Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

SUSE 2025-0980-1 Critical: apptainer Denial of Service Fixes

suse
Calendar Grey March 21, 2025
Dist Suse Esm H88
Uncover essential SUSE enhancements for apptainer that tackle various Denial of Service vulnerabilities and potential authorization circumvention threats.
* bsc#1228324 * bsc#1234595 * bsc#1234794 * bsc#1237679 * bsc#1238611

Summary

## This update for apptainer fixes the following issues: * CVE-2025-27144: Fixed Denial of Service in Go JOSE's Parsing (bsc#1237679). * CVE-2024-45338: Fixed denial of service due to non-linear parsing of case- insensitive content (bsc#1234794). * CVE-2024-45337: Fixed Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto (bsc#1234595). * CVE-2025-22870: Fixed proxy bypass using IPv6 zone IDs (bsc#1238611). * CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239341). * CVE-2024-41110: Fixed Authz zero length regression (bsc#1228324). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

* bsc#1228324

* bsc#1234595

* bsc#1234794

* bsc#1237679

* bsc#1238611

* bsc#1239341

Cross-

* CVE-2024-41110

* CVE-2024-45337

* CVE-2024-45338

* CVE-2025-22869

* CVE-2025-22870

* CVE-2025-27144

CVSS scores:

* CVE-2024-41110 ( SUSE ): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

* CVE-2024-45337 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-45337 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

* CVE-2024-45338 ( SUSE ): 8.2

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2024-45338 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-45338 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2025-22869 ( SUSE ): 8.2

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:0980-1
Release Date: 2025-03-21T14:15:24Z
Rating: critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here