Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-16875 (GCVE-0-2018-16875)
Vulnerability from cvelistv5
Published
2018-12-14 14:00
Modified
2024-08-05 10:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:32:54.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "106230",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106230"
},
{
"name": "GLSA-201812-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201812-09"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16875"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/forum/?pli=1#%21topic/golang-announce/Kw31K8G7Fi0"
},
{
"name": "openSUSE-SU-2019:1079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html"
},
{
"name": "openSUSE-SU-2019:1444",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html"
},
{
"name": "openSUSE-SU-2019:1499",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html"
},
{
"name": "openSUSE-SU-2019:1506",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html"
},
{
"name": "openSUSE-SU-2019:1703",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00010.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "golang",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "1.10.6"
},
{
"status": "affected",
"version": "1.11.3"
}
]
}
],
"datePublic": "2018-12-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-14T11:06:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "106230",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106230"
},
{
"name": "GLSA-201812-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201812-09"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16875"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/forum/?pli=1#%21topic/golang-announce/Kw31K8G7Fi0"
},
{
"name": "openSUSE-SU-2019:1079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html"
},
{
"name": "openSUSE-SU-2019:1444",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html"
},
{
"name": "openSUSE-SU-2019:1499",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html"
},
{
"name": "openSUSE-SU-2019:1506",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html"
},
{
"name": "openSUSE-SU-2019:1703",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00010.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-16875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "golang",
"version": {
"version_data": [
{
"version_value": "1.10.6"
},
{
"version_value": "1.11.3"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106230",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106230"
},
{
"name": "GLSA-201812-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201812-09"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16875",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16875"
},
{
"name": "https://groups.google.com/forum/?pli=1#!topic/golang-announce/Kw31K8G7Fi0",
"refsource": "MISC",
"url": "https://groups.google.com/forum/?pli=1#!topic/golang-announce/Kw31K8G7Fi0"
},
{
"name": "openSUSE-SU-2019:1079",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html"
},
{
"name": "openSUSE-SU-2019:1444",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html"
},
{
"name": "openSUSE-SU-2019:1499",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html"
},
{
"name": "openSUSE-SU-2019:1506",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html"
},
{
"name": "openSUSE-SU-2019:1703",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00010.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-16875",
"datePublished": "2018-12-14T14:00:00",
"dateReserved": "2018-09-11T00:00:00",
"dateUpdated": "2024-08-05T10:32:54.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-16875\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2018-12-14T14:29:00.523\",\"lastModified\":\"2024-11-21T03:53:30.297\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.\"},{\"lang\":\"es\",\"value\":\"El paquete crypto/x509 de Go, en versiones anteriores a la 1.10.6 y versiones 1.11.x anteriores a la 1.11.3,no limita la cantidad de trabajo realizado para cada verificaci\u00f3n de cadenas, lo que podr\u00eda permitir que los atacantes manipulen entradas patol\u00f3gicas que conducen a la denegaci\u00f3n de servicio (DoS) de la CPU. Los servidores TLS de Go que aceptan certificados de clientes y clientes TLS se han visto afectados.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.10.6\",\"matchCriteriaId\":\"49A979C3-1002-477D-9874-FD5E0D1681D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.11.0\",\"versionEndExcluding\":\"1.11.3\",\"matchCriteriaId\":\"7F67C474-BD21-4A3E-9F35-3D36BB6F09F4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00010.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/106230\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16875\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/forum/?pli=1#%21topic/golang-announce/Kw31K8G7Fi0\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.gentoo.org/glsa/201812-09\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00010.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/106230\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16875\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://groups.google.com/forum/?pli=1#%21topic/golang-announce/Kw31K8G7Fi0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201812-09\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\"]}]}}"
}
}
opensuse-su-2024:10693-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
containerd-1.4.8-2.2 on GA media
Notes
Title of the patch
containerd-1.4.8-2.2 on GA media
Description of the patch
These are all security issues fixed in the containerd-1.4.8-2.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10693
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "containerd-1.4.8-2.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the containerd-1.4.8-2.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10693",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10693-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9962 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5736 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15157 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15257 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15257/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21334 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21334/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-32760 page",
