Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

SUSE Linux Micro 6.0: 2025:20205-1 important: docker Denial of Service

suse
Calendar Grey June 4, 2025
Dist Suse Esm H88
This notification highlights essential Docker updates for SUSE, aimed at mitigating various vulnerabilities, resolving ongoing issues, and improving overall security.
* bsc#1223409 * bsc#1234089 * bsc#1237335 * bsc#1237367 * bsc#1239185

Summary

## This update for docker fixes the following issues: * Updated to docker-buildx v0.22.0. * Updated to Docker 27.5.1-ce. * CVE-2025-0495: buildx: Fixed credential leakage to telemetry endpoints (bsc#1239765) * CVE-2025-22868: Fixed golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239185) * CVE-2025-22869: Fixed golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239322). * CVE-2024-29018:moby: external DNS requests from 'internal' networks could lead to data exfiltration (bsc#1234089) * Make container-selinux requirement conditional on selinux-policy (bsc#1237367) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like

References

* bsc#1223409

* bsc#1234089

* bsc#1237335

* bsc#1237367

* bsc#1239185

* bsc#1239322

* bsc#1239765

* jsc#PED-12534

* jsc#PED-8905

Cross-

* CVE-2024-29018

* CVE-2025-0495

* CVE-2025-22868

* CVE-2025-22869

CVSS scores:

* CVE-2024-29018 ( SUSE ): 8.2

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

* CVE-2024-29018 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2024-29018 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2024-29018 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2025-0495 ( SUSE ): 4.1

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N

* CVE-2025-0495 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

* CVE-2025-0495 ( NVD ): 4.1

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:20205-1
Release Date: 2025-04-24T14:58:45Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here