SUSE-SU-2025:0980-1

Source
https://www.suse.com/support/update/announcement/2025/suse-su-20250980-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:0980-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2025:0980-1
Related
Published
2025-03-21T14:15:19Z
Modified
2025-03-27T23:57:18.648972Z
Summary
Security update for apptainer
Details

This update for apptainer fixes the following issues:

  • CVE-2025-27144: Fixed Denial of Service in Go JOSE's Parsing (bsc#1237679).
  • CVE-2024-45338: Fixed denial of service due to non-linear parsing of case-insensitive content (bsc#1234794).
  • CVE-2024-45337: Fixed Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto (bsc#1234595).
  • CVE-2025-22870: Fixed proxy bypass using IPv6 zone IDs (bsc#1238611).
  • CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239341).
  • CVE-2024-41110: Fixed Authz zero length regression (bsc#1228324).
References

Affected packages

SUSE:Linux Enterprise Module for HPC 15 SP6 / apptainer

Package

Name
apptainer
Purl
pkg:rpm/suse/apptainer&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.6-150600.4.9.1

Ecosystem specific

{
    "binaries": [
        {
            "apptainer": "1.3.6-150600.4.9.1",
            "apptainer-sle15_6": "1.3.6-150600.4.9.1"
        }
    ]
}

openSUSE:Leap 15.6 / apptainer

Package

Name
apptainer
Purl
pkg:rpm/opensuse/apptainer&distro=openSUSE%20Leap%2015.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.6-150600.4.9.1

Ecosystem specific

{
    "binaries": [
        {
            "apptainer-sle15_5": "1.3.6-150600.4.9.1",
            "apptainer": "1.3.6-150600.4.9.1",
            "apptainer-leap": "1.3.6-150600.4.9.1",
            "apptainer-sle15_6": "1.3.6-150600.4.9.1"
        }
    ]
}