been fixed in version 1.10.4. As a workaround, users can disable disk caching for the legacy client by setting SIGSTORE_NO_CACHE=true in the environment, migrate to https://github.com/sigstore/sigstore-go/tree/main/pkg/tuf, or upgrade to the latest sigstore/sigstore release.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-24137",
"url": "https://www.suse.com/security/cve/CVE-2026-24137"
},
{
"category": "external",
"summary": "SUSE Bug 1257137 for CVE-2026-24137",
"url": "https://bugzilla.suse.com/1257137"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T08:46:20Z",
"details": "moderate"
}
],
"title": "CVE-2026-24137"
},
{
"cve": "CVE-2026-33186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33186"
}
],
"notes": [
{
"category": "general",
"text": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33186",
"url": "https://www.suse.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "SUSE Bug 1260085 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1260085"
},
{
"category": "external",
"summary": "SUSE Bug 1268676 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1268676"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T08:46:20Z",
"details": "important"
}
],
"title": "CVE-2026-33186"
},
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
},
{
"category": "external",
"summary": "SUSE Bug 1268758 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1268758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T08:46:20Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-34986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-34986"
}
],
"notes": [
{
"category": "general",
"text": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JWE) object will panic if the alg field indicates a key wrapping algorithm (one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW) and the encrypted_key field is empty. The panic happens when cipher.KeyUnwrap() in key_wrap.go attempts to allocate a slice with a zero or negative length based on the length of the encrypted_key. This code path is reachable from ParseEncrypted() / ParseEncryptedJSON() / ParseEncryptedCompact() followed by Decrypt() on the resulting object. Note that the parse functions take a list of accepted key algorithms. If the accepted key algorithms do not include any key wrapping algorithms, parsing will fail and the application will be unaffected. This panic is also reachable by calling cipher.KeyUnwrap() directly with any ciphertext parameter less than 16 bytes long, but calling this function directly is less common. Panics can lead to denial of service. This vulnerability is fixed in 4.1.4 and 3.0.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-34986",
"url": "https://www.suse.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "SUSE Bug 1262805 for CVE-2026-34986",
"url": "https://bugzilla.suse.com/1262805"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T08:46:20Z",
"details": "important"
}
],
"title": "CVE-2026-34986"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "SUSE Bug 1266474 for CVE-2026-39821",
"url": "https://bugzilla.suse.com/1266474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T08:46:20Z",
"details": "important"
}
],
"title": "CVE-2026-39821"
},
{
"cve": "CVE-2026-39827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39827"
}
],
"notes": [
{
"category": "general",
"text": "An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection\u0027s internal state and released for garbage collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39827",
"url": "https://www.suse.com/security/cve/CVE-2026-39827"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39827",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T08:46:20Z",
"details": "important"
}
],
"title": "CVE-2026-39827"
},
{
"cve": "CVE-2026-39828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39828"
}
],
"notes": [
{
"category": "general",
"text": "When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39828",
"url": "https://www.suse.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39828",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T08:46:20Z",
"details": "important"
}
],
"title": "CVE-2026-39828"
},
{
"cve": "CVE-2026-39829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39829"
}
],
"notes": [
{
"category": "general",
"text": "The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39829",
"url": "https://www.suse.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39829",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T08:46:20Z",
"details": "important"
}
],
"title": "CVE-2026-39829"
},
{
"cve": "CVE-2026-39830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39830"
}
],
"notes": [
{
"category": "general",
"text": "A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection\u0027s read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39830",
"url": "https://www.suse.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39830",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T08:46:20Z",
"details": "important"
}
],
"title": "CVE-2026-39830"
},
{
"cve": "CVE-2026-39831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39831"
}
],
"notes": [
{
"category": "general",
"text": "The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a \"no-touch-required\" extension in Permissions.Extensions from PublicKeyCallback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39831",
"url": "https://www.suse.com/security/cve/CVE-2026-39831"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39831",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T08:46:20Z",
"details": "important"
}
],
"title": "CVE-2026-39831"
},
{
"cve": "CVE-2026-39832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39832"
}
],
"notes": [
{
"category": "general",
"text": "When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39832",
"url": "https://www.suse.com/security/cve/CVE-2026-39832"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39832",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T08:46:20Z",
"details": "important"
}
],
"title": "CVE-2026-39832"
},
{
"cve": "CVE-2026-39833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39833"
}
],
"notes": [
{
"category": "general",
"text": "The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsupported constraints are requested.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39833",
"url": "https://www.suse.com/security/cve/CVE-2026-39833"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39833",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T08:46:20Z",
"details": "important"
}
],
"title": "CVE-2026-39833"
},
{
"cve": "CVE-2026-39834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39834"
}
],
"notes": [
{
"category": "general",
"text": "When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39834",
"url": "https://www.suse.com/security/cve/CVE-2026-39834"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39834",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T08:46:20Z",
"details": "important"
}
],
"title": "CVE-2026-39834"
},
{
"cve": "CVE-2026-39835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39835"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39835",
"url": "https://www.suse.com/security/cve/CVE-2026-39835"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39835",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T08:46:20Z",
"details": "important"
}
],
"title": "CVE-2026-39835"
},
{
"cve": "CVE-2026-42508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42508"
}
],
"notes": [
{
"category": "general",
"text": "Previously, a revoked \u0027SignatureKey\u0027 belonging to a CA was not correctly checked for revocation. Now, both the \u0027key\u0027 and \u0027key.SignatureKey\u0027 are checked for @revoked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42508",
"url": "https://www.suse.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-42508",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T08:46:20Z",
"details": "important"
}
],
"title": "CVE-2026-42508"
},
{
"cve": "CVE-2026-46595",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46595"
}
],
"notes": [
{
"category": "general",
"text": "Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46595",
"url": "https://www.suse.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46595",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T08:46:20Z",
"details": "important"
}
],
"title": "CVE-2026-46595"
},
{
"cve": "CVE-2026-46597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46597"
}
],
"notes": [
{
"category": "general",
"text": "An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46597",
"url": "https://www.suse.com/security/cve/CVE-2026-46597"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46597",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T08:46:20Z",
"details": "important"
}
],
"title": "CVE-2026-46597"
},
{
"cve": "CVE-2026-46598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46598"
}
],
"notes": [
{
"category": "general",
"text": "For certain crafted inputs, a \u0027ed25519.PrivateKey\u0027 was created by casting malformed wire bytes, leading to a panic when used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46598",
"url": "https://www.suse.com/security/cve/CVE-2026-46598"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46598",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T08:46:20Z",
"details": "important"
}
],
"title": "CVE-2026-46598"
},
{
"cve": "CVE-2026-48785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-48785"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-48785",
"url": "https://www.suse.com/security/cve/CVE-2026-48785"
},
{
"category": "external",
"summary": "SUSE Bug 1267982 for CVE-2026-48785",
"url": "https://bugzilla.suse.com/1267982"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-1.5.1-150600.4.24.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6:apptainer-sle15_6-1.5.1-150600.4.24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T08:46:20Z",
"details": "moderate"
}
],
"title": "CVE-2026-48785"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…