Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-45710 (GCVE-0-2021-45710)
Vulnerability from cvelistv5
Published
2021-12-26 21:47
Modified
2024-08-04 04:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption.
References
| ► | URL | Tags | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:47:02.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0124.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/tokio/RUSTSEC-2021-0124.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-26T21:47:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0124.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/tokio/RUSTSEC-2021-0124.md"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rustsec.org/advisories/RUSTSEC-2021-0124.html",
"refsource": "MISC",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0124.html"
},
{
"name": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/tokio/RUSTSEC-2021-0124.md",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/tokio/RUSTSEC-2021-0124.md"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45710",
"datePublished": "2021-12-26T21:47:20",
"dateReserved": "2021-12-26T00:00:00",
"dateUpdated": "2024-08-04T04:47:02.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-45710\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-12-27T00:15:10.057\",\"lastModified\":\"2024-11-21T06:32:56.430\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption.\"},{\"lang\":\"es\",\"value\":\"Se ha detectado un problema en la crate tokio versiones anteriores a 1.8.4, y de la 1.9.x a la 1.13.x anteriores a 1.13.1, para Rust. En determinadas circunstancias que implican un canal cerrado oneshot, se presenta una carrera de datos y corrupci\u00f3n de memoria\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:P\",\"baseScore\":5.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tokio:tokio:*:*:*:*:*:rust:*:*\",\"versionStartIncluding\":\"0.1.14\",\"versionEndExcluding\":\"1.8.4\",\"matchCriteriaId\":\"27923A6E-8A34-4BCB-B2A6-5FD05F4C5C2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tokio:tokio:*:*:*:*:*:rust:*:*\",\"versionStartIncluding\":\"1.9.0\",\"versionEndExcluding\":\"1.13.1\",\"matchCriteriaId\":\"F45A41E5-8C1D-4E75-9198-E09C6A92F1D0\"}]}]}],\"references\":[{\"url\":\"https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/tokio/RUSTSEC-2021-0124.md\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://rustsec.org/advisories/RUSTSEC-2021-0124.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/tokio/RUSTSEC-2021-0124.md\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://rustsec.org/advisories/RUSTSEC-2021-0124.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
opensuse-su-2024:11716-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
sccache-0.2.15~git0.6b6d2f7-8.1 on GA media
Notes
Title of the patch
sccache-0.2.15~git0.6b6d2f7-8.1 on GA media
Description of the patch
These are all security issues fixed in the sccache-0.2.15~git0.6b6d2f7-8.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11716
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "sccache-0.2.15~git0.6b6d2f7-8.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the sccache-0.2.15~git0.6b6d2f7-8.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11716",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11716-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-45710 page",
"url": "https://www.suse.com/security/cve/CVE-2021-45710/"
}
],
"title": "sccache-0.2.15~git0.6b6d2f7-8.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11716-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "sccache-0.2.15~git0.6b6d2f7-8.1.aarch64",
"product": {
"name": "sccache-0.2.15~git0.6b6d2f7-8.1.aarch64",
"product_id": "sccache-0.2.15~git0.6b6d2f7-8.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "sccache-0.2.15~git0.6b6d2f7-8.1.ppc64le",
"product": {
"name": "sccache-0.2.15~git0.6b6d2f7-8.1.ppc64le",
"product_id": "sccache-0.2.15~git0.6b6d2f7-8.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "sccache-0.2.15~git0.6b6d2f7-8.1.s390x",
"product": {
"name": "sccache-0.2.15~git0.6b6d2f7-8.1.s390x",
"product_id": "sccache-0.2.15~git0.6b6d2f7-8.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "sccache-0.2.15~git0.6b6d2f7-8.1.x86_64",
"product": {
"name": "sccache-0.2.15~git0.6b6d2f7-8.1.x86_64",
"product_id": "sccache-0.2.15~git0.6b6d2f7-8.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.2.15~git0.6b6d2f7-8.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sccache-0.2.15~git0.6b6d2f7-8.1.aarch64"
},
"product_reference": "sccache-0.2.15~git0.6b6d2f7-8.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.2.15~git0.6b6d2f7-8.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sccache-0.2.15~git0.6b6d2f7-8.1.ppc64le"
},
"product_reference": "sccache-0.2.15~git0.6b6d2f7-8.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.2.15~git0.6b6d2f7-8.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sccache-0.2.15~git0.6b6d2f7-8.1.s390x"
},
"product_reference": "sccache-0.2.15~git0.6b6d2f7-8.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.2.15~git0.6b6d2f7-8.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:sccache-0.2.15~git0.6b6d2f7-8.1.x86_64"
},
"product_reference": "sccache-0.2.15~git0.6b6d2f7-8.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-45710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-45710"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:sccache-0.2.15~git0.6b6d2f7-8.1.aarch64",
"openSUSE Tumbleweed:sccache-0.2.15~git0.6b6d2f7-8.1.ppc64le",
"openSUSE Tumbleweed:sccache-0.2.15~git0.6b6d2f7-8.1.s390x",
"openSUSE Tumbleweed:sccache-0.2.15~git0.6b6d2f7-8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-45710",
"url": "https://www.suse.com/security/cve/CVE-2021-45710"
},
{
"category": "external",
"summary": "SUSE Bug 1194119 for CVE-2021-45710",
"url": "https://bugzilla.suse.com/1194119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:sccache-0.2.15~git0.6b6d2f7-8.1.aarch64",
"openSUSE Tumbleweed:sccache-0.2.15~git0.6b6d2f7-8.1.ppc64le",
"openSUSE Tumbleweed:sccache-0.2.15~git0.6b6d2f7-8.1.s390x",
"openSUSE Tumbleweed:sccache-0.2.15~git0.6b6d2f7-8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:sccache-0.2.15~git0.6b6d2f7-8.1.aarch64",
"openSUSE Tumbleweed:sccache-0.2.15~git0.6b6d2f7-8.1.ppc64le",
"openSUSE Tumbleweed:sccache-0.2.15~git0.6b6d2f7-8.1.s390x",
"openSUSE Tumbleweed:sccache-0.2.15~git0.6b6d2f7-8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2021-45710"
}
]
}
opensuse-su-2024:11729-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
zram-generator-1.1.1~git5.8612dbb-1.1 on GA media
Notes
Title of the patch
zram-generator-1.1.1~git5.8612dbb-1.1 on GA media
Description of the patch
These are all security issues fixed in the zram-generator-1.1.1~git5.8612dbb-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11729
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "zram-generator-1.1.1~git5.8612dbb-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the zram-generator-1.1.1~git5.8612dbb-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11729",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11729-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-25023 page",
"url": "https://www.suse.com/security/cve/CVE-2018-25023/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-45710 page",
"url": "https://www.suse.com/security/cve/CVE-2021-45710/"
}
],
"title": "zram-generator-1.1.1~git5.8612dbb-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11729-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "zram-generator-1.1.1~git5.8612dbb-1.1.aarch64",
"product": {
"name": "zram-generator-1.1.1~git5.8612dbb-1.1.aarch64",
"product_id": "zram-generator-1.1.1~git5.8612dbb-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "zram-generator-1.1.1~git5.8612dbb-1.1.ppc64le",
"product": {
"name": "zram-generator-1.1.1~git5.8612dbb-1.1.ppc64le",
"product_id": "zram-generator-1.1.1~git5.8612dbb-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "zram-generator-1.1.1~git5.8612dbb-1.1.s390x",
"product": {
"name": "zram-generator-1.1.1~git5.8612dbb-1.1.s390x",
"product_id": "zram-generator-1.1.1~git5.8612dbb-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "zram-generator-1.1.1~git5.8612dbb-1.1.x86_64",
"product": {
"name": "zram-generator-1.1.1~git5.8612dbb-1.1.x86_64",
"product_id": "zram-generator-1.1.1~git5.8612dbb-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "zram-generator-1.1.1~git5.8612dbb-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zram-generator-1.1.1~git5.8612dbb-1.1.aarch64"
},
"product_reference": "zram-generator-1.1.1~git5.8612dbb-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zram-generator-1.1.1~git5.8612dbb-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zram-generator-1.1.1~git5.8612dbb-1.1.ppc64le"
},
"product_reference": "zram-generator-1.1.1~git5.8612dbb-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zram-generator-1.1.1~git5.8612dbb-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zram-generator-1.1.1~git5.8612dbb-1.1.s390x"
},
"product_reference": "zram-generator-1.1.1~git5.8612dbb-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "zram-generator-1.1.1~git5.8612dbb-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:zram-generator-1.1.1~git5.8612dbb-1.1.x86_64"
},
"product_reference": "zram-generator-1.1.1~git5.8612dbb-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-25023",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-25023"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the smallvec crate before 0.6.13 for Rust. It can create an uninitialized value of any type, including a reference type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:zram-generator-1.1.1~git5.8612dbb-1.1.aarch64",
"openSUSE Tumbleweed:zram-generator-1.1.1~git5.8612dbb-1.1.ppc64le",
"openSUSE Tumbleweed:zram-generator-1.1.1~git5.8612dbb-1.1.s390x",
"openSUSE Tumbleweed:zram-generator-1.1.1~git5.8612dbb-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-25023",
"url": "https://www.suse.com/security/cve/CVE-2018-25023"
},
{
"category": "external",
"summary": "SUSE Bug 1194113 for CVE-2018-25023",
"url": "https://bugzilla.suse.com/1194113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:zram-generator-1.1.1~git5.8612dbb-1.1.aarch64",
"openSUSE Tumbleweed:zram-generator-1.1.1~git5.8612dbb-1.1.ppc64le",
"openSUSE Tumbleweed:zram-generator-1.1.1~git5.8612dbb-1.1.s390x",
"openSUSE Tumbleweed:zram-generator-1.1.1~git5.8612dbb-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:zram-generator-1.1.1~git5.8612dbb-1.1.aarch64",
"openSUSE Tumbleweed:zram-generator-1.1.1~git5.8612dbb-1.1.ppc64le",
"openSUSE Tumbleweed:zram-generator-1.1.1~git5.8612dbb-1.1.s390x",
"openSUSE Tumbleweed:zram-generator-1.1.1~git5.8612dbb-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-25023"
},
{
"cve": "CVE-2021-45710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-45710"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:zram-generator-1.1.1~git5.8612dbb-1.1.aarch64",
"openSUSE Tumbleweed:zram-generator-1.1.1~git5.8612dbb-1.1.ppc64le",
"openSUSE Tumbleweed:zram-generator-1.1.1~git5.8612dbb-1.1.s390x",
"openSUSE Tumbleweed:zram-generator-1.1.1~git5.8612dbb-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-45710",
"url": "https://www.suse.com/security/cve/CVE-2021-45710"
},
{
"category": "external",
"summary": "SUSE Bug 1194119 for CVE-2021-45710",
"url": "https://bugzilla.suse.com/1194119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:zram-generator-1.1.1~git5.8612dbb-1.1.aarch64",
"openSUSE Tumbleweed:zram-generator-1.1.1~git5.8612dbb-1.1.ppc64le",
"openSUSE Tumbleweed:zram-generator-1.1.1~git5.8612dbb-1.1.s390x",
"openSUSE Tumbleweed:zram-generator-1.1.1~git5.8612dbb-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:zram-generator-1.1.1~git5.8612dbb-1.1.aarch64",
"openSUSE Tumbleweed:zram-generator-1.1.1~git5.8612dbb-1.1.ppc64le",
"openSUSE Tumbleweed:zram-generator-1.1.1~git5.8612dbb-1.1.s390x",
"openSUSE Tumbleweed:zram-generator-1.1.1~git5.8612dbb-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2021-45710"
}
]
}
opensuse-su-2024:11751-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
afterburn-5.0.0-6.1 on GA media
Notes
Title of the patch
afterburn-5.0.0-6.1 on GA media
Description of the patch
These are all security issues fixed in the afterburn-5.0.0-6.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11751
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "afterburn-5.0.0-6.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the afterburn-5.0.0-6.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11751",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11751-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-35905 page",
"url": "https://www.suse.com/security/cve/CVE-2020-35905/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-36465 page",
"url": "https://www.suse.com/security/cve/CVE-2020-36465/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-27378 page",
"url": "https://www.suse.com/security/cve/CVE-2021-27378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-32714 page",
"url": "https://www.suse.com/security/cve/CVE-2021-32714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-32715 page",
"url": "https://www.suse.com/security/cve/CVE-2021-32715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38191 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38191/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-45710 page",
"url": "https://www.suse.com/security/cve/CVE-2021-45710/"
}
],
"title": "afterburn-5.0.0-6.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11751-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "afterburn-5.0.0-6.1.aarch64",
"product": {
"name": "afterburn-5.0.0-6.1.aarch64",
"product_id": "afterburn-5.0.0-6.1.aarch64"
}
},
{
"category": "product_version",
"name": "afterburn-dracut-5.0.0-6.1.aarch64",
"product": {
"name": "afterburn-dracut-5.0.0-6.1.aarch64",
"product_id": "afterburn-dracut-5.0.0-6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "afterburn-5.0.0-6.1.ppc64le",
"product": {
"name": "afterburn-5.0.0-6.1.ppc64le",
"product_id": "afterburn-5.0.0-6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "afterburn-dracut-5.0.0-6.1.ppc64le",
"product": {
"name": "afterburn-dracut-5.0.0-6.1.ppc64le",
"product_id": "afterburn-dracut-5.0.0-6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "afterburn-5.0.0-6.1.s390x",
"product": {
"name": "afterburn-5.0.0-6.1.s390x",
"product_id": "afterburn-5.0.0-6.1.s390x"
}
},
{
"category": "product_version",
"name": "afterburn-dracut-5.0.0-6.1.s390x",
"product": {
"name": "afterburn-dracut-5.0.0-6.1.s390x",
"product_id": "afterburn-dracut-5.0.0-6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "afterburn-5.0.0-6.1.x86_64",
"product": {
"name": "afterburn-5.0.0-6.1.x86_64",
"product_id": "afterburn-5.0.0-6.1.x86_64"
}
},
{
"category": "product_version",
"name": "afterburn-dracut-5.0.0-6.1.x86_64",
"product": {
"name": "afterburn-dracut-5.0.0-6.1.x86_64",
"product_id": "afterburn-dracut-5.0.0-6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "afterburn-5.0.0-6.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:afterburn-5.0.0-6.1.aarch64"
},
"product_reference": "afterburn-5.0.0-6.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "afterburn-5.0.0-6.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:afterburn-5.0.0-6.1.ppc64le"
},
"product_reference": "afterburn-5.0.0-6.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "afterburn-5.0.0-6.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:afterburn-5.0.0-6.1.s390x"
},
"product_reference": "afterburn-5.0.0-6.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "afterburn-5.0.0-6.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:afterburn-5.0.0-6.1.x86_64"
},
"product_reference": "afterburn-5.0.0-6.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "afterburn-dracut-5.0.0-6.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.aarch64"
},
"product_reference": "afterburn-dracut-5.0.0-6.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "afterburn-dracut-5.0.0-6.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.ppc64le"
},
"product_reference": "afterburn-dracut-5.0.0-6.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "afterburn-dracut-5.0.0-6.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.s390x"
},
"product_reference": "afterburn-dracut-5.0.0-6.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "afterburn-dracut-5.0.0-6.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.x86_64"
},
