Explore top 10 tips to secure your open-source projects now. Read More
×An update that solves three vulnerabilities can now be installed.. # Security update for containerized-data-importer Announcement ID: SUSE-SU-2026:20550-1 Release Date: 2026-02-26T16:03:48Z Rating: important References: * bsc#1235204 * bsc#1235365 * bsc#1239205 Cross-References: * CVE-2024-28180 * CVE-2024-45338 * CVE-2025-22868 CVSS scores: * CVE-2024-28180 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-28180 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-28180 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-45338 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2024-45338 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45338 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-22868 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-22868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-22868 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.2 An update that solves three vulnerabilities can now be installed. ## Description: This update for containerized-data-importer fixes the following issues: Update to version 1.64.0. Security issues fixed: * CVE-2024-28180: improper handling of highly compressed data (bsc#1235204). * CVE-2024-45338: denial of service due to non-linear parsing of case- insensitive content (bsc#1235365). * CVE-2025-22868: unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239205). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.2 zypper in -t patch SUSE-SL-Micro-6.2-317=1 ## Package List: * SUSE Linux Micro6.2 (x86_64) * containerized-data-importer-manifests-1.64.0-160000.1.1 ## References: * https://www.suse.com/security/cve/CVE-2024-28180.html * https://www.suse.com/security/cve/CVE-2024-45338.html * https://www.suse.com/security/cve/CVE-2025-22868.html * https://bugzilla.suse.com/show_bug.cgi?id=1235204 * https://bugzilla.suse.com/show_bug.cgi?id=1235365 * https://bugzilla.suse.com/show_bug.cgi?id=1239205 . Critical update addresses three security issues in containerized-data-importer for SUSE Linux Micro 6.2.. SUSE Linux Micro, containerized-data-importer, security update, data handling. . Severity: Important. LinuxSecurity.com Team
An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed.. openSUSE security update: security update for containerized-data-importer ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20279-1 Rating: important References: * bsc#1235204 * bsc#1235365 * bsc#1239205 Cross-References: * CVE-2024-28180 * CVE-2024-45338 * CVE-2025-22868 CVSS scores: * CVE-2024-28180 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-28180 ( SUSE ): 2.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2024-45338 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45338 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-22868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-22868 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Affected Products: openSUSE Leap 16.0 ------------------------------------------------------------- An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed. Description: This update for containerized-data-importer fixes the following issues: Update to version 1.64.0. Security issues fixed: - CVE-2024-28180: improper handling of highly compressed data (bsc#1235204). - CVE-2024-45338: denial of service due to non-linear parsing of case-insensitive content (bsc#1235365). - CVE-2025-22868: unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239205). Patch instructions: To install this openSUSE security update use the suse recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 16.0 zypper in -t patch openSUSE-Leap-16.0-317=1 Package List: - openSUSE Leap 16.0: containerized-data-importer-api-1.64.0-160000.1.1 containerized-data-importer-cloner-1.64.0-160000.1.1 containerized-data-importer-controller-1.64.0-160000.1.1 containerized-data-importer-importer-1.64.0-160000.1.1 containerized-data-importer-manifests-1.64.0-160000.1.1 containerized-data-importer-operator-1.64.0-160000.1.1 containerized-data-importer-uploadproxy-1.64.0-160000.1.1 containerized-data-importer-uploadserver-1.64.0-160000.1.1 obs-service-cdi_containers_meta-1.64.0-160000.1.1 References: * https://www.suse.com/security/cve/CVE-2024-28180.html * https://www.suse.com/security/cve/CVE-2024-45338.html * https://www.suse.com/security/cve/CVE-2025-22868.html . Solve three key vulnerabilities in openSUSE with containerized-data-importer update to enhance system performance and security.. openSUSE containerized-data-importer security patch. . Severity: Important. LinuxSecurity.com Team