"url": "https://www.suse.com/security/cve/CVE-2021-32760/"
}
],
"title": "containerd-1.4.8-2.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10693-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.4.8-2.2.aarch64",
"product": {
"name": "containerd-1.4.8-2.2.aarch64",
"product_id": "containerd-1.4.8-2.2.aarch64"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.4.8-2.2.aarch64",
"product": {
"name": "containerd-ctr-1.4.8-2.2.aarch64",
"product_id": "containerd-ctr-1.4.8-2.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.4.8-2.2.ppc64le",
"product": {
"name": "containerd-1.4.8-2.2.ppc64le",
"product_id": "containerd-1.4.8-2.2.ppc64le"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.4.8-2.2.ppc64le",
"product": {
"name": "containerd-ctr-1.4.8-2.2.ppc64le",
"product_id": "containerd-ctr-1.4.8-2.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.4.8-2.2.s390x",
"product": {
"name": "containerd-1.4.8-2.2.s390x",
"product_id": "containerd-1.4.8-2.2.s390x"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.4.8-2.2.s390x",
"product": {
"name": "containerd-ctr-1.4.8-2.2.s390x",
"product_id": "containerd-ctr-1.4.8-2.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.4.8-2.2.x86_64",
"product": {
"name": "containerd-1.4.8-2.2.x86_64",
"product_id": "containerd-1.4.8-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.4.8-2.2.x86_64",
"product": {
"name": "containerd-ctr-1.4.8-2.2.x86_64",
"product_id": "containerd-ctr-1.4.8-2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.4.8-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64"
},
"product_reference": "containerd-1.4.8-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.4.8-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le"
},
"product_reference": "containerd-1.4.8-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.4.8-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x"
},
"product_reference": "containerd-1.4.8-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.4.8-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64"
},
"product_reference": "containerd-1.4.8-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-ctr-1.4.8-2.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64"
},
"product_reference": "containerd-ctr-1.4.8-2.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-ctr-1.4.8-2.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le"
},
"product_reference": "containerd-ctr-1.4.8-2.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-ctr-1.4.8-2.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x"
},
"product_reference": "containerd-ctr-1.4.8-2.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-ctr-1.4.8-2.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
},
"product_reference": "containerd-ctr-1.4.8-2.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-9962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9962"
}
],
"notes": [
{
"category": "general",
"text": "RunC allowed additional container processes via \u0027runc exec\u0027 to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9962",
"url": "https://www.suse.com/security/cve/CVE-2016-9962"
},
{
"category": "external",
"summary": "SUSE Bug 1012568 for CVE-2016-9962",
"url": "https://bugzilla.suse.com/1012568"
},
{
"category": "external",
"summary": "SUSE Bug 1173425 for CVE-2016-9962",
"url": "https://bugzilla.suse.com/1173425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9962"
},
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
},
{
"cve": "CVE-2019-5736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5736"
}
],
"notes": [
{
"category": "general",
"text": "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5736",
"url": "https://www.suse.com/security/cve/CVE-2019-5736"
},
{
"category": "external",
"summary": "SUSE Bug 1121967 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "external",
"summary": "SUSE Bug 1122185 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1122185"
},
{
"category": "external",
"summary": "SUSE Bug 1173421 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1173421"
},
{
"category": "external",
"summary": "SUSE Bug 1218894 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1218894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-5736"
},
{
"cve": "CVE-2020-15157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15157"
}
],
"notes": [
{
"category": "general",
"text": "In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a \"foreign layer\"), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user\u0027s username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources. Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15157",
"url": "https://www.suse.com/security/cve/CVE-2020-15157"
},
{
"category": "external",
"summary": "SUSE Bug 1177598 for CVE-2020-15157",
"url": "https://bugzilla.suse.com/1177598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-15157"
},
{
"cve": "CVE-2020-15257",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15257"
}
],
"notes": [
{
"category": "general",
"text": "containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim\u0027s API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon as they are released. It should be noted that containers started with an old version of containerd-shim should be stopped and restarted, as running containers will continue to be vulnerable even after an upgrade. If you are not providing the ability for untrusted users to start containers in the same network namespace as the shim (typically the \"host\" network namespace, for example with docker run --net=host or hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of isolation mechanisms used for a container necessarily increases that container\u0027s privilege, regardless of what container runtime is used for running that container.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15257",