"product_reference": "afterburn-dracut-5.0.0-6.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-35905",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-35905"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the futures-util crate before 0.3.7 for Rust. MutexGuard::map can cause a data race for certain closure situations (in safe code).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-35905",
"url": "https://www.suse.com/security/cve/CVE-2020-35905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2020-35905"
},
{
"cve": "CVE-2020-36465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-36465"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the generic-array crate before 0.13.3 for Rust. It violates soundness by using the arr! macro to extend lifetimes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-36465",
"url": "https://www.suse.com/security/cve/CVE-2020-36465"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2020-36465"
},
{
"cve": "CVE-2021-27378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-27378"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the rand_core crate before 0.6.2 for Rust. Because read_u32_into and read_u64_into mishandle certain buffer-length checks, a random number generator may be seeded with too little data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-27378",
"url": "https://www.suse.com/security/cve/CVE-2021-27378"
},
{
"category": "external",
"summary": "SUSE Bug 1182432 for CVE-2021-27378",
"url": "https://bugzilla.suse.com/1182432"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2021-27378"
},
{
"cve": "CVE-2021-32714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-32714"
}
],
"notes": [
{
"category": "general",
"text": "hyper is an HTTP library for Rust. In versions prior to 0.14.10, hyper\u0027s HTTP server and client code had a flaw that could trigger an integer overflow when decoding chunk sizes that are too big. This allows possible data loss, or if combined with an upstream HTTP proxy that allows chunk sizes larger than hyper does, can result in \"request smuggling\" or \"desync attacks.\" The vulnerability is patched in version 0.14.10. Two possible workarounds exist. One may reject requests manually that contain a `Transfer-Encoding` header or ensure any upstream proxy rejects `Transfer-Encoding` chunk sizes greater than what fits in 64-bit unsigned integers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-32714",
"url": "https://www.suse.com/security/cve/CVE-2021-32714"
},
{
"category": "external",
"summary": "SUSE Bug 1188174 for CVE-2021-32714",
"url": "https://bugzilla.suse.com/1188174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-32714"
},
{
"cve": "CVE-2021-32715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-32715"
}
],
"notes": [
{
"category": "general",
"text": "hyper is an HTTP library for rust. hyper\u0027s HTTP/1 server code had a flaw that incorrectly parses and accepts requests with a `Content-Length` header with a prefixed plus sign, when it should have been rejected as illegal. This combined with an upstream HTTP proxy that doesn\u0027t parse such `Content-Length` headers, but forwards them, can result in \"request smuggling\" or \"desync attacks\". The flaw exists in all prior versions of hyper prior to 0.14.10, if built with `rustc` v1.5.0 or newer. The vulnerability is patched in hyper version 0.14.10. Two workarounds exist: One may reject requests manually that contain a plus sign prefix in the `Content-Length` header or ensure any upstream proxy handles `Content-Length` headers with a plus sign prefix.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-32715",
"url": "https://www.suse.com/security/cve/CVE-2021-32715"
},
{
"category": "external",
"summary": "SUSE Bug 1188173 for CVE-2021-32715",
"url": "https://bugzilla.suse.com/1188173"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2021-32715"
},
{
"cve": "CVE-2021-38191",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38191"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong thread.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38191",
"url": "https://www.suse.com/security/cve/CVE-2021-38191"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2021-38191"
},
{
"cve": "CVE-2021-45710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-45710"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-45710",
"url": "https://www.suse.com/security/cve/CVE-2021-45710"
},
{
"category": "external",
"summary": "SUSE Bug 1194119 for CVE-2021-45710",
"url": "https://bugzilla.suse.com/1194119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-5.0.0-6.1.x86_64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.aarch64",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.ppc64le",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.s390x",
"openSUSE Tumbleweed:afterburn-dracut-5.0.0-6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2021-45710"
}
]
}
opensuse-su-2024:11711-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
kanidm-1.1.0~alpha7~git0.c8468199-1.1 on GA media
Notes
Title of the patch
kanidm-1.1.0~alpha7~git0.c8468199-1.1 on GA media
Description of the patch
These are all security issues fixed in the kanidm-1.1.0~alpha7~git0.c8468199-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11711
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "kanidm-1.1.0~alpha7~git0.c8468199-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the kanidm-1.1.0~alpha7~git0.c8468199-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11711",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11711-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-45710 page",
"url": "https://www.suse.com/security/cve/CVE-2021-45710/"
}
],
"title": "kanidm-1.1.0~alpha7~git0.c8468199-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11711-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kanidm-1.1.0~alpha7~git0.c8468199-1.1.aarch64",
"product": {
"name": "kanidm-1.1.0~alpha7~git0.c8468199-1.1.aarch64",
"product_id": "kanidm-1.1.0~alpha7~git0.c8468199-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.aarch64",
"product": {
"name": "kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.aarch64",
"product_id": "kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.aarch64",
"product": {
"name": "kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.aarch64",
"product_id": "kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.aarch64",
"product": {
"name": "kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.aarch64",
"product_id": "kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.aarch64",
"product": {
"name": "kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.aarch64",
"product_id": "kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kanidm-1.1.0~alpha7~git0.c8468199-1.1.ppc64le",
"product": {
"name": "kanidm-1.1.0~alpha7~git0.c8468199-1.1.ppc64le",
"product_id": "kanidm-1.1.0~alpha7~git0.c8468199-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.ppc64le",
"product": {
"name": "kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.ppc64le",
"product_id": "kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.ppc64le",
"product": {
"name": "kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.ppc64le",
"product_id": "kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.ppc64le",
"product": {
"name": "kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.ppc64le",
"product_id": "kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.ppc64le",
"product": {
"name": "kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.ppc64le",
"product_id": "kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kanidm-1.1.0~alpha7~git0.c8468199-1.1.s390x",
"product": {
"name": "kanidm-1.1.0~alpha7~git0.c8468199-1.1.s390x",
"product_id": "kanidm-1.1.0~alpha7~git0.c8468199-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.s390x",
"product": {
"name": "kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.s390x",
"product_id": "kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.s390x",
"product": {
"name": "kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.s390x",
"product_id": "kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.s390x",
"product": {
"name": "kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.s390x",
"product_id": "kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.s390x",
"product": {
"name": "kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.s390x",
"product_id": "kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kanidm-1.1.0~alpha7~git0.c8468199-1.1.x86_64",
"product": {
"name": "kanidm-1.1.0~alpha7~git0.c8468199-1.1.x86_64",
"product_id": "kanidm-1.1.0~alpha7~git0.c8468199-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.x86_64",
"product": {
"name": "kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.x86_64",
"product_id": "kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.x86_64",
"product": {
"name": "kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.x86_64",
"product_id": "kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.x86_64",
"product": {
"name": "kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.x86_64",
"product_id": "kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.x86_64",
"product": {
"name": "kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.x86_64",
"product_id": "kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-1.1.0~alpha7~git0.c8468199-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kanidm-1.1.0~alpha7~git0.c8468199-1.1.aarch64"
},
"product_reference": "kanidm-1.1.0~alpha7~git0.c8468199-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-1.1.0~alpha7~git0.c8468199-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kanidm-1.1.0~alpha7~git0.c8468199-1.1.ppc64le"
},
"product_reference": "kanidm-1.1.0~alpha7~git0.c8468199-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-1.1.0~alpha7~git0.c8468199-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kanidm-1.1.0~alpha7~git0.c8468199-1.1.s390x"
},
"product_reference": "kanidm-1.1.0~alpha7~git0.c8468199-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-1.1.0~alpha7~git0.c8468199-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kanidm-1.1.0~alpha7~git0.c8468199-1.1.x86_64"
},
"product_reference": "kanidm-1.1.0~alpha7~git0.c8468199-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.aarch64"
},
"product_reference": "kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.ppc64le"
},
"product_reference": "kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.s390x"
},
"product_reference": "kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.x86_64"
},
"product_reference": "kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.aarch64"
},
"product_reference": "kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.ppc64le"
},
"product_reference": "kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.s390x"
},
"product_reference": "kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.x86_64"
},
"product_reference": "kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.aarch64"
},
"product_reference": "kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.ppc64le"
},
"product_reference": "kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.s390x"
},
"product_reference": "kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.x86_64"
},
"product_reference": "kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.aarch64"
},
"product_reference": "kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.ppc64le"
},
"product_reference": "kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.s390x"
},
"product_reference": "kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.x86_64"
},
"product_reference": "kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-45710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-45710"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kanidm-1.1.0~alpha7~git0.c8468199-1.1.aarch64",
"openSUSE Tumbleweed:kanidm-1.1.0~alpha7~git0.c8468199-1.1.ppc64le",
"openSUSE Tumbleweed:kanidm-1.1.0~alpha7~git0.c8468199-1.1.s390x",
"openSUSE Tumbleweed:kanidm-1.1.0~alpha7~git0.c8468199-1.1.x86_64",
"openSUSE Tumbleweed:kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.aarch64",
"openSUSE Tumbleweed:kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.ppc64le",
"openSUSE Tumbleweed:kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.s390x",
"openSUSE Tumbleweed:kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.x86_64",
"openSUSE Tumbleweed:kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.aarch64",
"openSUSE Tumbleweed:kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.ppc64le",
"openSUSE Tumbleweed:kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.s390x",
"openSUSE Tumbleweed:kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.x86_64",
"openSUSE Tumbleweed:kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.aarch64",
"openSUSE Tumbleweed:kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.ppc64le",
"openSUSE Tumbleweed:kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.s390x",
"openSUSE Tumbleweed:kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.x86_64",
"openSUSE Tumbleweed:kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.aarch64",
"openSUSE Tumbleweed:kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.ppc64le",
"openSUSE Tumbleweed:kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.s390x",
"openSUSE Tumbleweed:kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-45710",
"url": "https://www.suse.com/security/cve/CVE-2021-45710"
},
{
"category": "external",
"summary": "SUSE Bug 1194119 for CVE-2021-45710",
"url": "https://bugzilla.suse.com/1194119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kanidm-1.1.0~alpha7~git0.c8468199-1.1.aarch64",
"openSUSE Tumbleweed:kanidm-1.1.0~alpha7~git0.c8468199-1.1.ppc64le",
"openSUSE Tumbleweed:kanidm-1.1.0~alpha7~git0.c8468199-1.1.s390x",
"openSUSE Tumbleweed:kanidm-1.1.0~alpha7~git0.c8468199-1.1.x86_64",
"openSUSE Tumbleweed:kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.aarch64",
"openSUSE Tumbleweed:kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.ppc64le",
"openSUSE Tumbleweed:kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.s390x",
"openSUSE Tumbleweed:kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.x86_64",
"openSUSE Tumbleweed:kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.aarch64",
"openSUSE Tumbleweed:kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.ppc64le",
"openSUSE Tumbleweed:kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.s390x",
"openSUSE Tumbleweed:kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.x86_64",
"openSUSE Tumbleweed:kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.aarch64",
"openSUSE Tumbleweed:kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.ppc64le",
"openSUSE Tumbleweed:kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.s390x",
"openSUSE Tumbleweed:kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.x86_64",
"openSUSE Tumbleweed:kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.aarch64",
"openSUSE Tumbleweed:kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.ppc64le",
"openSUSE Tumbleweed:kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.s390x",
"openSUSE Tumbleweed:kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kanidm-1.1.0~alpha7~git0.c8468199-1.1.aarch64",
"openSUSE Tumbleweed:kanidm-1.1.0~alpha7~git0.c8468199-1.1.ppc64le",
"openSUSE Tumbleweed:kanidm-1.1.0~alpha7~git0.c8468199-1.1.s390x",
"openSUSE Tumbleweed:kanidm-1.1.0~alpha7~git0.c8468199-1.1.x86_64",
"openSUSE Tumbleweed:kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.aarch64",
"openSUSE Tumbleweed:kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.ppc64le",
"openSUSE Tumbleweed:kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.s390x",
"openSUSE Tumbleweed:kanidm-clients-1.1.0~alpha7~git0.c8468199-1.1.x86_64",
"openSUSE Tumbleweed:kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.aarch64",
"openSUSE Tumbleweed:kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.ppc64le",
"openSUSE Tumbleweed:kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.s390x",
"openSUSE Tumbleweed:kanidm-docs-1.1.0~alpha7~git0.c8468199-1.1.x86_64",
"openSUSE Tumbleweed:kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.aarch64",
"openSUSE Tumbleweed:kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.ppc64le",
"openSUSE Tumbleweed:kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.s390x",
"openSUSE Tumbleweed:kanidm-server-1.1.0~alpha7~git0.c8468199-1.1.x86_64",
"openSUSE Tumbleweed:kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.aarch64",
"openSUSE Tumbleweed:kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.ppc64le",
"openSUSE Tumbleweed:kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.s390x",
"openSUSE Tumbleweed:kanidm-unixd-clients-1.1.0~alpha7~git0.c8468199-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2021-45710"
}
]
}
opensuse-su-2024:11710-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
greetd-0.8.0-2.1 on GA media
Notes
Title of the patch
greetd-0.8.0-2.1 on GA media
Description of the patch
These are all security issues fixed in the greetd-0.8.0-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11710
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "greetd-0.8.0-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the greetd-0.8.0-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11710",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11710-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-45710 page",
"url": "https://www.suse.com/security/cve/CVE-2021-45710/"
}
],
"title": "greetd-0.8.0-2.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11710-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "greetd-0.8.0-2.1.aarch64",
"product": {
"name": "greetd-0.8.0-2.1.aarch64",
"product_id": "greetd-0.8.0-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "greetd-0.8.0-2.1.ppc64le",
"product": {
"name": "greetd-0.8.0-2.1.ppc64le",
"product_id": "greetd-0.8.0-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "greetd-0.8.0-2.1.s390x",
"product": {
"name": "greetd-0.8.0-2.1.s390x",
"product_id": "greetd-0.8.0-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "greetd-0.8.0-2.1.x86_64",
"product": {
"name": "greetd-0.8.0-2.1.x86_64",
"product_id": "greetd-0.8.0-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "greetd-0.8.0-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:greetd-0.8.0-2.1.aarch64"
},
"product_reference": "greetd-0.8.0-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "greetd-0.8.0-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:greetd-0.8.0-2.1.ppc64le"
},
"product_reference": "greetd-0.8.0-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "greetd-0.8.0-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:greetd-0.8.0-2.1.s390x"
},
"product_reference": "greetd-0.8.0-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "greetd-0.8.0-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:greetd-0.8.0-2.1.x86_64"
},
"product_reference": "greetd-0.8.0-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-45710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-45710"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:greetd-0.8.0-2.1.aarch64",
"openSUSE Tumbleweed:greetd-0.8.0-2.1.ppc64le",
"openSUSE Tumbleweed:greetd-0.8.0-2.1.s390x",
"openSUSE Tumbleweed:greetd-0.8.0-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-45710",
"url": "https://www.suse.com/security/cve/CVE-2021-45710"
},
{
"category": "external",
"summary": "SUSE Bug 1194119 for CVE-2021-45710",
"url": "https://bugzilla.suse.com/1194119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:greetd-0.8.0-2.1.aarch64",
"openSUSE Tumbleweed:greetd-0.8.0-2.1.ppc64le",
"openSUSE Tumbleweed:greetd-0.8.0-2.1.s390x",
"openSUSE Tumbleweed:greetd-0.8.0-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:greetd-0.8.0-2.1.aarch64",
"openSUSE Tumbleweed:greetd-0.8.0-2.1.ppc64le",
"openSUSE Tumbleweed:greetd-0.8.0-2.1.s390x",
"openSUSE Tumbleweed:greetd-0.8.0-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2021-45710"
}
]
}
opensuse-su-2024:0294-1
Vulnerability from csaf_opensuse
Published
2024-09-09 12:04
Modified
2024-09-09 12:04
Summary
Security update for kanidm
Notes
Title of the patch
Security update for kanidm
Description of the patch
This update for kanidm fixes the following issues:
- kanidm version 1.3.3~git0.f075d13:
* Release 1.3.3
* Mail substr index (#2981)
Patchnames
openSUSE-2024-294
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for kanidm",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for kanidm fixes the following issues:\n\n- kanidm version 1.3.3~git0.f075d13:\n * Release 1.3.3\n * Mail substr index (#2981)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2024-294",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_0294-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2024:0294-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5D6EJD2U437T6U4EHNYRU44B2UOGLUUB/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2024:0294-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5D6EJD2U437T6U4EHNYRU44B2UOGLUUB/"
},
{
"category": "self",
"summary": "SUSE Bug 1191031",
"url": "https://bugzilla.suse.com/1191031"
},
{
"category": "self",
"summary": "SUSE Bug 1194119",
"url": "https://bugzilla.suse.com/1194119"
},
{
"category": "self",
"summary": "SUSE Bug 1196972",
"url": "https://bugzilla.suse.com/1196972"
},
{
"category": "self",
"summary": "SUSE Bug 1210356",
"url": "https://bugzilla.suse.com/1210356"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-45710 page",
"url": "https://www.suse.com/security/cve/CVE-2021-45710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-24713 page",
"url": "https://www.suse.com/security/cve/CVE-2022-24713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-26964 page",
"url": "https://www.suse.com/security/cve/CVE-2023-26964/"
}
],
"title": "Security update for kanidm",
"tracking": {
"current_release_date": "2024-09-09T12:04:21Z",
"generator": {
"date": "2024-09-09T12:04:21Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:0294-1",
"initial_release_date": "2024-09-09T12:04:21Z",
"revision_history": [
{
"date": "2024-09-09T12:04:21Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kanidm-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"product": {
"name": "kanidm-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"product_id": "kanidm-1.3.3~git0.f075d13-bp156.4.1.aarch64"
}
},
{
"category": "product_version",
"name": "kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"product": {
"name": "kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"product_id": "kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64"
}
},
{
"category": "product_version",
"name": "kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"product": {
"name": "kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"product_id": "kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.aarch64"
}
},
{
"category": "product_version",
"name": "kanidm-server-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"product": {
"name": "kanidm-server-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"product_id": "kanidm-server-1.3.3~git0.f075d13-bp156.4.1.aarch64"
}
},
{
"category": "product_version",
"name": "kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"product": {
"name": "kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"product_id": "kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kanidm-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"product": {
"name": "kanidm-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"product_id": "kanidm-1.3.3~git0.f075d13-bp156.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"product": {
"name": "kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"product_id": "kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"product": {
"name": "kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"product_id": "kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "kanidm-server-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"product": {
"name": "kanidm-server-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"product_id": "kanidm-server-1.3.3~git0.f075d13-bp156.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"product": {
"name": "kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"product_id": "kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP6",
"product": {
"name": "SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-1.3.3~git0.f075d13-bp156.4.1.aarch64 as component of SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6:kanidm-1.3.3~git0.f075d13-bp156.4.1.aarch64"
},
"product_reference": "kanidm-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-1.3.3~git0.f075d13-bp156.4.1.x86_64 as component of SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6:kanidm-1.3.3~git0.f075d13-bp156.4.1.x86_64"
},
"product_reference": "kanidm-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64 as component of SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64"
},
"product_reference": "kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64 as component of SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64"
},
"product_reference": "kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.aarch64 as component of SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.aarch64"
},
"product_reference": "kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.x86_64 as component of SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.x86_64"
},
"product_reference": "kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-server-1.3.3~git0.f075d13-bp156.4.1.aarch64 as component of SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.aarch64"
},
"product_reference": "kanidm-server-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-server-1.3.3~git0.f075d13-bp156.4.1.x86_64 as component of SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.x86_64"
},
"product_reference": "kanidm-server-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64 as component of SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64"
},
"product_reference": "kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64 as component of SUSE Package Hub 15 SP6",
"product_id": "SUSE Package Hub 15 SP6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64"
},
"product_reference": "kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-1.3.3~git0.f075d13-bp156.4.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kanidm-1.3.3~git0.f075d13-bp156.4.1.aarch64"
},
"product_reference": "kanidm-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-1.3.3~git0.f075d13-bp156.4.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kanidm-1.3.3~git0.f075d13-bp156.4.1.x86_64"
},
"product_reference": "kanidm-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64"
},
"product_reference": "kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64"
},
"product_reference": "kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.aarch64"
},
"product_reference": "kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.x86_64"
},
"product_reference": "kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-server-1.3.3~git0.f075d13-bp156.4.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.aarch64"
},
"product_reference": "kanidm-server-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-server-1.3.3~git0.f075d13-bp156.4.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.x86_64"
},
"product_reference": "kanidm-server-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64"
},
"product_reference": "kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64"
},
"product_reference": "kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-45710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-45710"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP6:kanidm-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-45710",
"url": "https://www.suse.com/security/cve/CVE-2021-45710"
},
{
"category": "external",
"summary": "SUSE Bug 1194119 for CVE-2021-45710",
"url": "https://bugzilla.suse.com/1194119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP6:kanidm-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP6:kanidm-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-09T12:04:21Z",
"details": "low"
}
],
"title": "CVE-2021-45710"
},
{
"cve": "CVE-2022-24713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-24713"
}
],
"notes": [
{
"category": "general",
"text": "regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it\u0027s considered part of the crate\u0027s API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it\u0027s possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP6:kanidm-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-24713",
"url": "https://www.suse.com/security/cve/CVE-2022-24713"
},
{
"category": "external",
"summary": "SUSE Bug 1196972 for CVE-2022-24713",
"url": "https://bugzilla.suse.com/1196972"
},
{
"category": "external",
"summary": "SUSE Bug 1197903 for CVE-2022-24713",
"url": "https://bugzilla.suse.com/1197903"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP6:kanidm-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP6:kanidm-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-09T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2022-24713"
},
{
"cve": "CVE-2023-26964",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-26964"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service (DoS).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP6:kanidm-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-26964",
"url": "https://www.suse.com/security/cve/CVE-2023-26964"
},
{
"category": "external",
"summary": "SUSE Bug 1210339 for CVE-2023-26964",
"url": "https://bugzilla.suse.com/1210339"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP6:kanidm-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP6:kanidm-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"SUSE Package Hub 15 SP6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"SUSE Package Hub 15 SP6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-docs-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-server-1.3.3~git0.f075d13-bp156.4.1.x86_64",
"openSUSE Leap 15.6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.aarch64",
"openSUSE Leap 15.6:kanidm-unixd-clients-1.3.3~git0.f075d13-bp156.4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-09-09T12:04:21Z",
"details": "moderate"
}
],
"title": "CVE-2023-26964"
}
]
}
opensuse-su-2024:11715-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
rustup-1.24.3~git1.0a74fef5-2.1 on GA media
Notes
Title of the patch
rustup-1.24.3~git1.0a74fef5-2.1 on GA media
Description of the patch
These are all security issues fixed in the rustup-1.24.3~git1.0a74fef5-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11715
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "rustup-1.24.3~git1.0a74fef5-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the rustup-1.24.3~git1.0a74fef5-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11715",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11715-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-45710 page",
"url": "https://www.suse.com/security/cve/CVE-2021-45710/"
}
],
"title": "rustup-1.24.3~git1.0a74fef5-2.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11715-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rustup-1.24.3~git1.0a74fef5-2.1.aarch64",
"product": {
"name": "rustup-1.24.3~git1.0a74fef5-2.1.aarch64",
"product_id": "rustup-1.24.3~git1.0a74fef5-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rustup-1.24.3~git1.0a74fef5-2.1.ppc64le",
"product": {
"name": "rustup-1.24.3~git1.0a74fef5-2.1.ppc64le",
"product_id": "rustup-1.24.3~git1.0a74fef5-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rustup-1.24.3~git1.0a74fef5-2.1.s390x",
"product": {
"name": "rustup-1.24.3~git1.0a74fef5-2.1.s390x",
"product_id": "rustup-1.24.3~git1.0a74fef5-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rustup-1.24.3~git1.0a74fef5-2.1.x86_64",
"product": {
"name": "rustup-1.24.3~git1.0a74fef5-2.1.x86_64",
"product_id": "rustup-1.24.3~git1.0a74fef5-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rustup-1.24.3~git1.0a74fef5-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rustup-1.24.3~git1.0a74fef5-2.1.aarch64"
},
"product_reference": "rustup-1.24.3~git1.0a74fef5-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rustup-1.24.3~git1.0a74fef5-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rustup-1.24.3~git1.0a74fef5-2.1.ppc64le"
},
"product_reference": "rustup-1.24.3~git1.0a74fef5-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rustup-1.24.3~git1.0a74fef5-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rustup-1.24.3~git1.0a74fef5-2.1.s390x"
},
"product_reference": "rustup-1.24.3~git1.0a74fef5-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rustup-1.24.3~git1.0a74fef5-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rustup-1.24.3~git1.0a74fef5-2.1.x86_64"
},
"product_reference": "rustup-1.24.3~git1.0a74fef5-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-45710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-45710"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rustup-1.24.3~git1.0a74fef5-2.1.aarch64",
"openSUSE Tumbleweed:rustup-1.24.3~git1.0a74fef5-2.1.ppc64le",