* bsc#1248672 * bsc#1249537 Cross-References: * CVE-2025-38500 . # Security update for kernel-livepatch-MICRO-6-0_Update_9 Announcement ID: SUSE-SU-2025:21098-1 Release Date: 2025-11-28T08:19:30Z Rating: important References: * bsc#1248672 * bsc#1249537 Cross-References: * CVE-2025-38500 * CVE-2025-38616 CVSS scores: * CVE-2025-38500 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38500 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38616 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2025-38616 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0_Update_9 fixes the following issues: * CVE-2025-38500: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (bsc#1248672) * CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1249537) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-224=1 ## Package List: * SUSE Linux Micro 6.0 (s390x x86_64) * kernel-livepatch-6_4_0-31-default-9-1.2 * kernel-livepatch-6_4_0-31-default-debuginfo-9-1.2 * kernel-livepatch-MICRO-6-0_Update_9-debugsource-9-1.2 ## References: * https://www.suse.com/security/cve/CVE-2025-38500.html * https://www.suse.com/security/cve/CVE-2025-38616.html * https://bugzilla.suse.com/show_bug.cgi?id=1248672 * https://bugzilla.suse.com/show_bug.cgi?id=1249537 . The security update addresses important vulnerabilities in SUSE's kernel-livepatch for Linux Micro6.0 products.. SUSE Security Update, kernel-livepatch MICRO, important security fixes. . Severity: Important. LinuxSecurity.com Team
* bsc#1248672 * bsc#1249537 Cross-References: * CVE-2025-38500 . # Security update for kernel-livepatch-MICRO-6-0-RT_Update_11 Announcement ID: SUSE-SU-2025:21103-1 Release Date: 2025-11-28T08:21:31Z Rating: important References: * bsc#1248672 * bsc#1249537 Cross-References: * CVE-2025-38500 * CVE-2025-38616 CVSS scores: * CVE-2025-38500 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-38500 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38500 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2025-38616 ( SUSE ): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H * CVE-2025-38616 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves two vulnerabilities can now be installed. ## Description: This update for kernel-livepatch-MICRO-6-0-RT_Update_11 fixes the following issues: * CVE-2025-38500: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (bsc#1248672) * CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1249537) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-kernel-216=1 ## Package List: * SUSE Linux Micro 6.0 (x86_64) * kernel-livepatch-MICRO-6-0-RT_Update_11-debugsource-4-1.1 * kernel-livepatch-6_4_0-35-rt-4-1.1 * kernel-livepatch-6_4_0-35-rt-debuginfo-4-1.1 ## References: * https://www.suse.com/security/cve/CVE-2025-38500.html * https://www.suse.com/security/cve/CVE-2025-38616.html * https://bugzilla.suse.com/show_bug.cgi?id=1248672 * https://bugzilla.suse.com/show_bug.cgi?id=1249537 . Security update for kernel-livepatch-MICRO-6-0 resolving two important issues, ensuring stability andprotection.. kernel live patch,SUSE Linux Micro,security updates,data handling. . Severity: Important. LinuxSecurity.com Team
release v1.11.0 release v1.10.1 release v1.10.0. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-a8a4ce2864 2024-03-31 01:12:46.078654 -------------------------------------------------------------------------------- Name : prometheus-podman-exporter Product : Fedora 39 Version : 1.11.0 Release : 1.fc39 URL : https://github.com/containers/prometheus-podman-exporter Summary : Prometheus exporter for podman environment Description : Prometheus exporter for podman environments exposing containers, pods, images, volumes and networks information. -------------------------------------------------------------------------------- Update Information: release v1.11.0 release v1.10.1 release v1.10.0 -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 22 2024 Navid Yaghoobi - 1.11.0-1 - release v1.11.0 * Sun Mar 17 2024 Navid Yaghoobi - 1.10.1-1 - release v1.10.1 * Sat Mar 16 2024 Navid Yaghoobi - 1.10.0-1 - release v1.10.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2268896 - CVE-2024-28180 prometheus-podman-exporter: jose-go: improper handling of highly compressed data [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2268896 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-a8a4ce2864' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
podman-tui release v1.0.0 Security fix for [CVE-2024-28180]. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-22f1e313dd 2024-03-30 01:08:11.513494 -------------------------------------------------------------------------------- Name : podman-tui Product : Fedora 39 Version : 1.0.0 Release : 1.fc39 URL : https://github.com/containers/podman-tui Summary : Podman Terminal User Interface Description : podman-tui is a terminal user interface for Podman v4. podman-tui is using podman.socket service to communicate with podman environment and SSH to connect to remote podman machines. -------------------------------------------------------------------------------- Update Information: podman-tui release v1.0.0 Security fix for [CVE-2024-28180] -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 21 2024 Navid Yaghoobi - 1.0.0-1 - release v1.0.0 * Sat Mar 16 2024 Navid Yaghoobi - 0.18.0-1 - release v0.18.0 * Sun Feb 11 2024 Maxwell G - 0.17.0-2 - Rebuild for golang 1.22.