"url": "https://www.suse.com/security/cve/CVE-2020-15257"
},
{
"category": "external",
"summary": "SUSE Bug 1178969 for CVE-2020-15257",
"url": "https://bugzilla.suse.com/1178969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15257"
},
{
"cve": "CVE-2021-21334",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21334"
}
],
"notes": [
{
"category": "general",
"text": "In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd\u0027s CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd\u0027s CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21334",
"url": "https://www.suse.com/security/cve/CVE-2021-21334"
},
{
"category": "external",
"summary": "SUSE Bug 1183397 for CVE-2021-21334",
"url": "https://bugzilla.suse.com/1183397"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-21334"
},
{
"cve": "CVE-2021-32760",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-32760"
}
],
"notes": [
{
"category": "general",
"text": "containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host\u0027s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-32760",
"url": "https://www.suse.com/security/cve/CVE-2021-32760"
},
{
"category": "external",
"summary": "SUSE Bug 1188282 for CVE-2021-32760",
"url": "https://bugzilla.suse.com/1188282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:containerd-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-1.4.8-2.2.x86_64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.aarch64",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.ppc64le",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.s390x",
"openSUSE Tumbleweed:containerd-ctr-1.4.8-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-32760"
}
]
}
opensuse-su-2019:1703-1
Vulnerability from csaf_opensuse
Published
2019-07-14 06:24
Modified
2019-07-14 06:24
Summary
Security update for helm
Notes
Title of the patch
Security update for helm
Description of the patch
This update for helm to version 2.13.1 fixes the following issues:
- set correct git_commit value so that 'helm version' reports correctly
- added service file for helm-serve
- Require golang 1.10.6 or newer
- Tiller should only enforce what we expect from Helm
- Keepalive config should be independent of TLS
- Bump client side grpc max msg size
- Update deprecated grpc dial timeout
- Includes fixes which allow Helm to correctly recognize
resources created using the K8S 1.8/1.9 API namespaces
Patchnames
openSUSE-2019-1703
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for helm",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for helm to version 2.13.1 fixes the following issues:\n\n- set correct git_commit value so that \u0027helm version\u0027 reports correctly\n- added service file for helm-serve\n- Require golang 1.10.6 or newer\n- Tiller should only enforce what we expect from Helm\n- Keepalive config should be independent of TLS\n- Bump client side grpc max msg size\n- Update deprecated grpc dial timeout\n- Includes fixes which allow Helm to correctly recognize\n resources created using the K8S 1.8/1.9 API namespaces\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-1703",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1703-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:1703-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JECNV3BMXBNMPC6CIX5BMOAPGIHSNLAI/#JECNV3BMXBNMPC6CIX5BMOAPGIHSNLAI"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:1703-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JECNV3BMXBNMPC6CIX5BMOAPGIHSNLAI/#JECNV3BMXBNMPC6CIX5BMOAPGIHSNLAI"
},
{
"category": "self",
"summary": "SUSE Bug 1118897",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "self",
"summary": "SUSE Bug 1118898",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "self",
"summary": "SUSE Bug 1118899",
"url": "https://bugzilla.suse.com/1118899"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
}
],
"title": "Security update for helm",
"tracking": {
"current_release_date": "2019-07-14T06:24:35Z",
"generator": {
"date": "2019-07-14T06:24:35Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:1703-1",
"initial_release_date": "2019-07-14T06:24:35Z",
"revision_history": [
{
"date": "2019-07-14T06:24:35Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "helm-2.13.1-5.1.x86_64",
"product": {
"name": "helm-2.13.1-5.1.x86_64",
"product_id": "helm-2.13.1-5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 12 SP3",
"product": {
"name": "SUSE Package Hub 12 SP3",
"product_id": "SUSE Package Hub 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-2.13.1-5.1.x86_64 as component of SUSE Package Hub 12 SP3",
"product_id": "SUSE Package Hub 12 SP3:helm-2.13.1-5.1.x86_64"
},
"product_reference": "helm-2.13.1-5.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 12 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:helm-2.13.1-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:helm-2.13.1-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:helm-2.13.1-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-14T06:24:35Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:helm-2.13.1-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:helm-2.13.1-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 12 SP3:helm-2.13.1-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-14T06:24:35Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 12 SP3:helm-2.13.1-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 12 SP3:helm-2.13.1-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 12 SP3:helm-2.13.1-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-14T06:24:35Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
}
]
}
opensuse-su-2019:0295-1
Vulnerability from csaf_opensuse
Published
2019-03-23 11:11
Modified
2019-03-23 11:11
Summary
Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc
Notes
Title of the patch
Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc
Description of the patch
This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues:
Security issues fixed:
- CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899).
- CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898).
- CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897).
- CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container
breakout (bsc#1121967).
Other changes and fixes:
- Update shell completion to use Group: System/Shells.
- Add daemon.json file with rotation logs configuration (bsc#1114832)
- Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84.
See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md.
- Update go requirements to >= go1.10
- Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429).
- Remove the usage of 'cp -r' to reduce noise in the build logs.
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2019-295
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues:\n\nSecurity issues fixed: \n\n- CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899).\n- CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898).\n- CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897).\n- CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container\n breakout (bsc#1121967).\n\nOther changes and fixes: \n\n- Update shell completion to use Group: System/Shells.\n- Add daemon.json file with rotation logs configuration (bsc#1114832)\n- Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84.\n See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md.\n- Update go requirements to \u003e= go1.10 \n- Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429).\n- Remove the usage of \u0027cp -r\u0027 to reduce noise in the build logs.\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-295",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_0295-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:0295-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UBFTSNKGB464HWO65FTEXANGAGVXV4XW/#UBFTSNKGB464HWO65FTEXANGAGVXV4XW"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:0295-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UBFTSNKGB464HWO65FTEXANGAGVXV4XW/#UBFTSNKGB464HWO65FTEXANGAGVXV4XW"
},
{
"category": "self",
"summary": "SUSE Bug 1048046",
"url": "https://bugzilla.suse.com/1048046"
},
{
"category": "self",
"summary": "SUSE Bug 1051429",
"url": "https://bugzilla.suse.com/1051429"
},
{
"category": "self",
"summary": "SUSE Bug 1114832",
"url": "https://bugzilla.suse.com/1114832"
},
{
"category": "self",
"summary": "SUSE Bug 1118897",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "self",
"summary": "SUSE Bug 1118898",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "self",
"summary": "SUSE Bug 1118899",
"url": "https://bugzilla.suse.com/1118899"
},
{
"category": "self",
"summary": "SUSE Bug 1121967",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "self",
"summary": "SUSE Bug 1124308",
"url": "https://bugzilla.suse.com/1124308"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5736 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5736/"
}
],
"title": "Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc",
"tracking": {
"current_release_date": "2019-03-23T11:11:59Z",
"generator": {
"date": "2019-03-23T11:11:59Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:0295-1",
"initial_release_date": "2019-03-23T11:11:59Z",
"revision_history": [
{
"date": "2019-03-23T11:11:59Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "containerd-test-1.2.2-lp150.4.10.1.noarch",
"product": {
"name": "containerd-test-1.2.2-lp150.4.10.1.noarch",
"product_id": "containerd-test-1.2.2-lp150.4.10.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch",
"product": {
"name": "docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch",
"product_id": "docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch",
"product": {
"name": "docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch",
"product_id": "docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch",
"product": {
"name": "docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch",
"product_id": "docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch"
}
},
{
"category": "product_version",
"name": "runc-test-1.0.0~rc6-lp150.2.7.1.noarch",
"product": {
"name": "runc-test-1.0.0~rc6-lp150.2.7.1.noarch",
"product_id": "runc-test-1.0.0~rc6-lp150.2.7.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.2.2-lp150.4.10.1.x86_64",
"product": {
"name": "containerd-1.2.2-lp150.4.10.1.x86_64",
"product_id": "containerd-1.2.2-lp150.4.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.2.2-lp150.4.10.1.x86_64",
"product": {
"name": "containerd-ctr-1.2.2-lp150.4.10.1.x86_64",
"product_id": "containerd-ctr-1.2.2-lp150.4.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-18.09.1_ce-lp150.5.13.1.x86_64",
"product": {
"name": "docker-18.09.1_ce-lp150.5.13.1.x86_64",
"product_id": "docker-18.09.1_ce-lp150.5.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"product_id": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64",
"product": {
"name": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64",
"product_id": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.1_ce-lp150.5.13.1.x86_64",
"product": {
"name": "docker-test-18.09.1_ce-lp150.5.13.1.x86_64",
"product_id": "docker-test-18.09.1_ce-lp150.5.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "runc-1.0.0~rc6-lp150.2.7.1.x86_64",
"product": {
"name": "runc-1.0.0~rc6-lp150.2.7.1.x86_64",
"product_id": "runc-1.0.0~rc6-lp150.2.7.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.2.2-lp150.4.10.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:containerd-1.2.2-lp150.4.10.1.x86_64"
},
"product_reference": "containerd-1.2.2-lp150.4.10.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-ctr-1.2.2-lp150.4.10.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:containerd-ctr-1.2.2-lp150.4.10.1.x86_64"
},
"product_reference": "containerd-ctr-1.2.2-lp150.4.10.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-test-1.2.2-lp150.4.10.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:containerd-test-1.2.2-lp150.4.10.1.noarch"
},