"openSUSE Tumbleweed:rustup-1.24.3~git1.0a74fef5-2.1.s390x",
"openSUSE Tumbleweed:rustup-1.24.3~git1.0a74fef5-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-45710",
"url": "https://www.suse.com/security/cve/CVE-2021-45710"
},
{
"category": "external",
"summary": "SUSE Bug 1194119 for CVE-2021-45710",
"url": "https://bugzilla.suse.com/1194119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rustup-1.24.3~git1.0a74fef5-2.1.aarch64",
"openSUSE Tumbleweed:rustup-1.24.3~git1.0a74fef5-2.1.ppc64le",
"openSUSE Tumbleweed:rustup-1.24.3~git1.0a74fef5-2.1.s390x",
"openSUSE Tumbleweed:rustup-1.24.3~git1.0a74fef5-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rustup-1.24.3~git1.0a74fef5-2.1.aarch64",
"openSUSE Tumbleweed:rustup-1.24.3~git1.0a74fef5-2.1.ppc64le",
"openSUSE Tumbleweed:rustup-1.24.3~git1.0a74fef5-2.1.s390x",
"openSUSE Tumbleweed:rustup-1.24.3~git1.0a74fef5-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2021-45710"
}
]
}
opensuse-su-2024:11916-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
tealdeer-1.5.0+0-1.1 on GA media
Notes
Title of the patch
tealdeer-1.5.0+0-1.1 on GA media
Description of the patch
These are all security issues fixed in the tealdeer-1.5.0+0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11916
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "tealdeer-1.5.0+0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the tealdeer-1.5.0+0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11916",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11916-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-45710 page",
"url": "https://www.suse.com/security/cve/CVE-2021-45710/"
}
],
"title": "tealdeer-1.5.0+0-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11916-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tealdeer-1.5.0+0-1.1.aarch64",
"product": {
"name": "tealdeer-1.5.0+0-1.1.aarch64",
"product_id": "tealdeer-1.5.0+0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "tealdeer-1.5.0+0-1.1.ppc64le",
"product": {
"name": "tealdeer-1.5.0+0-1.1.ppc64le",
"product_id": "tealdeer-1.5.0+0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "tealdeer-1.5.0+0-1.1.s390x",
"product": {
"name": "tealdeer-1.5.0+0-1.1.s390x",
"product_id": "tealdeer-1.5.0+0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "tealdeer-1.5.0+0-1.1.x86_64",
"product": {
"name": "tealdeer-1.5.0+0-1.1.x86_64",
"product_id": "tealdeer-1.5.0+0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tealdeer-1.5.0+0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tealdeer-1.5.0+0-1.1.aarch64"
},
"product_reference": "tealdeer-1.5.0+0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tealdeer-1.5.0+0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tealdeer-1.5.0+0-1.1.ppc64le"
},
"product_reference": "tealdeer-1.5.0+0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tealdeer-1.5.0+0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tealdeer-1.5.0+0-1.1.s390x"
},
"product_reference": "tealdeer-1.5.0+0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tealdeer-1.5.0+0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tealdeer-1.5.0+0-1.1.x86_64"
},
"product_reference": "tealdeer-1.5.0+0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-45710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-45710"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tealdeer-1.5.0+0-1.1.aarch64",
"openSUSE Tumbleweed:tealdeer-1.5.0+0-1.1.ppc64le",
"openSUSE Tumbleweed:tealdeer-1.5.0+0-1.1.s390x",
"openSUSE Tumbleweed:tealdeer-1.5.0+0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-45710",
"url": "https://www.suse.com/security/cve/CVE-2021-45710"
},
{
"category": "external",
"summary": "SUSE Bug 1194119 for CVE-2021-45710",
"url": "https://bugzilla.suse.com/1194119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tealdeer-1.5.0+0-1.1.aarch64",
"openSUSE Tumbleweed:tealdeer-1.5.0+0-1.1.ppc64le",
"openSUSE Tumbleweed:tealdeer-1.5.0+0-1.1.s390x",
"openSUSE Tumbleweed:tealdeer-1.5.0+0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tealdeer-1.5.0+0-1.1.aarch64",
"openSUSE Tumbleweed:tealdeer-1.5.0+0-1.1.ppc64le",
"openSUSE Tumbleweed:tealdeer-1.5.0+0-1.1.s390x",
"openSUSE Tumbleweed:tealdeer-1.5.0+0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2021-45710"
}
]
}
opensuse-su-2024:11721-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
librav1e0-0.5.1+0-2.1 on GA media
Notes
Title of the patch
librav1e0-0.5.1+0-2.1 on GA media
Description of the patch
These are all security issues fixed in the librav1e0-0.5.1+0-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11721
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "librav1e0-0.5.1+0-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the librav1e0-0.5.1+0-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11721",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11721-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-25023 page",
"url": "https://www.suse.com/security/cve/CVE-2018-25023/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-45710 page",
"url": "https://www.suse.com/security/cve/CVE-2021-45710/"
}
],
"title": "librav1e0-0.5.1+0-2.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11721-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "librav1e0-0.5.1+0-2.1.aarch64",
"product": {
"name": "librav1e0-0.5.1+0-2.1.aarch64",
"product_id": "librav1e0-0.5.1+0-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "librav1e0-32bit-0.5.1+0-2.1.aarch64",
"product": {
"name": "librav1e0-32bit-0.5.1+0-2.1.aarch64",
"product_id": "librav1e0-32bit-0.5.1+0-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "rav1e-0.5.1+0-2.1.aarch64",
"product": {
"name": "rav1e-0.5.1+0-2.1.aarch64",
"product_id": "rav1e-0.5.1+0-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "rav1e-devel-0.5.1+0-2.1.aarch64",
"product": {
"name": "rav1e-devel-0.5.1+0-2.1.aarch64",
"product_id": "rav1e-devel-0.5.1+0-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "librav1e0-0.5.1+0-2.1.ppc64le",
"product": {
"name": "librav1e0-0.5.1+0-2.1.ppc64le",
"product_id": "librav1e0-0.5.1+0-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "librav1e0-32bit-0.5.1+0-2.1.ppc64le",
"product": {
"name": "librav1e0-32bit-0.5.1+0-2.1.ppc64le",
"product_id": "librav1e0-32bit-0.5.1+0-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rav1e-0.5.1+0-2.1.ppc64le",
"product": {
"name": "rav1e-0.5.1+0-2.1.ppc64le",
"product_id": "rav1e-0.5.1+0-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "rav1e-devel-0.5.1+0-2.1.ppc64le",
"product": {
"name": "rav1e-devel-0.5.1+0-2.1.ppc64le",
"product_id": "rav1e-devel-0.5.1+0-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "librav1e0-0.5.1+0-2.1.s390x",
"product": {
"name": "librav1e0-0.5.1+0-2.1.s390x",
"product_id": "librav1e0-0.5.1+0-2.1.s390x"
}
},
{
"category": "product_version",
"name": "librav1e0-32bit-0.5.1+0-2.1.s390x",
"product": {
"name": "librav1e0-32bit-0.5.1+0-2.1.s390x",
"product_id": "librav1e0-32bit-0.5.1+0-2.1.s390x"
}
},
{
"category": "product_version",
"name": "rav1e-0.5.1+0-2.1.s390x",
"product": {
"name": "rav1e-0.5.1+0-2.1.s390x",
"product_id": "rav1e-0.5.1+0-2.1.s390x"
}
},
{
"category": "product_version",
"name": "rav1e-devel-0.5.1+0-2.1.s390x",
"product": {
"name": "rav1e-devel-0.5.1+0-2.1.s390x",
"product_id": "rav1e-devel-0.5.1+0-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "librav1e0-0.5.1+0-2.1.x86_64",
"product": {
"name": "librav1e0-0.5.1+0-2.1.x86_64",
"product_id": "librav1e0-0.5.1+0-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "librav1e0-32bit-0.5.1+0-2.1.x86_64",
"product": {
"name": "librav1e0-32bit-0.5.1+0-2.1.x86_64",
"product_id": "librav1e0-32bit-0.5.1+0-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "rav1e-0.5.1+0-2.1.x86_64",
"product": {
"name": "rav1e-0.5.1+0-2.1.x86_64",
"product_id": "rav1e-0.5.1+0-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "rav1e-devel-0.5.1+0-2.1.x86_64",
"product": {
"name": "rav1e-devel-0.5.1+0-2.1.x86_64",
"product_id": "rav1e-devel-0.5.1+0-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "librav1e0-0.5.1+0-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:librav1e0-0.5.1+0-2.1.aarch64"
},
"product_reference": "librav1e0-0.5.1+0-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librav1e0-0.5.1+0-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:librav1e0-0.5.1+0-2.1.ppc64le"
},
"product_reference": "librav1e0-0.5.1+0-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librav1e0-0.5.1+0-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:librav1e0-0.5.1+0-2.1.s390x"
},
"product_reference": "librav1e0-0.5.1+0-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librav1e0-0.5.1+0-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:librav1e0-0.5.1+0-2.1.x86_64"
},
"product_reference": "librav1e0-0.5.1+0-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librav1e0-32bit-0.5.1+0-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:librav1e0-32bit-0.5.1+0-2.1.aarch64"
},
"product_reference": "librav1e0-32bit-0.5.1+0-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librav1e0-32bit-0.5.1+0-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:librav1e0-32bit-0.5.1+0-2.1.ppc64le"
},
"product_reference": "librav1e0-32bit-0.5.1+0-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librav1e0-32bit-0.5.1+0-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:librav1e0-32bit-0.5.1+0-2.1.s390x"
},
"product_reference": "librav1e0-32bit-0.5.1+0-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "librav1e0-32bit-0.5.1+0-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:librav1e0-32bit-0.5.1+0-2.1.x86_64"
},
"product_reference": "librav1e0-32bit-0.5.1+0-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rav1e-0.5.1+0-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rav1e-0.5.1+0-2.1.aarch64"
},
"product_reference": "rav1e-0.5.1+0-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rav1e-0.5.1+0-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rav1e-0.5.1+0-2.1.ppc64le"
},
"product_reference": "rav1e-0.5.1+0-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rav1e-0.5.1+0-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rav1e-0.5.1+0-2.1.s390x"
},
"product_reference": "rav1e-0.5.1+0-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rav1e-0.5.1+0-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rav1e-0.5.1+0-2.1.x86_64"
},
"product_reference": "rav1e-0.5.1+0-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rav1e-devel-0.5.1+0-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rav1e-devel-0.5.1+0-2.1.aarch64"
},
"product_reference": "rav1e-devel-0.5.1+0-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rav1e-devel-0.5.1+0-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rav1e-devel-0.5.1+0-2.1.ppc64le"
},
"product_reference": "rav1e-devel-0.5.1+0-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rav1e-devel-0.5.1+0-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rav1e-devel-0.5.1+0-2.1.s390x"
},
"product_reference": "rav1e-devel-0.5.1+0-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rav1e-devel-0.5.1+0-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rav1e-devel-0.5.1+0-2.1.x86_64"
},
"product_reference": "rav1e-devel-0.5.1+0-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-25023",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-25023"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the smallvec crate before 0.6.13 for Rust. It can create an uninitialized value of any type, including a reference type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:librav1e0-0.5.1+0-2.1.aarch64",
"openSUSE Tumbleweed:librav1e0-0.5.1+0-2.1.ppc64le",
"openSUSE Tumbleweed:librav1e0-0.5.1+0-2.1.s390x",
"openSUSE Tumbleweed:librav1e0-0.5.1+0-2.1.x86_64",
"openSUSE Tumbleweed:librav1e0-32bit-0.5.1+0-2.1.aarch64",
"openSUSE Tumbleweed:librav1e0-32bit-0.5.1+0-2.1.ppc64le",
"openSUSE Tumbleweed:librav1e0-32bit-0.5.1+0-2.1.s390x",
"openSUSE Tumbleweed:librav1e0-32bit-0.5.1+0-2.1.x86_64",
"openSUSE Tumbleweed:rav1e-0.5.1+0-2.1.aarch64",
"openSUSE Tumbleweed:rav1e-0.5.1+0-2.1.ppc64le",
"openSUSE Tumbleweed:rav1e-0.5.1+0-2.1.s390x",
"openSUSE Tumbleweed:rav1e-0.5.1+0-2.1.x86_64",
"openSUSE Tumbleweed:rav1e-devel-0.5.1+0-2.1.aarch64",
"openSUSE Tumbleweed:rav1e-devel-0.5.1+0-2.1.ppc64le",
"openSUSE Tumbleweed:rav1e-devel-0.5.1+0-2.1.s390x",
"openSUSE Tumbleweed:rav1e-devel-0.5.1+0-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-25023",
"url": "https://www.suse.com/security/cve/CVE-2018-25023"
},
{
"category": "external",
"summary": "SUSE Bug 1194113 for CVE-2018-25023",
"url": "https://bugzilla.suse.com/1194113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:librav1e0-0.5.1+0-2.1.aarch64",
"openSUSE Tumbleweed:librav1e0-0.5.1+0-2.1.ppc64le",
"openSUSE Tumbleweed:librav1e0-0.5.1+0-2.1.s390x",
"openSUSE Tumbleweed:librav1e0-0.5.1+0-2.1.x86_64",
"openSUSE Tumbleweed:librav1e0-32bit-0.5.1+0-2.1.aarch64",
"openSUSE Tumbleweed:librav1e0-32bit-0.5.1+0-2.1.ppc64le",
"openSUSE Tumbleweed:librav1e0-32bit-0.5.1+0-2.1.s390x",
"openSUSE Tumbleweed:librav1e0-32bit-0.5.1+0-2.1.x86_64",
"openSUSE Tumbleweed:rav1e-0.5.1+0-2.1.aarch64",
"openSUSE Tumbleweed:rav1e-0.5.1+0-2.1.ppc64le",
"openSUSE Tumbleweed:rav1e-0.5.1+0-2.1.s390x",
"openSUSE Tumbleweed:rav1e-0.5.1+0-2.1.x86_64",
"openSUSE Tumbleweed:rav1e-devel-0.5.1+0-2.1.aarch64",
"openSUSE Tumbleweed:rav1e-devel-0.5.1+0-2.1.ppc64le",
"openSUSE Tumbleweed:rav1e-devel-0.5.1+0-2.1.s390x",
"openSUSE Tumbleweed:rav1e-devel-0.5.1+0-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:librav1e0-0.5.1+0-2.1.aarch64",
"openSUSE Tumbleweed:librav1e0-0.5.1+0-2.1.ppc64le",
"openSUSE Tumbleweed:librav1e0-0.5.1+0-2.1.s390x",
"openSUSE Tumbleweed:librav1e0-0.5.1+0-2.1.x86_64",
"openSUSE Tumbleweed:librav1e0-32bit-0.5.1+0-2.1.aarch64",
"openSUSE Tumbleweed:librav1e0-32bit-0.5.1+0-2.1.ppc64le",
"openSUSE Tumbleweed:librav1e0-32bit-0.5.1+0-2.1.s390x",
"openSUSE Tumbleweed:librav1e0-32bit-0.5.1+0-2.1.x86_64",
"openSUSE Tumbleweed:rav1e-0.5.1+0-2.1.aarch64",
"openSUSE Tumbleweed:rav1e-0.5.1+0-2.1.ppc64le",
"openSUSE Tumbleweed:rav1e-0.5.1+0-2.1.s390x",
"openSUSE Tumbleweed:rav1e-0.5.1+0-2.1.x86_64",
"openSUSE Tumbleweed:rav1e-devel-0.5.1+0-2.1.aarch64",
"openSUSE Tumbleweed:rav1e-devel-0.5.1+0-2.1.ppc64le",
"openSUSE Tumbleweed:rav1e-devel-0.5.1+0-2.1.s390x",
"openSUSE Tumbleweed:rav1e-devel-0.5.1+0-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-25023"
},
{
"cve": "CVE-2021-45710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-45710"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:librav1e0-0.5.1+0-2.1.aarch64",
"openSUSE Tumbleweed:librav1e0-0.5.1+0-2.1.ppc64le",
"openSUSE Tumbleweed:librav1e0-0.5.1+0-2.1.s390x",
"openSUSE Tumbleweed:librav1e0-0.5.1+0-2.1.x86_64",
"openSUSE Tumbleweed:librav1e0-32bit-0.5.1+0-2.1.aarch64",
"openSUSE Tumbleweed:librav1e0-32bit-0.5.1+0-2.1.ppc64le",
"openSUSE Tumbleweed:librav1e0-32bit-0.5.1+0-2.1.s390x",
"openSUSE Tumbleweed:librav1e0-32bit-0.5.1+0-2.1.x86_64",
"openSUSE Tumbleweed:rav1e-0.5.1+0-2.1.aarch64",
"openSUSE Tumbleweed:rav1e-0.5.1+0-2.1.ppc64le",
"openSUSE Tumbleweed:rav1e-0.5.1+0-2.1.s390x",
"openSUSE Tumbleweed:rav1e-0.5.1+0-2.1.x86_64",
"openSUSE Tumbleweed:rav1e-devel-0.5.1+0-2.1.aarch64",
"openSUSE Tumbleweed:rav1e-devel-0.5.1+0-2.1.ppc64le",
"openSUSE Tumbleweed:rav1e-devel-0.5.1+0-2.1.s390x",
"openSUSE Tumbleweed:rav1e-devel-0.5.1+0-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-45710",
"url": "https://www.suse.com/security/cve/CVE-2021-45710"
},
{
"category": "external",
"summary": "SUSE Bug 1194119 for CVE-2021-45710",
"url": "https://bugzilla.suse.com/1194119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:librav1e0-0.5.1+0-2.1.aarch64",
"openSUSE Tumbleweed:librav1e0-0.5.1+0-2.1.ppc64le",
"openSUSE Tumbleweed:librav1e0-0.5.1+0-2.1.s390x",
"openSUSE Tumbleweed:librav1e0-0.5.1+0-2.1.x86_64",
"openSUSE Tumbleweed:librav1e0-32bit-0.5.1+0-2.1.aarch64",
"openSUSE Tumbleweed:librav1e0-32bit-0.5.1+0-2.1.ppc64le",
"openSUSE Tumbleweed:librav1e0-32bit-0.5.1+0-2.1.s390x",
"openSUSE Tumbleweed:librav1e0-32bit-0.5.1+0-2.1.x86_64",
"openSUSE Tumbleweed:rav1e-0.5.1+0-2.1.aarch64",
"openSUSE Tumbleweed:rav1e-0.5.1+0-2.1.ppc64le",
"openSUSE Tumbleweed:rav1e-0.5.1+0-2.1.s390x",
"openSUSE Tumbleweed:rav1e-0.5.1+0-2.1.x86_64",
"openSUSE Tumbleweed:rav1e-devel-0.5.1+0-2.1.aarch64",
"openSUSE Tumbleweed:rav1e-devel-0.5.1+0-2.1.ppc64le",
"openSUSE Tumbleweed:rav1e-devel-0.5.1+0-2.1.s390x",
"openSUSE Tumbleweed:rav1e-devel-0.5.1+0-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:librav1e0-0.5.1+0-2.1.aarch64",
"openSUSE Tumbleweed:librav1e0-0.5.1+0-2.1.ppc64le",
"openSUSE Tumbleweed:librav1e0-0.5.1+0-2.1.s390x",
