SUSE-SU-2025:0980-1
- Source
- https://www.suse.com/support/update/announcement/2025/suse-su-20250980-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:0980-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2025:0980-1
- Related
- Published
- 2025-03-21T14:15:19Z
- Modified
- 2025-04-04T01:09:50.620826Z
- Upstream
- Summary
- Security update for apptainer
- Details
-
This update for apptainer fixes the following issues:
- CVE-2025-27144: Fixed Denial of Service in Go JOSE's Parsing (bsc#1237679).
- CVE-2024-45338: Fixed denial of service due to non-linear parsing of case-insensitive content (bsc#1234794).
- CVE-2024-45337: Fixed Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto (bsc#1234595).
- CVE-2025-22870: Fixed proxy bypass using IPv6 zone IDs (bsc#1238611).
- CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239341).
- CVE-2024-41110: Fixed Authz zero length regression (bsc#1228324).
- References
-
- https://www.suse.com/support/update/announcement/2025/suse-su-20250980-1/
- https://bugzilla.suse.com/1228324
- https://bugzilla.suse.com/1234595
- https://bugzilla.suse.com/1234794
- https://bugzilla.suse.com/1237679
- https://bugzilla.suse.com/1238611
- https://bugzilla.suse.com/1239341
- https://www.suse.com/security/cve/CVE-2024-41110
- https://www.suse.com/security/cve/CVE-2024-45337
- https://www.suse.com/security/cve/CVE-2024-45338
- https://www.suse.com/security/cve/CVE-2025-22869
- https://www.suse.com/security/cve/CVE-2025-22870
- https://www.suse.com/security/cve/CVE-2025-27144
Affected packages
SUSE:Linux Enterprise Module for HPC 15 SP6 / apptainer
Package
- Name
- apptainer
- Purl
- pkg:rpm/suse/apptainer&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP6