SUSE: 2025:0857-1 important: DoS fix for build vulnerabilities

suse

March 13, 2025

* bsc#1217269 * bsc#1230469 Cross-References: * CVE-2024-22038

Summary

## This update for build fixes the following issues: \- CVE-2024-22038: Fixed DoS attacks, information leaks with crafted Git repositories (bnc#1230469) Other fixes: \- Fixed behaviour when using "\--shell" aka "osc shell" option in a VM build. Startup is faster and permissions stay intact now. * fixes for POSIX compatibility for obs-docker-support adn mkbaselibs * Add support for apk in docker/podman builds * Add support for 'wget' in Docker images * Fix debian support for Dockerfile builds * Fix preinstallimages in containers * mkosi: add back system-packages used by build-recipe directly * pbuild: parse the Release files for debian repos * mkosi: drop most systemd/build-packages deps and use obs_scm directory as source if present * improve source copy handling

Topics Covered

security advisory update DoS attack important SUSE build issue

References

* bsc#1217269

* bsc#1230469

Cross-

* CVE-2024-22038

CVSS scores:

* CVE-2024-22038 ( SUSE ): 6.8

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2024-22038 ( SUSE ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H

* CVE-2024-22038 ( NVD ): 6.8

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2024-22038 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H

Affected Products:

* Development Tools Module 15-SP6

* openSUSE Leap 15.6

* SUSE Enterprise Storage 7.1

* SUSE Linux Enterprise Desktop 15 SP6

* SUSE Linux Enterprise High Performance Computing 15 SP3

* SUSE Linux Enterprise High Performance Computing 15 SP4

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2025:0857-1

Release Date: 2025-03-13T17:58:42Z

Rating: important

Topics Covered

security advisory update DoS attack important SUSE build issue

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

SUSE: 2025:0857-1 important: DoS fix for build vulnerabilities

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

SUSE: 2025:0857-1 important: DoS fix for build vulnerabilities

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!