"product_reference": "containerd-test-1.2.2-lp150.4.10.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-18.09.1_ce-lp150.5.13.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-18.09.1_ce-lp150.5.13.1.x86_64"
},
"product_reference": "docker-18.09.1_ce-lp150.5.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch"
},
"product_reference": "docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64"
},
"product_reference": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64"
},
"product_reference": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch"
},
"product_reference": "docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-test-18.09.1_ce-lp150.5.13.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-test-18.09.1_ce-lp150.5.13.1.x86_64"
},
"product_reference": "docker-test-18.09.1_ce-lp150.5.13.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch"
},
"product_reference": "docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64"
},
"product_reference": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.0~rc6-lp150.2.7.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.7.1.x86_64"
},
"product_reference": "runc-1.0.0~rc6-lp150.2.7.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-test-1.0.0~rc6-lp150.2.7.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.7.1.noarch"
},
"product_reference": "runc-test-1.0.0~rc6-lp150.2.7.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:containerd-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.2-lp150.4.10.1.noarch",
"openSUSE Leap 15.0:docker-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch",
"openSUSE Leap 15.0:docker-test-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.7.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:containerd-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.2-lp150.4.10.1.noarch",
"openSUSE Leap 15.0:docker-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch",
"openSUSE Leap 15.0:docker-test-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.7.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:containerd-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.2-lp150.4.10.1.noarch",
"openSUSE Leap 15.0:docker-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch",
"openSUSE Leap 15.0:docker-test-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.7.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T11:11:59Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:containerd-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.2-lp150.4.10.1.noarch",
"openSUSE Leap 15.0:docker-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch",
"openSUSE Leap 15.0:docker-test-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.7.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:containerd-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.2-lp150.4.10.1.noarch",
"openSUSE Leap 15.0:docker-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch",
"openSUSE Leap 15.0:docker-test-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.7.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:containerd-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.2-lp150.4.10.1.noarch",
"openSUSE Leap 15.0:docker-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch",
"openSUSE Leap 15.0:docker-test-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.7.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T11:11:59Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:containerd-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.2-lp150.4.10.1.noarch",
"openSUSE Leap 15.0:docker-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch",
"openSUSE Leap 15.0:docker-test-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.7.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:containerd-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.2-lp150.4.10.1.noarch",
"openSUSE Leap 15.0:docker-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch",
"openSUSE Leap 15.0:docker-test-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.7.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:containerd-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.2-lp150.4.10.1.noarch",
"openSUSE Leap 15.0:docker-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch",
"openSUSE Leap 15.0:docker-test-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.7.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T11:11:59Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
},
{
"cve": "CVE-2019-5736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5736"
}
],
"notes": [
{
"category": "general",
"text": "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:containerd-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.2-lp150.4.10.1.noarch",
"openSUSE Leap 15.0:docker-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch",
"openSUSE Leap 15.0:docker-test-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.7.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.7.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5736",
"url": "https://www.suse.com/security/cve/CVE-2019-5736"
},
{
"category": "external",
"summary": "SUSE Bug 1121967 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "external",
"summary": "SUSE Bug 1122185 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1122185"
},
{
"category": "external",
"summary": "SUSE Bug 1173421 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1173421"
},
{
"category": "external",
"summary": "SUSE Bug 1218894 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1218894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:containerd-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.2-lp150.4.10.1.noarch",
"openSUSE Leap 15.0:docker-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch",
"openSUSE Leap 15.0:docker-test-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.7.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.7.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:containerd-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.2-lp150.4.10.1.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.2-lp150.4.10.1.noarch",