"openSUSE Tumbleweed:librav1e0-0.5.1+0-2.1.x86_64",
"openSUSE Tumbleweed:librav1e0-32bit-0.5.1+0-2.1.aarch64",
"openSUSE Tumbleweed:librav1e0-32bit-0.5.1+0-2.1.ppc64le",
"openSUSE Tumbleweed:librav1e0-32bit-0.5.1+0-2.1.s390x",
"openSUSE Tumbleweed:librav1e0-32bit-0.5.1+0-2.1.x86_64",
"openSUSE Tumbleweed:rav1e-0.5.1+0-2.1.aarch64",
"openSUSE Tumbleweed:rav1e-0.5.1+0-2.1.ppc64le",
"openSUSE Tumbleweed:rav1e-0.5.1+0-2.1.s390x",
"openSUSE Tumbleweed:rav1e-0.5.1+0-2.1.x86_64",
"openSUSE Tumbleweed:rav1e-devel-0.5.1+0-2.1.aarch64",
"openSUSE Tumbleweed:rav1e-devel-0.5.1+0-2.1.ppc64le",
"openSUSE Tumbleweed:rav1e-devel-0.5.1+0-2.1.s390x",
"openSUSE Tumbleweed:rav1e-devel-0.5.1+0-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2021-45710"
}
]
}
opensuse-su-2024:11714-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
rustscan-2.0.1+0-1.1 on GA media
Notes
Title of the patch
rustscan-2.0.1+0-1.1 on GA media
Description of the patch
These are all security issues fixed in the rustscan-2.0.1+0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11714
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "rustscan-2.0.1+0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the rustscan-2.0.1+0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11714",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11714-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-45710 page",
"url": "https://www.suse.com/security/cve/CVE-2021-45710/"
}
],
"title": "rustscan-2.0.1+0-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11714-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rustscan-2.0.1+0-1.1.aarch64",
"product": {
"name": "rustscan-2.0.1+0-1.1.aarch64",
"product_id": "rustscan-2.0.1+0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rustscan-2.0.1+0-1.1.ppc64le",
"product": {
"name": "rustscan-2.0.1+0-1.1.ppc64le",
"product_id": "rustscan-2.0.1+0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rustscan-2.0.1+0-1.1.s390x",
"product": {
"name": "rustscan-2.0.1+0-1.1.s390x",
"product_id": "rustscan-2.0.1+0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rustscan-2.0.1+0-1.1.x86_64",
"product": {
"name": "rustscan-2.0.1+0-1.1.x86_64",
"product_id": "rustscan-2.0.1+0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rustscan-2.0.1+0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rustscan-2.0.1+0-1.1.aarch64"
},
"product_reference": "rustscan-2.0.1+0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rustscan-2.0.1+0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rustscan-2.0.1+0-1.1.ppc64le"
},
"product_reference": "rustscan-2.0.1+0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rustscan-2.0.1+0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rustscan-2.0.1+0-1.1.s390x"
},
"product_reference": "rustscan-2.0.1+0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rustscan-2.0.1+0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:rustscan-2.0.1+0-1.1.x86_64"
},
"product_reference": "rustscan-2.0.1+0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-45710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-45710"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:rustscan-2.0.1+0-1.1.aarch64",
"openSUSE Tumbleweed:rustscan-2.0.1+0-1.1.ppc64le",
"openSUSE Tumbleweed:rustscan-2.0.1+0-1.1.s390x",
"openSUSE Tumbleweed:rustscan-2.0.1+0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-45710",
"url": "https://www.suse.com/security/cve/CVE-2021-45710"
},
{
"category": "external",
"summary": "SUSE Bug 1194119 for CVE-2021-45710",
"url": "https://bugzilla.suse.com/1194119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:rustscan-2.0.1+0-1.1.aarch64",
"openSUSE Tumbleweed:rustscan-2.0.1+0-1.1.ppc64le",
"openSUSE Tumbleweed:rustscan-2.0.1+0-1.1.s390x",
"openSUSE Tumbleweed:rustscan-2.0.1+0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:rustscan-2.0.1+0-1.1.aarch64",
"openSUSE Tumbleweed:rustscan-2.0.1+0-1.1.ppc64le",
"openSUSE Tumbleweed:rustscan-2.0.1+0-1.1.s390x",
"openSUSE Tumbleweed:rustscan-2.0.1+0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2021-45710"
}
]
}
opensuse-su-2024:11717-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
tuigreet-0.7.1-3.1 on GA media
Notes
Title of the patch
tuigreet-0.7.1-3.1 on GA media
Description of the patch
These are all security issues fixed in the tuigreet-0.7.1-3.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11717
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "tuigreet-0.7.1-3.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the tuigreet-0.7.1-3.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11717",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11717-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-45710 page",
"url": "https://www.suse.com/security/cve/CVE-2021-45710/"
}
],
"title": "tuigreet-0.7.1-3.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11717-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "tuigreet-0.7.1-3.1.aarch64",
"product": {
"name": "tuigreet-0.7.1-3.1.aarch64",
"product_id": "tuigreet-0.7.1-3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "tuigreet-0.7.1-3.1.ppc64le",
"product": {
"name": "tuigreet-0.7.1-3.1.ppc64le",
"product_id": "tuigreet-0.7.1-3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "tuigreet-0.7.1-3.1.s390x",
"product": {
"name": "tuigreet-0.7.1-3.1.s390x",
"product_id": "tuigreet-0.7.1-3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "tuigreet-0.7.1-3.1.x86_64",
"product": {
"name": "tuigreet-0.7.1-3.1.x86_64",
"product_id": "tuigreet-0.7.1-3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tuigreet-0.7.1-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tuigreet-0.7.1-3.1.aarch64"
},
"product_reference": "tuigreet-0.7.1-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tuigreet-0.7.1-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tuigreet-0.7.1-3.1.ppc64le"
},
"product_reference": "tuigreet-0.7.1-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tuigreet-0.7.1-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tuigreet-0.7.1-3.1.s390x"
},
"product_reference": "tuigreet-0.7.1-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tuigreet-0.7.1-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tuigreet-0.7.1-3.1.x86_64"
},
"product_reference": "tuigreet-0.7.1-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-45710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-45710"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:tuigreet-0.7.1-3.1.aarch64",
"openSUSE Tumbleweed:tuigreet-0.7.1-3.1.ppc64le",
"openSUSE Tumbleweed:tuigreet-0.7.1-3.1.s390x",
"openSUSE Tumbleweed:tuigreet-0.7.1-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-45710",
"url": "https://www.suse.com/security/cve/CVE-2021-45710"
},
{
"category": "external",
"summary": "SUSE Bug 1194119 for CVE-2021-45710",
"url": "https://bugzilla.suse.com/1194119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:tuigreet-0.7.1-3.1.aarch64",
"openSUSE Tumbleweed:tuigreet-0.7.1-3.1.ppc64le",
"openSUSE Tumbleweed:tuigreet-0.7.1-3.1.s390x",
"openSUSE Tumbleweed:tuigreet-0.7.1-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:tuigreet-0.7.1-3.1.aarch64",
"openSUSE Tumbleweed:tuigreet-0.7.1-3.1.ppc64le",
"openSUSE Tumbleweed:tuigreet-0.7.1-3.1.s390x",
"openSUSE Tumbleweed:tuigreet-0.7.1-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2021-45710"
}
]
}
opensuse-su-2024:11720-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
cargo-c-0.8.1~git0.cce1b08-2.1 on GA media
Notes
Title of the patch
cargo-c-0.8.1~git0.cce1b08-2.1 on GA media
Description of the patch
These are all security issues fixed in the cargo-c-0.8.1~git0.cce1b08-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11720
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "cargo-c-0.8.1~git0.cce1b08-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the cargo-c-0.8.1~git0.cce1b08-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11720",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11720-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-25023 page",
"url": "https://www.suse.com/security/cve/CVE-2018-25023/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-45710 page",
"url": "https://www.suse.com/security/cve/CVE-2021-45710/"
}
],
"title": "cargo-c-0.8.1~git0.cce1b08-2.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11720-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cargo-c-0.8.1~git0.cce1b08-2.1.aarch64",
"product": {
"name": "cargo-c-0.8.1~git0.cce1b08-2.1.aarch64",
"product_id": "cargo-c-0.8.1~git0.cce1b08-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-c-0.8.1~git0.cce1b08-2.1.ppc64le",
"product": {
"name": "cargo-c-0.8.1~git0.cce1b08-2.1.ppc64le",
"product_id": "cargo-c-0.8.1~git0.cce1b08-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-c-0.8.1~git0.cce1b08-2.1.s390x",
"product": {
"name": "cargo-c-0.8.1~git0.cce1b08-2.1.s390x",
"product_id": "cargo-c-0.8.1~git0.cce1b08-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cargo-c-0.8.1~git0.cce1b08-2.1.x86_64",
"product": {
"name": "cargo-c-0.8.1~git0.cce1b08-2.1.x86_64",
"product_id": "cargo-c-0.8.1~git0.cce1b08-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-c-0.8.1~git0.cce1b08-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-c-0.8.1~git0.cce1b08-2.1.aarch64"
},
"product_reference": "cargo-c-0.8.1~git0.cce1b08-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-c-0.8.1~git0.cce1b08-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-c-0.8.1~git0.cce1b08-2.1.ppc64le"
},
"product_reference": "cargo-c-0.8.1~git0.cce1b08-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-c-0.8.1~git0.cce1b08-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-c-0.8.1~git0.cce1b08-2.1.s390x"
},
"product_reference": "cargo-c-0.8.1~git0.cce1b08-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cargo-c-0.8.1~git0.cce1b08-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:cargo-c-0.8.1~git0.cce1b08-2.1.x86_64"
},
"product_reference": "cargo-c-0.8.1~git0.cce1b08-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-25023",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-25023"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the smallvec crate before 0.6.13 for Rust. It can create an uninitialized value of any type, including a reference type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cargo-c-0.8.1~git0.cce1b08-2.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.8.1~git0.cce1b08-2.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.8.1~git0.cce1b08-2.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.8.1~git0.cce1b08-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-25023",
"url": "https://www.suse.com/security/cve/CVE-2018-25023"
},
{
"category": "external",
"summary": "SUSE Bug 1194113 for CVE-2018-25023",
"url": "https://bugzilla.suse.com/1194113"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cargo-c-0.8.1~git0.cce1b08-2.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.8.1~git0.cce1b08-2.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.8.1~git0.cce1b08-2.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.8.1~git0.cce1b08-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cargo-c-0.8.1~git0.cce1b08-2.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.8.1~git0.cce1b08-2.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.8.1~git0.cce1b08-2.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.8.1~git0.cce1b08-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-25023"
},
{
"cve": "CVE-2021-45710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-45710"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:cargo-c-0.8.1~git0.cce1b08-2.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.8.1~git0.cce1b08-2.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.8.1~git0.cce1b08-2.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.8.1~git0.cce1b08-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-45710",
"url": "https://www.suse.com/security/cve/CVE-2021-45710"
},
{
"category": "external",
"summary": "SUSE Bug 1194119 for CVE-2021-45710",
"url": "https://bugzilla.suse.com/1194119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:cargo-c-0.8.1~git0.cce1b08-2.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.8.1~git0.cce1b08-2.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.8.1~git0.cce1b08-2.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.8.1~git0.cce1b08-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:cargo-c-0.8.1~git0.cce1b08-2.1.aarch64",
"openSUSE Tumbleweed:cargo-c-0.8.1~git0.cce1b08-2.1.ppc64le",
"openSUSE Tumbleweed:cargo-c-0.8.1~git0.cce1b08-2.1.s390x",
"openSUSE Tumbleweed:cargo-c-0.8.1~git0.cce1b08-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2021-45710"
}
]
}
opensuse-su-2024:11722-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
spotifyd-0.3.3-2.1 on GA media
Notes
Title of the patch
spotifyd-0.3.3-2.1 on GA media
Description of the patch
These are all security issues fixed in the spotifyd-0.3.3-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11722
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "spotifyd-0.3.3-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the spotifyd-0.3.3-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11722",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11722-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-45710 page",
"url": "https://www.suse.com/security/cve/CVE-2021-45710/"
}
],
"title": "spotifyd-0.3.3-2.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11722-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "spotifyd-0.3.3-2.1.aarch64",
"product": {
"name": "spotifyd-0.3.3-2.1.aarch64",
"product_id": "spotifyd-0.3.3-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "spotifyd-0.3.3-2.1.ppc64le",
"product": {
"name": "spotifyd-0.3.3-2.1.ppc64le",
"product_id": "spotifyd-0.3.3-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "spotifyd-0.3.3-2.1.s390x",
"product": {
"name": "spotifyd-0.3.3-2.1.s390x",
"product_id": "spotifyd-0.3.3-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "spotifyd-0.3.3-2.1.x86_64",
"product": {
"name": "spotifyd-0.3.3-2.1.x86_64",
"product_id": "spotifyd-0.3.3-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "spotifyd-0.3.3-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:spotifyd-0.3.3-2.1.aarch64"
},
"product_reference": "spotifyd-0.3.3-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spotifyd-0.3.3-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:spotifyd-0.3.3-2.1.ppc64le"
},
"product_reference": "spotifyd-0.3.3-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spotifyd-0.3.3-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:spotifyd-0.3.3-2.1.s390x"
},
"product_reference": "spotifyd-0.3.3-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spotifyd-0.3.3-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:spotifyd-0.3.3-2.1.x86_64"
},
"product_reference": "spotifyd-0.3.3-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-45710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-45710"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:spotifyd-0.3.3-2.1.aarch64",
"openSUSE Tumbleweed:spotifyd-0.3.3-2.1.ppc64le",
"openSUSE Tumbleweed:spotifyd-0.3.3-2.1.s390x",
"openSUSE Tumbleweed:spotifyd-0.3.3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-45710",
"url": "https://www.suse.com/security/cve/CVE-2021-45710"
},
{
"category": "external",
"summary": "SUSE Bug 1194119 for CVE-2021-45710",
"url": "https://bugzilla.suse.com/1194119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:spotifyd-0.3.3-2.1.aarch64",
"openSUSE Tumbleweed:spotifyd-0.3.3-2.1.ppc64le",
"openSUSE Tumbleweed:spotifyd-0.3.3-2.1.s390x",
"openSUSE Tumbleweed:spotifyd-0.3.3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:spotifyd-0.3.3-2.1.aarch64",
"openSUSE Tumbleweed:spotifyd-0.3.3-2.1.ppc64le",
"openSUSE Tumbleweed:spotifyd-0.3.3-2.1.s390x",
"openSUSE Tumbleweed:spotifyd-0.3.3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2021-45710"
}
]
}
suse-su-2022:3996-1
Vulnerability from csaf_suse
Published
2022-11-15 16:07
Modified
2022-11-15 16:07
Summary
Security update for 389-ds
Notes
Title of the patch
Security update for 389-ds
Description of the patch
This update for 389-ds fixes the following issues:
- CVE-2021-45710: Fixed tokio data race with memory corruption (bsc#1194119).
- Update to version 2.0.16~git56.d15a0a7:
- Failure to migrate from openldap if pwdPolicyChecker present (bsc#1205146).
- Resolve issue with checklist post migration when dds is present (bsc#1204748).
- Improve reliability of migrations from openldap when dynamic directory services is configured (bsc#1204493).