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2268848 - CVE-2024-28176 podman-tui: go-jose: resource exhaustion [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2268848 [ 2 ] Bug #2268895 - CVE-2024-28180 podman-tui: jose-go: improper handling of highly compressed data [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2268895 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-22f1e313dd' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used bythe Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Update to upstream 1.3.0, and security fixes for CVE-2024-28176 and CVE-2024-28180. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-560a7aca85 2024-03-23 00:20:56.401412 -------------------------------------------------------------------------------- Name : apptainer Product : Fedora 40 Version : 1.3.0 Release : 1.fc40 URL : https://apptainer.org Summary : Application and environment virtualization formerly known as Singularity Description : Apptainer provides functionality to make portable containers that can be used across host environments. -------------------------------------------------------------------------------- Update Information: Update to upstream 1.3.0, and security fixes for CVE-2024-28176 and CVE-2024-28180 -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 13 2024 Dave Dykstra - 1.3.0 - Update to upstream 1.3.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2268820 - CVE-2024-28176 jose: resource exhaustion https://bugzilla.redhat.com/show_bug.cgi?id=2268820 [ 2 ] Bug #2268854 - CVE-2024-28180 jose-go: improper handling of highly compressed data https://bugzilla.redhat.com/show_bug.cgi?id=2268854 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-560a7aca85' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
This update for go1.22 fixes the following issues: Upgrade go to version 1.22.1 CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of. # Security update for go1.22 Announcement ID: SUSE-SU-2024:0812-1 Rating: important References: * bsc#1218424 * bsc#1219988 * bsc#1220999 * bsc#1221000 * bsc#1221001 * bsc#1221002 * bsc#1221003 Cross-References: * CVE-2023-45289 * CVE-2023-45290 * CVE-2024-24783 * CVE-2024-24784 * CVE-2024-24785 CVSS scores: * CVE-2023-45289 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-45290 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-24783 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-24784 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-24785 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: * Development Tools Module 15-SP5 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves five vulnerabilities and has two security fixes can now be installed. ## Description: This update for go1.22 fixes the following issues: * Upgrade go to version 1.22.1 * CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (bsc#1221000) * CVE-2023-45290: net/http: memory exhaustion in Request.ParseMultipartForm (bsc#1221001) * CVE-2024-24783: crypto/x509: Verify panics on certificates with an unknown public key algorithm (bsc#1220999) * CVE-2024-24784: net/mail: comments in display names are incorrectly handled (bsc#1221002) * CVE-2024-24785: html/template: errors returned from MarshalJSON methods may break template escaping (bsc#1221003) ## Patch Instructions: To install thisSUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-812=1 * Development Tools Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP5-2024-812=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * go1.22-1.22.1-150000.1.9.1 * go1.22-doc-1.22.1-150000.1.9.1 * go1.22-race-1.22.1-150000.1.9.1 * Development Tools Module 15-SP5 (aarch64 ppc64le s390x x86_64) * go1.22-1.22.1-150000.1.9.1 * go1.22-doc-1.22.1-150000.1.9.1 * go1.22-race-1.22.1-150000.1.9.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45289.html * https://www.suse.com/security/cve/CVE-2023-45290.html * https://www.suse.com/security/cve/CVE-2024-24783.html * https://www.suse.com/security/cve/CVE-2024-24784.html * https://www.suse.com/security/cve/CVE-2024-24785.html * https://bugzilla.suse.com/show_bug.cgi?id=1218424 * https://bugzilla.suse.com/show_bug.cgi?id=1219988 * https://bugzilla.suse.com/show_bug.cgi?id=1220999 * https://bugzilla.suse.com/show_bug.cgi?id=1221000 * https://bugzilla.suse.com/show_bug.cgi?id=1221001 * https://bugzilla.suse.com/show_bug.cgi?id=1221002 * https://bugzilla.suse.com/show_bug.cgi?id=1221003 . A significant announcement for openSUSE go1.22 resolves various problems and introduces security enhancements related to the management of confidential information.. openSUSE Update, go1.22 Security, Software Fix, Go Upgrade. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.