Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE Linux Enterprise Server: 2025:02282-1 moderate: umoci CVE-2021-41190

suse
Calendar Grey July 11, 2025
Dist Suse Esm H88
SUSE notifies users about a security flaw in umoci, a key tool for OCI image management. Update promptly.
* bsc#1243388 Cross-References: * CVE-2021-41190

Summary

## This update for umoci fixes the following issues: Update to umoci v0.5.0. Upstream changelog is available from bsc#1243388 A security flaw was found in the OCI image-spec, where it is possible to cause a blob with one media-type to be interpreted as a different media-type. As umoci is not a registry nor does it handle signatures, this vulnerability had no real impact on umoci but for safety we implemented the now-recommended media-type embedding and verification. CVE-2021-41190 Other changes in this release: * Several large reworks and API-related changes to the umoci's overlayfs support. This is only available to Go API users. * The runtime-spec config.json generated by umoci is updated to be more modern

Topics%20covered

Topics Covered

security advisory moderate SuSE security fix umoci media-type

References

* bsc#1243388

Cross-

* CVE-2021-41190

CVSS scores:

* CVE-2021-41190 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

* CVE-2021-41190 ( NVD ): 3.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N

Affected Products:

* Basesystem Module 15-SP6

* Basesystem Module 15-SP7

* openSUSE Leap 15.6

* SUSE Enterprise Storage 7.1

* SUSE Linux Enterprise Desktop 15 SP6

* SUSE Linux Enterprise Desktop 15 SP7

* SUSE Linux Enterprise High Performance Computing 15 SP3

* SUSE Linux Enterprise High Performance Computing 15 SP4

* SUSE Linux Enterprise High Performance Computing 15 SP5

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3

Announcement ID: SUSE-SU-2025:02282-1
Release Date: 2025-07-11T08:35:10Z
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate SuSE security fix umoci media-type

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here