Patchnames
SUSE-2022-3996,SUSE-SLE-Module-Server-Applications-15-SP4-2022-3996,openSUSE-SLE-15.4-2022-3996
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for 389-ds",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for 389-ds fixes the following issues:\n\n- CVE-2021-45710: Fixed tokio data race with memory corruption (bsc#1194119).\n\n- Update to version 2.0.16~git56.d15a0a7:\n- Failure to migrate from openldap if pwdPolicyChecker present (bsc#1205146). \n- Resolve issue with checklist post migration when dds is present (bsc#1204748). \n- Improve reliability of migrations from openldap when dynamic directory services is configured (bsc#1204493).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-3996,SUSE-SLE-Module-Server-Applications-15-SP4-2022-3996,openSUSE-SLE-15.4-2022-3996",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3996-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:3996-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223996-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:3996-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/012931.html"
},
{
"category": "self",
"summary": "SUSE Bug 1194119",
"url": "https://bugzilla.suse.com/1194119"
},
{
"category": "self",
"summary": "SUSE Bug 1204493",
"url": "https://bugzilla.suse.com/1204493"
},
{
"category": "self",
"summary": "SUSE Bug 1204748",
"url": "https://bugzilla.suse.com/1204748"
},
{
"category": "self",
"summary": "SUSE Bug 1205146",
"url": "https://bugzilla.suse.com/1205146"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-45710 page",
"url": "https://www.suse.com/security/cve/CVE-2021-45710/"
}
],
"title": "Security update for 389-ds",
"tracking": {
"current_release_date": "2022-11-15T16:07:01Z",
"generator": {
"date": "2022-11-15T16:07:01Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:3996-1",
"initial_release_date": "2022-11-15T16:07:01Z",
"revision_history": [
{
"date": "2022-11-15T16:07:01Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"product": {
"name": "389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"product_id": "389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"product": {
"name": "389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"product_id": "389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"product": {
"name": "389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"product_id": "389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "lib389-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"product": {
"name": "lib389-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"product_id": "lib389-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"product": {
"name": "libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"product_id": "libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"product": {
"name": "389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"product_id": "389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"product": {
"name": "389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"product_id": "389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"product": {
"name": "389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"product_id": "389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "lib389-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"product": {
"name": "lib389-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"product_id": "lib389-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"product": {
"name": "libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"product_id": "libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"product": {
"name": "389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"product_id": "389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.s390x"
}
},
{
"category": "product_version",
"name": "389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"product": {
"name": "389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"product_id": "389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.s390x"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"product": {
"name": "389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"product_id": "389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.s390x"
}
},
{
"category": "product_version",
"name": "lib389-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"product": {
"name": "lib389-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"product_id": "lib389-2.0.16~git56.d15a0a7-150400.3.15.1.s390x"
}
},
{
"category": "product_version",
"name": "libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"product": {
"name": "libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"product_id": "libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"product": {
"name": "389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"product_id": "389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"product": {
"name": "389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"product_id": "389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"product": {
"name": "389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"product_id": "389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "lib389-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"product": {
"name": "lib389-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"product_id": "lib389-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"product": {
"name": "libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"product_id": "libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64"
},
"product_reference": "389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le"
},
"product_reference": "389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.s390x"
},
"product_reference": "389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64"
},
"product_reference": "389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64"
},
"product_reference": "389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le"
},
"product_reference": "389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.s390x"
},
"product_reference": "389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64"
},
"product_reference": "389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64"
},
"product_reference": "lib389-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le"
},
"product_reference": "lib389-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-2.0.16~git56.d15a0a7-150400.3.15.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git56.d15a0a7-150400.3.15.1.s390x"
},
"product_reference": "lib389-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64"
},
"product_reference": "lib389-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64"
},
"product_reference": "libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le"
},
"product_reference": "libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.s390x"
},
"product_reference": "libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64"
},
"product_reference": "libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64"
},
"product_reference": "389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le"
},
"product_reference": "389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.s390x"
},
"product_reference": "389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64"
},
"product_reference": "389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64"
},
"product_reference": "389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le"
},
"product_reference": "389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.s390x"
},
"product_reference": "389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64"
},
"product_reference": "389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64"
},
"product_reference": "389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le"
},
"product_reference": "389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.s390x"
},
"product_reference": "389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64"
},
"product_reference": "389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:lib389-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64"
},
"product_reference": "lib389-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:lib389-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le"
},
"product_reference": "lib389-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-2.0.16~git56.d15a0a7-150400.3.15.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:lib389-2.0.16~git56.d15a0a7-150400.3.15.1.s390x"
},
"product_reference": "lib389-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:lib389-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64"
},
"product_reference": "lib389-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64"
},
"product_reference": "libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le"
},
"product_reference": "libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.s390x"
},
"product_reference": "libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64"
},
"product_reference": "libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-45710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-45710"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"openSUSE Leap 15.4:389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"openSUSE Leap 15.4:389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"openSUSE Leap 15.4:389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"openSUSE Leap 15.4:389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"openSUSE Leap 15.4:lib389-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"openSUSE Leap 15.4:lib389-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"openSUSE Leap 15.4:lib389-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"openSUSE Leap 15.4:lib389-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-45710",
"url": "https://www.suse.com/security/cve/CVE-2021-45710"
},
{
"category": "external",
"summary": "SUSE Bug 1194119 for CVE-2021-45710",
"url": "https://bugzilla.suse.com/1194119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"openSUSE Leap 15.4:389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"openSUSE Leap 15.4:389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"openSUSE Leap 15.4:389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"openSUSE Leap 15.4:389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"openSUSE Leap 15.4:lib389-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"openSUSE Leap 15.4:lib389-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"openSUSE Leap 15.4:lib389-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"openSUSE Leap 15.4:lib389-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:lib389-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP4:libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"openSUSE Leap 15.4:389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"openSUSE Leap 15.4:389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"openSUSE Leap 15.4:389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"openSUSE Leap 15.4:389-ds-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"openSUSE Leap 15.4:389-ds-devel-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"openSUSE Leap 15.4:389-ds-snmp-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"openSUSE Leap 15.4:lib389-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"openSUSE Leap 15.4:lib389-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"openSUSE Leap 15.4:lib389-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"openSUSE Leap 15.4:lib389-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.aarch64",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.ppc64le",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.s390x",
"openSUSE Leap 15.4:libsvrcore0-2.0.16~git56.d15a0a7-150400.3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-11-15T16:07:01Z",
"details": "low"
}
],
"title": "CVE-2021-45710"
}
]
}
suse-su-2022:4073-1
Vulnerability from csaf_suse
Published
2022-11-18 12:39
Modified
2022-11-18 12:39
Summary
Security update for sccache
Notes
Title of the patch
Security update for sccache
Description of the patch
This update for sccache fixes the following issues:
Updated to version 0.3.0:
- CVE-2022-24713: Fixed Regex denial of service (bsc#1196972).
- CVE-2021-45710: Fixed tokio data race with memory corruption (bsc#1194119).
- Added hardening to systemd service(s) (bsc#1181400).
Patchnames
SUSE-2022-4073,SUSE-SLE-Module-Development-Tools-15-SP3-2022-4073,openSUSE-SLE-15.3-2022-4073
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for sccache",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for sccache fixes the following issues:\n\n Updated to version 0.3.0:\n\n - CVE-2022-24713: Fixed Regex denial of service (bsc#1196972).\n - CVE-2021-45710: Fixed tokio data race with memory corruption (bsc#1194119).\n - Added hardening to systemd service(s) (bsc#1181400).\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-4073,SUSE-SLE-Module-Development-Tools-15-SP3-2022-4073,openSUSE-SLE-15.3-2022-4073",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_4073-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:4073-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224073-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:4073-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/012987.html"
},
{
"category": "self",
"summary": "SUSE Bug 1181400",
"url": "https://bugzilla.suse.com/1181400"
},
{
"category": "self",
"summary": "SUSE Bug 1194119",
"url": "https://bugzilla.suse.com/1194119"
},
{
"category": "self",
"summary": "SUSE Bug 1196972",
"url": "https://bugzilla.suse.com/1196972"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-45710 page",
"url": "https://www.suse.com/security/cve/CVE-2021-45710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-24713 page",
"url": "https://www.suse.com/security/cve/CVE-2022-24713/"
}
],
"title": "Security update for sccache",
"tracking": {
"current_release_date": "2022-11-18T12:39:41Z",
"generator": {
"date": "2022-11-18T12:39:41Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:4073-1",
"initial_release_date": "2022-11-18T12:39:41Z",
"revision_history": [
{
"date": "2022-11-18T12:39:41Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "sccache-0.3.0~git5.14a4b8b-150300.7.9.1.aarch64",
"product": {
"name": "sccache-0.3.0~git5.14a4b8b-150300.7.9.1.aarch64",
"product_id": "sccache-0.3.0~git5.14a4b8b-150300.7.9.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "sccache-0.3.0~git5.14a4b8b-150300.7.9.1.i586",
"product": {
"name": "sccache-0.3.0~git5.14a4b8b-150300.7.9.1.i586",
"product_id": "sccache-0.3.0~git5.14a4b8b-150300.7.9.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "sccache-0.3.0~git5.14a4b8b-150300.7.9.1.ppc64le",
"product": {
"name": "sccache-0.3.0~git5.14a4b8b-150300.7.9.1.ppc64le",
"product_id": "sccache-0.3.0~git5.14a4b8b-150300.7.9.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "sccache-0.3.0~git5.14a4b8b-150300.7.9.1.s390x",
"product": {
"name": "sccache-0.3.0~git5.14a4b8b-150300.7.9.1.s390x",
"product_id": "sccache-0.3.0~git5.14a4b8b-150300.7.9.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "sccache-0.3.0~git5.14a4b8b-150300.7.9.1.x86_64",
"product": {
"name": "sccache-0.3.0~git5.14a4b8b-150300.7.9.1.x86_64",
"product_id": "sccache-0.3.0~git5.14a4b8b-150300.7.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.3.0~git5.14a4b8b-150300.7.9.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:sccache-0.3.0~git5.14a4b8b-150300.7.9.1.aarch64"
},
"product_reference": "sccache-0.3.0~git5.14a4b8b-150300.7.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.3.0~git5.14a4b8b-150300.7.9.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:sccache-0.3.0~git5.14a4b8b-150300.7.9.1.x86_64"
},
"product_reference": "sccache-0.3.0~git5.14a4b8b-150300.7.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.3.0~git5.14a4b8b-150300.7.9.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:sccache-0.3.0~git5.14a4b8b-150300.7.9.1.aarch64"
},
"product_reference": "sccache-0.3.0~git5.14a4b8b-150300.7.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.3.0~git5.14a4b8b-150300.7.9.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:sccache-0.3.0~git5.14a4b8b-150300.7.9.1.x86_64"
},
"product_reference": "sccache-0.3.0~git5.14a4b8b-150300.7.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-45710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-45710"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:sccache-0.3.0~git5.14a4b8b-150300.7.9.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:sccache-0.3.0~git5.14a4b8b-150300.7.9.1.x86_64",
"openSUSE Leap 15.3:sccache-0.3.0~git5.14a4b8b-150300.7.9.1.aarch64",
"openSUSE Leap 15.3:sccache-0.3.0~git5.14a4b8b-150300.7.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-45710",
"url": "https://www.suse.com/security/cve/CVE-2021-45710"
},
{
"category": "external",
"summary": "SUSE Bug 1194119 for CVE-2021-45710",
"url": "https://bugzilla.suse.com/1194119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:sccache-0.3.0~git5.14a4b8b-150300.7.9.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:sccache-0.3.0~git5.14a4b8b-150300.7.9.1.x86_64",
"openSUSE Leap 15.3:sccache-0.3.0~git5.14a4b8b-150300.7.9.1.aarch64",
"openSUSE Leap 15.3:sccache-0.3.0~git5.14a4b8b-150300.7.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:sccache-0.3.0~git5.14a4b8b-150300.7.9.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:sccache-0.3.0~git5.14a4b8b-150300.7.9.1.x86_64",
"openSUSE Leap 15.3:sccache-0.3.0~git5.14a4b8b-150300.7.9.1.aarch64",
"openSUSE Leap 15.3:sccache-0.3.0~git5.14a4b8b-150300.7.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-11-18T12:39:41Z",
"details": "low"
}
],
"title": "CVE-2021-45710"
},
{
"cve": "CVE-2022-24713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-24713"
}
],
"notes": [
{
"category": "general",
"text": "regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it\u0027s considered part of the crate\u0027s API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it\u0027s possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:sccache-0.3.0~git5.14a4b8b-150300.7.9.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:sccache-0.3.0~git5.14a4b8b-150300.7.9.1.x86_64",
"openSUSE Leap 15.3:sccache-0.3.0~git5.14a4b8b-150300.7.9.1.aarch64",
"openSUSE Leap 15.3:sccache-0.3.0~git5.14a4b8b-150300.7.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-24713",
"url": "https://www.suse.com/security/cve/CVE-2022-24713"
},
{
"category": "external",
"summary": "SUSE Bug 1196972 for CVE-2022-24713",
"url": "https://bugzilla.suse.com/1196972"
},
{
"category": "external",
"summary": "SUSE Bug 1197903 for CVE-2022-24713",
"url": "https://bugzilla.suse.com/1197903"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:sccache-0.3.0~git5.14a4b8b-150300.7.9.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:sccache-0.3.0~git5.14a4b8b-150300.7.9.1.x86_64",
"openSUSE Leap 15.3:sccache-0.3.0~git5.14a4b8b-150300.7.9.1.aarch64",
"openSUSE Leap 15.3:sccache-0.3.0~git5.14a4b8b-150300.7.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:sccache-0.3.0~git5.14a4b8b-150300.7.9.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:sccache-0.3.0~git5.14a4b8b-150300.7.9.1.x86_64",
"openSUSE Leap 15.3:sccache-0.3.0~git5.14a4b8b-150300.7.9.1.aarch64",
"openSUSE Leap 15.3:sccache-0.3.0~git5.14a4b8b-150300.7.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-11-18T12:39:41Z",
"details": "moderate"
}
],
"title": "CVE-2022-24713"
}
]
}
suse-su-2023:3526-1
Vulnerability from csaf_suse
Published
2023-09-05 07:56
Modified
2023-09-05 07:56
Summary
Security update for sccache
Notes
Title of the patch
Security update for sccache
Description of the patch
This update for sccache fixes the following issues:
- Update to version 0.4.2.
