Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

openSUSE: 2025:0103-1 moderate: cadvisor Advisory Security Update

opensuse
Calendar Grey March 24, 2025
Dist Opensuse Esm H88
An openSUSE update for cadvisor addresses two moderate issues with memory consumption and token parsing vulnerabilities.
An update that fixes two vulnerabilities is now available

Description

This update for cadvisor fixes the following issues:

- update to 0.52.1:

* Make resctrl optional/pluggable

- update to 0.52.0:

* bump containerd related deps: api v1.8.0; errdefs v1.0.0; ttrpc v1.2.6

* chore: Update Prometheus libraries

* bump runc to v1.2.4

* Add Pressure Stall Information Metrics

* Switch to opencontainers/cgroups repository (includes update from

golang 1.22 to 1.24)

* Bump to newer opencontainers/image-spec @ v1.1.1

- update to 0.49.2:

* Cp fix test

* Revert "reduce_logs_for_kubelet_use_crio"

- CVE-2025-22868: golang.org/x/oauth2/jws: Unexpected memory consumption

during token parsing in golang.org/x/oauth2 (boo#1239291)

- Update to version 0.49.1:

* build docker - add --provenance=false flag

* Remove s390x support

* Disable libipmctl in build

* Ugrade base image to 1.22 and alpine 3.18

* fix type of C.malloc in cgo

* Bump runc to v1.1.12

*...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate memory consumption openSUSE cadvisor token parsing

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2025-103=1

Package List

- openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64):

cadvisor-0.52.1-bp156.3.3.1

References

https://www.suse.com/security/cve/CVE-2022-27664.html

https://www.suse.com/security/cve/CVE-2025-22868.html

https://bugzilla.suse.com/1222192

https://bugzilla.suse.com/1239291

Announcement ID: openSUSE-SU-2025:0103-1
Rating: moderate
Affected Products: openSUSE Backports SLE-15-SP6 .

Topics%20covered

Topics Covered

security advisory moderate memory consumption openSUSE cadvisor token parsing

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here