- CVE-2021-45710: Fixed a segmentation fault due to data race in tokio crate. (bsc#1194119)
- CVE-2022-24713: Fixed a ReDoS issue due to vulnerable regex crate. (bsc#1196972)
- CVE-2022-31394: Fixed a DoS issue due to the max header list size not settable. (bsc#1208553)
- CVE-2023-1521: Fixed a local privilege escalation. (bsc#1212407)
Patchnames
SUSE-2023-3526,SUSE-SLE-Module-Development-Tools-15-SP4-2023-3526,SUSE-SLE-Module-Development-Tools-15-SP5-2023-3526,openSUSE-SLE-15.4-2023-3526,openSUSE-SLE-15.5-2023-3526
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for sccache",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for sccache fixes the following issues:\n\n- Update to version 0.4.2.\n- CVE-2021-45710: Fixed a segmentation fault due to data race in tokio crate. (bsc#1194119)\n- CVE-2022-24713: Fixed a ReDoS issue due to vulnerable regex crate. (bsc#1196972)\n- CVE-2022-31394: Fixed a DoS issue due to the max header list size not settable. (bsc#1208553)\n- CVE-2023-1521: Fixed a local privilege escalation. (bsc#1212407)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3526,SUSE-SLE-Module-Development-Tools-15-SP4-2023-3526,SUSE-SLE-Module-Development-Tools-15-SP5-2023-3526,openSUSE-SLE-15.4-2023-3526,openSUSE-SLE-15.5-2023-3526",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3526-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3526-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233526-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3526-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-September/016091.html"
},
{
"category": "self",
"summary": "SUSE Bug 1181400",
"url": "https://bugzilla.suse.com/1181400"
},
{
"category": "self",
"summary": "SUSE Bug 1194119",
"url": "https://bugzilla.suse.com/1194119"
},
{
"category": "self",
"summary": "SUSE Bug 1196972",
"url": "https://bugzilla.suse.com/1196972"
},
{
"category": "self",
"summary": "SUSE Bug 1208553",
"url": "https://bugzilla.suse.com/1208553"
},
{
"category": "self",
"summary": "SUSE Bug 1212407",
"url": "https://bugzilla.suse.com/1212407"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-45710 page",
"url": "https://www.suse.com/security/cve/CVE-2021-45710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-24713 page",
"url": "https://www.suse.com/security/cve/CVE-2022-24713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-31394 page",
"url": "https://www.suse.com/security/cve/CVE-2022-31394/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1521 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1521/"
}
],
"title": "Security update for sccache",
"tracking": {
"current_release_date": "2023-09-05T07:56:33Z",
"generator": {
"date": "2023-09-05T07:56:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3526-1",
"initial_release_date": "2023-09-05T07:56:33Z",
"revision_history": [
{
"date": "2023-09-05T07:56:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "sccache-0.4.2~3-150400.3.3.1.aarch64",
"product": {
"name": "sccache-0.4.2~3-150400.3.3.1.aarch64",
"product_id": "sccache-0.4.2~3-150400.3.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "sccache-0.4.2~3-150400.3.3.1.i586",
"product": {
"name": "sccache-0.4.2~3-150400.3.3.1.i586",
"product_id": "sccache-0.4.2~3-150400.3.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "sccache-0.4.2~3-150400.3.3.1.ppc64le",
"product": {
"name": "sccache-0.4.2~3-150400.3.3.1.ppc64le",
"product_id": "sccache-0.4.2~3-150400.3.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "sccache-0.4.2~3-150400.3.3.1.s390x",
"product": {
"name": "sccache-0.4.2~3-150400.3.3.1.s390x",
"product_id": "sccache-0.4.2~3-150400.3.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "sccache-0.4.2~3-150400.3.3.1.x86_64",
"product": {
"name": "sccache-0.4.2~3-150400.3.3.1.x86_64",
"product_id": "sccache-0.4.2~3-150400.3.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.4.2~3-150400.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:sccache-0.4.2~3-150400.3.3.1.aarch64"
},
"product_reference": "sccache-0.4.2~3-150400.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.4.2~3-150400.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP4:sccache-0.4.2~3-150400.3.3.1.x86_64"
},
"product_reference": "sccache-0.4.2~3-150400.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.4.2~3-150400.3.3.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:sccache-0.4.2~3-150400.3.3.1.aarch64"
},
"product_reference": "sccache-0.4.2~3-150400.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.4.2~3-150400.3.3.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:sccache-0.4.2~3-150400.3.3.1.x86_64"
},
"product_reference": "sccache-0.4.2~3-150400.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.4.2~3-150400.3.3.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:sccache-0.4.2~3-150400.3.3.1.aarch64"
},
"product_reference": "sccache-0.4.2~3-150400.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.4.2~3-150400.3.3.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:sccache-0.4.2~3-150400.3.3.1.x86_64"
},
"product_reference": "sccache-0.4.2~3-150400.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.4.2~3-150400.3.3.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:sccache-0.4.2~3-150400.3.3.1.aarch64"
},
"product_reference": "sccache-0.4.2~3-150400.3.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "sccache-0.4.2~3-150400.3.3.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:sccache-0.4.2~3-150400.3.3.1.x86_64"
},
"product_reference": "sccache-0.4.2~3-150400.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-45710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-45710"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:sccache-0.4.2~3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:sccache-0.4.2~3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:sccache-0.4.2~3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:sccache-0.4.2~3-150400.3.3.1.x86_64",
"openSUSE Leap 15.4:sccache-0.4.2~3-150400.3.3.1.aarch64",
"openSUSE Leap 15.4:sccache-0.4.2~3-150400.3.3.1.x86_64",
"openSUSE Leap 15.5:sccache-0.4.2~3-150400.3.3.1.aarch64",
"openSUSE Leap 15.5:sccache-0.4.2~3-150400.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-45710",
"url": "https://www.suse.com/security/cve/CVE-2021-45710"
},
{
"category": "external",
"summary": "SUSE Bug 1194119 for CVE-2021-45710",
"url": "https://bugzilla.suse.com/1194119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:sccache-0.4.2~3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:sccache-0.4.2~3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:sccache-0.4.2~3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:sccache-0.4.2~3-150400.3.3.1.x86_64",
"openSUSE Leap 15.4:sccache-0.4.2~3-150400.3.3.1.aarch64",
"openSUSE Leap 15.4:sccache-0.4.2~3-150400.3.3.1.x86_64",
"openSUSE Leap 15.5:sccache-0.4.2~3-150400.3.3.1.aarch64",
"openSUSE Leap 15.5:sccache-0.4.2~3-150400.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:sccache-0.4.2~3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:sccache-0.4.2~3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:sccache-0.4.2~3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:sccache-0.4.2~3-150400.3.3.1.x86_64",
"openSUSE Leap 15.4:sccache-0.4.2~3-150400.3.3.1.aarch64",
"openSUSE Leap 15.4:sccache-0.4.2~3-150400.3.3.1.x86_64",
"openSUSE Leap 15.5:sccache-0.4.2~3-150400.3.3.1.aarch64",
"openSUSE Leap 15.5:sccache-0.4.2~3-150400.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-05T07:56:33Z",
"details": "low"
}
],
"title": "CVE-2021-45710"
},
{
"cve": "CVE-2022-24713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-24713"
}
],
"notes": [
{
"category": "general",
"text": "regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it\u0027s considered part of the crate\u0027s API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it\u0027s possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:sccache-0.4.2~3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:sccache-0.4.2~3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:sccache-0.4.2~3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:sccache-0.4.2~3-150400.3.3.1.x86_64",
"openSUSE Leap 15.4:sccache-0.4.2~3-150400.3.3.1.aarch64",
"openSUSE Leap 15.4:sccache-0.4.2~3-150400.3.3.1.x86_64",
"openSUSE Leap 15.5:sccache-0.4.2~3-150400.3.3.1.aarch64",
"openSUSE Leap 15.5:sccache-0.4.2~3-150400.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-24713",
"url": "https://www.suse.com/security/cve/CVE-2022-24713"
},
{
"category": "external",
"summary": "SUSE Bug 1196972 for CVE-2022-24713",
"url": "https://bugzilla.suse.com/1196972"
},
{
"category": "external",
"summary": "SUSE Bug 1197903 for CVE-2022-24713",
"url": "https://bugzilla.suse.com/1197903"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:sccache-0.4.2~3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:sccache-0.4.2~3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:sccache-0.4.2~3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:sccache-0.4.2~3-150400.3.3.1.x86_64",
"openSUSE Leap 15.4:sccache-0.4.2~3-150400.3.3.1.aarch64",
"openSUSE Leap 15.4:sccache-0.4.2~3-150400.3.3.1.x86_64",
"openSUSE Leap 15.5:sccache-0.4.2~3-150400.3.3.1.aarch64",
"openSUSE Leap 15.5:sccache-0.4.2~3-150400.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:sccache-0.4.2~3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:sccache-0.4.2~3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:sccache-0.4.2~3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:sccache-0.4.2~3-150400.3.3.1.x86_64",
"openSUSE Leap 15.4:sccache-0.4.2~3-150400.3.3.1.aarch64",
"openSUSE Leap 15.4:sccache-0.4.2~3-150400.3.3.1.x86_64",
"openSUSE Leap 15.5:sccache-0.4.2~3-150400.3.3.1.aarch64",
"openSUSE Leap 15.5:sccache-0.4.2~3-150400.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-05T07:56:33Z",
"details": "moderate"
}
],
"title": "CVE-2022-24713"
},
{
"cve": "CVE-2022-31394",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-31394"
}
],
"notes": [
{
"category": "general",
"text": "Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2 attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:sccache-0.4.2~3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:sccache-0.4.2~3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:sccache-0.4.2~3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:sccache-0.4.2~3-150400.3.3.1.x86_64",
"openSUSE Leap 15.4:sccache-0.4.2~3-150400.3.3.1.aarch64",
"openSUSE Leap 15.4:sccache-0.4.2~3-150400.3.3.1.x86_64",
"openSUSE Leap 15.5:sccache-0.4.2~3-150400.3.3.1.aarch64",
"openSUSE Leap 15.5:sccache-0.4.2~3-150400.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-31394",
"url": "https://www.suse.com/security/cve/CVE-2022-31394"
},
{
"category": "external",
"summary": "SUSE Bug 1208551 for CVE-2022-31394",
"url": "https://bugzilla.suse.com/1208551"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:sccache-0.4.2~3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:sccache-0.4.2~3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:sccache-0.4.2~3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:sccache-0.4.2~3-150400.3.3.1.x86_64",
"openSUSE Leap 15.4:sccache-0.4.2~3-150400.3.3.1.aarch64",
"openSUSE Leap 15.4:sccache-0.4.2~3-150400.3.3.1.x86_64",
"openSUSE Leap 15.5:sccache-0.4.2~3-150400.3.3.1.aarch64",
"openSUSE Leap 15.5:sccache-0.4.2~3-150400.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:sccache-0.4.2~3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:sccache-0.4.2~3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:sccache-0.4.2~3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:sccache-0.4.2~3-150400.3.3.1.x86_64",
"openSUSE Leap 15.4:sccache-0.4.2~3-150400.3.3.1.aarch64",
"openSUSE Leap 15.4:sccache-0.4.2~3-150400.3.3.1.x86_64",
"openSUSE Leap 15.5:sccache-0.4.2~3-150400.3.3.1.aarch64",
"openSUSE Leap 15.5:sccache-0.4.2~3-150400.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-05T07:56:33Z",
"details": "moderate"
}
],
"title": "CVE-2022-31394"
},
{
"cve": "CVE-2023-1521",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1521"
}
],
"notes": [
{
"category": "general",
"text": "On Linux the sccache client can execute arbitrary code with the privileges of a local sccache server, by preloading the code in a shared library passed to LD_PRELOAD.\n\n\nIf the server is run as root (which is the default when installing the snap package https://snapcraft.io/sccache ), this means a user running the sccache client can get root privileges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:sccache-0.4.2~3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:sccache-0.4.2~3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:sccache-0.4.2~3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:sccache-0.4.2~3-150400.3.3.1.x86_64",
"openSUSE Leap 15.4:sccache-0.4.2~3-150400.3.3.1.aarch64",
"openSUSE Leap 15.4:sccache-0.4.2~3-150400.3.3.1.x86_64",
"openSUSE Leap 15.5:sccache-0.4.2~3-150400.3.3.1.aarch64",
"openSUSE Leap 15.5:sccache-0.4.2~3-150400.3.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1521",
"url": "https://www.suse.com/security/cve/CVE-2023-1521"
},
{
"category": "external",
"summary": "SUSE Bug 1212407 for CVE-2023-1521",
"url": "https://bugzilla.suse.com/1212407"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:sccache-0.4.2~3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:sccache-0.4.2~3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:sccache-0.4.2~3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:sccache-0.4.2~3-150400.3.3.1.x86_64",
"openSUSE Leap 15.4:sccache-0.4.2~3-150400.3.3.1.aarch64",
"openSUSE Leap 15.4:sccache-0.4.2~3-150400.3.3.1.x86_64",
"openSUSE Leap 15.5:sccache-0.4.2~3-150400.3.3.1.aarch64",
"openSUSE Leap 15.5:sccache-0.4.2~3-150400.3.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP4:sccache-0.4.2~3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP4:sccache-0.4.2~3-150400.3.3.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:sccache-0.4.2~3-150400.3.3.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:sccache-0.4.2~3-150400.3.3.1.x86_64",
"openSUSE Leap 15.4:sccache-0.4.2~3-150400.3.3.1.aarch64",
"openSUSE Leap 15.4:sccache-0.4.2~3-150400.3.3.1.x86_64",
"openSUSE Leap 15.5:sccache-0.4.2~3-150400.3.3.1.aarch64",
"openSUSE Leap 15.5:sccache-0.4.2~3-150400.3.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-05T07:56:33Z",
"details": "important"
}
],
"title": "CVE-2023-1521"
}
]
}
suse-su-2022:4124-1
Vulnerability from csaf_suse
Published
2022-11-18 19:05
Modified
2022-11-18 19:05
Summary
Security update for 389-ds
Notes
Title of the patch
Security update for 389-ds
Description of the patch
This update for 389-ds fixes the following issues:
- CVE-2021-45710: Fixed tokio data race with memory corruption (bsc#1194119).
- Update to version 2.0.16~git56.d15a0a7.
- Failure to migrate from openldap if pwdPolicyChecker present (bsc#1205146).
- Resolve issue with checklist post migration when dds is present (bsc#1204748).
- Improve reliability of migrations from openldap when dynamic directory services is configured (bsc#1204493).
Patchnames
SUSE-2022-4124,SUSE-SLE-Module-Server-Applications-15-SP3-2022-4124,openSUSE-SLE-15.3-2022-4124
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for 389-ds",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for 389-ds fixes the following issues:\n\n- CVE-2021-45710: Fixed tokio data race with memory corruption (bsc#1194119).\n\n- Update to version 2.0.16~git56.d15a0a7.\n\n- Failure to migrate from openldap if pwdPolicyChecker present (bsc#1205146).\n- Resolve issue with checklist post migration when dds is present (bsc#1204748).\n- Improve reliability of migrations from openldap when dynamic directory services is configured (bsc#1204493).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-4124,SUSE-SLE-Module-Server-Applications-15-SP3-2022-4124,openSUSE-SLE-15.3-2022-4124",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_4124-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:4124-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20224124-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:4124-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/013005.html"
},
{
"category": "self",
"summary": "SUSE Bug 1194119",
"url": "https://bugzilla.suse.com/1194119"
},
{
"category": "self",
"summary": "SUSE Bug 1204493",
"url": "https://bugzilla.suse.com/1204493"
},
{
"category": "self",
"summary": "SUSE Bug 1204748",
"url": "https://bugzilla.suse.com/1204748"
},
{
"category": "self",
"summary": "SUSE Bug 1205146",
"url": "https://bugzilla.suse.com/1205146"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-45710 page",
"url": "https://www.suse.com/security/cve/CVE-2021-45710/"
}
],
"title": "Security update for 389-ds",
"tracking": {
"current_release_date": "2022-11-18T19:05:47Z",
"generator": {
"date": "2022-11-18T19:05:47Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:4124-1",
"initial_release_date": "2022-11-18T19:05:47Z",
"revision_history": [
{
"date": "2022-11-18T19:05:47Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"product": {
"name": "389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"product_id": "389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"product": {
"name": "389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"product_id": "389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"product": {
"name": "389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"product_id": "389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "lib389-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"product": {
"name": "lib389-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"product_id": "lib389-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64"
}
},
{
"category": "product_version",
"name": "libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"product": {
"name": "libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"product_id": "libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"product": {
"name": "389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"product_id": "389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"product": {
"name": "389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"product_id": "389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"product": {
"name": "389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"product_id": "389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "lib389-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"product": {
"name": "lib389-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"product_id": "lib389-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"product": {
"name": "libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"product_id": "libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"product": {
"name": "389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"product_id": "389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.s390x"
}
},
{
"category": "product_version",
"name": "389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"product": {
"name": "389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"product_id": "389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.s390x"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"product": {
"name": "389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"product_id": "389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.s390x"
}
},
{
"category": "product_version",
"name": "lib389-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"product": {
"name": "lib389-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"product_id": "lib389-1.4.4.19~git59.136fc84-150300.3.27.1.s390x"
}
},
{
"category": "product_version",
"name": "libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"product": {
"name": "libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"product_id": "libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"product": {
"name": "389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"product_id": "389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"product": {
"name": "389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"product_id": "389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"product": {
"name": "389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"product_id": "389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "lib389-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"product": {
"name": "lib389-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"product_id": "lib389-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"product": {
"name": "libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"product_id": "libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64"
},
"product_reference": "389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le"
},
"product_reference": "389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.s390x"
},
"product_reference": "389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64"
},
"product_reference": "389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64"
},
"product_reference": "389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le"
},
"product_reference": "389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.s390x"
},
"product_reference": "389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64"
},
"product_reference": "389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64"
},
"product_reference": "lib389-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le"
},
"product_reference": "lib389-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-1.4.4.19~git59.136fc84-150300.3.27.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git59.136fc84-150300.3.27.1.s390x"
},
"product_reference": "lib389-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64"
},
"product_reference": "lib389-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64"
},
"product_reference": "libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le"
},
"product_reference": "libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.s390x as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.s390x"
},
"product_reference": "libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64"
},
"product_reference": "libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64"
},
"product_reference": "389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le"
},
"product_reference": "389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.s390x"
},
"product_reference": "389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64"
},
"product_reference": "389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64"
},
"product_reference": "389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le"
},
"product_reference": "389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.s390x"
},
"product_reference": "389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64"
},
"product_reference": "389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64"
},
"product_reference": "389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le"
},
"product_reference": "389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.s390x"
},
"product_reference": "389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64"
},
"product_reference": "389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lib389-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64"
},
"product_reference": "lib389-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lib389-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le"
},
"product_reference": "lib389-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-1.4.4.19~git59.136fc84-150300.3.27.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lib389-1.4.4.19~git59.136fc84-150300.3.27.1.s390x"
},
"product_reference": "lib389-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "lib389-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:lib389-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64"
},
"product_reference": "lib389-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64"
},
"product_reference": "libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le"
},
"product_reference": "libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.s390x"
},
"product_reference": "libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64"
},
"product_reference": "libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-45710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-45710"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"openSUSE Leap 15.3:lib389-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"openSUSE Leap 15.3:lib389-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"openSUSE Leap 15.3:lib389-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"openSUSE Leap 15.3:lib389-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-45710",
"url": "https://www.suse.com/security/cve/CVE-2021-45710"
},
{
"category": "external",
"summary": "SUSE Bug 1194119 for CVE-2021-45710",
"url": "https://bugzilla.suse.com/1194119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"openSUSE Leap 15.3:lib389-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"openSUSE Leap 15.3:lib389-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"openSUSE Leap 15.3:lib389-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"openSUSE Leap 15.3:lib389-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:lib389-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"SUSE Linux Enterprise Module for Server Applications 15 SP3:libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"openSUSE Leap 15.3:389-ds-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"openSUSE Leap 15.3:389-ds-devel-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"openSUSE Leap 15.3:389-ds-snmp-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"openSUSE Leap 15.3:lib389-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"openSUSE Leap 15.3:lib389-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"openSUSE Leap 15.3:lib389-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"openSUSE Leap 15.3:lib389-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.aarch64",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.ppc64le",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.s390x",
"openSUSE Leap 15.3:libsvrcore0-1.4.4.19~git59.136fc84-150300.3.27.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-11-18T19:05:47Z",
"details": "low"
}
],
"title": "CVE-2021-45710"
}
]
}
suse-su-2022:3949-1
Vulnerability from csaf_suse
Published
2022-11-11 08:26
Modified
2022-11-11 08:26
Summary
Security update for rustup
Notes
Title of the patch
Security update for rustup
Description of the patch
This update for rustup fixes the following issues:
Updated to version 1.25.1~0:
- CVE-2022-24713: Fixed Regex denial of service (bsc#1196972).
- CVE-2021-45710: Fixed tokio data race with memory corruption (bsc#1194119).
Patchnames
SUSE-2022-3949,SUSE-SLE-Module-Development-Tools-15-SP3-2022-3949,openSUSE-SLE-15.3-2022-3949
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for rustup",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for rustup fixes the following issues:\n\nUpdated to version 1.25.1~0:\n - CVE-2022-24713: Fixed Regex denial of service (bsc#1196972).\n - CVE-2021-45710: Fixed tokio data race with memory corruption (bsc#1194119).\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-3949,SUSE-SLE-Module-Development-Tools-15-SP3-2022-3949,openSUSE-SLE-15.3-2022-3949",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3949-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:3949-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223949-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:3949-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/012900.html"
},
{
"category": "self",
"summary": "SUSE Bug 1194119",
"url": "https://bugzilla.suse.com/1194119"
},
{
"category": "self",
"summary": "SUSE Bug 1196972",
"url": "https://bugzilla.suse.com/1196972"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-45710 page",
"url": "https://www.suse.com/security/cve/CVE-2021-45710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-24713 page",
"url": "https://www.suse.com/security/cve/CVE-2022-24713/"
}
],
"title": "Security update for rustup",
"tracking": {
"current_release_date": "2022-11-11T08:26:16Z",
"generator": {
"date": "2022-11-11T08:26:16Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:3949-1",
"initial_release_date": "2022-11-11T08:26:16Z",
"revision_history": [
{
"date": "2022-11-11T08:26:16Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "rustup-1.25.1~0-150300.7.13.2.aarch64",
"product": {
"name": "rustup-1.25.1~0-150300.7.13.2.aarch64",
"product_id": "rustup-1.25.1~0-150300.7.13.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rustup-1.25.1~0-150300.7.13.2.x86_64",
"product": {
"name": "rustup-1.25.1~0-150300.7.13.2.x86_64",
"product_id": "rustup-1.25.1~0-150300.7.13.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rustup-1.25.1~0-150300.7.13.2.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:rustup-1.25.1~0-150300.7.13.2.aarch64"
},
"product_reference": "rustup-1.25.1~0-150300.7.13.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rustup-1.25.1~0-150300.7.13.2.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15 SP3",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP3:rustup-1.25.1~0-150300.7.13.2.x86_64"
},
"product_reference": "rustup-1.25.1~0-150300.7.13.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rustup-1.25.1~0-150300.7.13.2.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:rustup-1.25.1~0-150300.7.13.2.aarch64"
},
"product_reference": "rustup-1.25.1~0-150300.7.13.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rustup-1.25.1~0-150300.7.13.2.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:rustup-1.25.1~0-150300.7.13.2.x86_64"
},
"product_reference": "rustup-1.25.1~0-150300.7.13.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-45710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-45710"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:rustup-1.25.1~0-150300.7.13.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:rustup-1.25.1~0-150300.7.13.2.x86_64",
"openSUSE Leap 15.3:rustup-1.25.1~0-150300.7.13.2.aarch64",
"openSUSE Leap 15.3:rustup-1.25.1~0-150300.7.13.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-45710",
"url": "https://www.suse.com/security/cve/CVE-2021-45710"
},
{
"category": "external",
"summary": "SUSE Bug 1194119 for CVE-2021-45710",
"url": "https://bugzilla.suse.com/1194119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:rustup-1.25.1~0-150300.7.13.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:rustup-1.25.1~0-150300.7.13.2.x86_64",
"openSUSE Leap 15.3:rustup-1.25.1~0-150300.7.13.2.aarch64",
"openSUSE Leap 15.3:rustup-1.25.1~0-150300.7.13.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:rustup-1.25.1~0-150300.7.13.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:rustup-1.25.1~0-150300.7.13.2.x86_64",
"openSUSE Leap 15.3:rustup-1.25.1~0-150300.7.13.2.aarch64",
"openSUSE Leap 15.3:rustup-1.25.1~0-150300.7.13.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-11-11T08:26:16Z",
"details": "low"
}
],
"title": "CVE-2021-45710"
},
{
"cve": "CVE-2022-24713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-24713"
}
],
"notes": [
{
"category": "general",
"text": "regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it\u0027s considered part of the crate\u0027s API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it\u0027s possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:rustup-1.25.1~0-150300.7.13.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:rustup-1.25.1~0-150300.7.13.2.x86_64",
"openSUSE Leap 15.3:rustup-1.25.1~0-150300.7.13.2.aarch64",
"openSUSE Leap 15.3:rustup-1.25.1~0-150300.7.13.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-24713",
"url": "https://www.suse.com/security/cve/CVE-2022-24713"
},
{
"category": "external",
"summary": "SUSE Bug 1196972 for CVE-2022-24713",
"url": "https://bugzilla.suse.com/1196972"
},
{
"category": "external",
"summary": "SUSE Bug 1197903 for CVE-2022-24713",
"url": "https://bugzilla.suse.com/1197903"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:rustup-1.25.1~0-150300.7.13.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:rustup-1.25.1~0-150300.7.13.2.x86_64",
"openSUSE Leap 15.3:rustup-1.25.1~0-150300.7.13.2.aarch64",
"openSUSE Leap 15.3:rustup-1.25.1~0-150300.7.13.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Development Tools 15 SP3:rustup-1.25.1~0-150300.7.13.2.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15 SP3:rustup-1.25.1~0-150300.7.13.2.x86_64",
"openSUSE Leap 15.3:rustup-1.25.1~0-150300.7.13.2.aarch64",
"openSUSE Leap 15.3:rustup-1.25.1~0-150300.7.13.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-11-11T08:26:16Z",
"details": "moderate"
}
],
"title": "CVE-2022-24713"
}
]
}
gsd-2021-45710
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-45710",
"description": "An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption.",
"id": "GSD-2021-45710",
"references": [
"https://www.suse.com/security/cve/CVE-2021-45710.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-45710"
],
"details": "An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption.",
"id": "GSD-2021-45710",
"modified": "2023-12-13T01:23:19.542537Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rustsec.org/advisories/RUSTSEC-2021-0124.html",
"refsource": "MISC",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0124.html"
},
{
"name": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/tokio/RUSTSEC-2021-0124.md",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/tokio/RUSTSEC-2021-0124.md"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tokio:tokio:*:*:*:*:*:rust:*:*",
"cpe_name": [],
"versionEndExcluding": "1.13.1",
"versionStartIncluding": "1.9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:tokio:tokio:*:*:*:*:*:rust:*:*",
"cpe_name": [],
"versionEndExcluding": "1.8.4",
"versionStartIncluding": "0.1.14",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45710"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rustsec.org/advisories/RUSTSEC-2021-0124.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0124.html"
},
{
"name": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/tokio/RUSTSEC-2021-0124.md",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/tokio/RUSTSEC-2021-0124.md"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-11-01T16:06Z",
"publishedDate": "2021-12-27T00:15Z"
}
}
}
ghsa-fg7r-2g4j-5cgr
Vulnerability from github
Published
2022-01-06 22:04
Modified
2023-06-13 22:01
Severity ?
VLAI Severity ?
Summary
Race Condition in tokio
Details
If a tokio::sync::oneshot channel is closed (via the oneshot::Receiver::close method), a data race may occur if the oneshot::Sender::send method is called while the corresponding oneshot::Receiver is awaited or calling try_recv.
When these methods are called concurrently on a closed channel, the two halves of the channel can concurrently access a shared memory location, resulting in a data race. This has been observed to cause memory corruption.
Note that the race only occurs when both halves of the channel are used after the Receiver half has called close. Code where close is not used, or where the Receiver is not awaited and try_recv is not called after calling close, is not affected.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "tokio"
},
"ranges": [
{
"events": [
{
"introduced": "0.1.14"
},
{
"fixed": "1.8.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "tokio"
},
"ranges": [
{
"events": [
{
"introduced": "1.9.0"
},
{
"fixed": "1.13.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-45710"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": true,
"github_reviewed_at": "2022-01-05T22:43:36Z",
"nvd_published_at": "2021-12-27T00:15:00Z",
"severity": "HIGH"
},
"details": "If a tokio::sync::oneshot channel is closed (via the oneshot::Receiver::close method), a data race may occur if the oneshot::Sender::send method is called while the corresponding oneshot::Receiver is awaited or calling try_recv.\n\nWhen these methods are called concurrently on a closed channel, the two halves of the channel can concurrently access a shared memory location, resulting in a data race. This has been observed to cause memory corruption.\n\nNote that the race only occurs when both halves of the channel are used after the Receiver half has called close. Code where close is not used, or where the Receiver is not awaited and try_recv is not called after calling close, is not affected.\n\n",
"id": "GHSA-fg7r-2g4j-5cgr",
"modified": "2023-06-13T22:01:00Z",
"published": "2022-01-06T22:04:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45710"
},
{
"type": "WEB",
"url": "https://github.com/tokio-rs/tokio/issues/4225"
},
{
"type": "PACKAGE",
"url": "https://github.com/tokio-rs/tokio"
},
{
"type": "WEB",
"url": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/tokio/RUSTSEC-2021-0124.md"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0124.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Race Condition in tokio"
}
fkie_cve-2021-45710
Vulnerability from fkie_nvd
Published
2021-12-27 00:15
Modified
2024-11-21 06:32
Severity ?
Summary
An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/tokio/RUSTSEC-2021-0124.md | Third Party Advisory | |
| cve@mitre.org | https://rustsec.org/advisories/RUSTSEC-2021-0124.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/tokio/RUSTSEC-2021-0124.md | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rustsec.org/advisories/RUSTSEC-2021-0124.html | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tokio:tokio:*:*:*:*:*:rust:*:*",
"matchCriteriaId": "27923A6E-8A34-4BCB-B2A6-5FD05F4C5C2E",
"versionEndExcluding": "1.8.4",
"versionStartIncluding": "0.1.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tokio:tokio:*:*:*:*:*:rust:*:*",
"matchCriteriaId": "F45A41E5-8C1D-4E75-9198-E09C6A92F1D0",
"versionEndExcluding": "1.13.1",
"versionStartIncluding": "1.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the tokio crate before 1.8.4, and 1.9.x through 1.13.x before 1.13.1, for Rust. In certain circumstances involving a closed oneshot channel, there is a data race and memory corruption."
},
{
"lang": "es",
"value": "Se ha detectado un problema en la crate tokio versiones anteriores a 1.8.4, y de la 1.9.x a la 1.13.x anteriores a 1.13.1, para Rust. En determinadas circunstancias que implican un canal cerrado oneshot, se presenta una carrera de datos y corrupci\u00f3n de memoria"
}
],
"id": "CVE-2021-45710",
"lastModified": "2024-11-21T06:32:56.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-27T00:15:10.057",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/tokio/RUSTSEC-2021-0124.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0124.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/tokio/RUSTSEC-2021-0124.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0124.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…