"openSUSE Leap 15.0:docker-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-lp150.5.14.1.noarch",
"openSUSE Leap 15.0:docker-test-18.09.1_ce-lp150.5.13.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.1_ce-lp150.5.13.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-lp150.3.10.1.x86_64",
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.7.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.7.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T11:11:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-5736"
}
]
}
opensuse-su-2024:10842-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
helm-mirror-0.3.1-1.9 on GA media
Notes
Title of the patch
helm-mirror-0.3.1-1.9 on GA media
Description of the patch
These are all security issues fixed in the helm-mirror-0.3.1-1.9 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10842
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "helm-mirror-0.3.1-1.9 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the helm-mirror-0.3.1-1.9 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10842",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10842-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18658 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18658/"
}
],
"title": "helm-mirror-0.3.1-1.9 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10842-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "helm-mirror-0.3.1-1.9.aarch64",
"product": {
"name": "helm-mirror-0.3.1-1.9.aarch64",
"product_id": "helm-mirror-0.3.1-1.9.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-mirror-0.3.1-1.9.ppc64le",
"product": {
"name": "helm-mirror-0.3.1-1.9.ppc64le",
"product_id": "helm-mirror-0.3.1-1.9.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-mirror-0.3.1-1.9.s390x",
"product": {
"name": "helm-mirror-0.3.1-1.9.s390x",
"product_id": "helm-mirror-0.3.1-1.9.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-mirror-0.3.1-1.9.x86_64",
"product": {
"name": "helm-mirror-0.3.1-1.9.x86_64",
"product_id": "helm-mirror-0.3.1-1.9.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-mirror-0.3.1-1.9.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.aarch64"
},
"product_reference": "helm-mirror-0.3.1-1.9.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-mirror-0.3.1-1.9.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.ppc64le"
},
"product_reference": "helm-mirror-0.3.1-1.9.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-mirror-0.3.1-1.9.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.s390x"
},
"product_reference": "helm-mirror-0.3.1-1.9.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-mirror-0.3.1-1.9.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.x86_64"
},
"product_reference": "helm-mirror-0.3.1-1.9.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.aarch64",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.ppc64le",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.s390x",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.aarch64",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.ppc64le",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.s390x",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.aarch64",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.ppc64le",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.s390x",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.aarch64",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.ppc64le",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.s390x",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.aarch64",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.ppc64le",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.s390x",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.aarch64",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.ppc64le",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.s390x",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.aarch64",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.ppc64le",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.s390x",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.aarch64",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.ppc64le",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.s390x",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.aarch64",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.ppc64le",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.s390x",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
},
{
"cve": "CVE-2019-18658",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18658"
}
],
"notes": [
{
"category": "general",
"text": "In Helm 2.x before 2.15.2, commands that deal with loading a chart as a directory or packaging a chart provide an opportunity for a maliciously designed chart to include sensitive content such as /etc/passwd, or to execute a denial of service (DoS) via a special file such as /dev/urandom, via symlinks. No version of Tiller is known to be impacted. This is a client-only issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.aarch64",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.ppc64le",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.s390x",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18658",
"url": "https://www.suse.com/security/cve/CVE-2019-18658"
},
{
"category": "external",
"summary": "SUSE Bug 1156646 for CVE-2019-18658",
"url": "https://bugzilla.suse.com/1156646"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.aarch64",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.ppc64le",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.s390x",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.aarch64",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.ppc64le",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.s390x",
"openSUSE Tumbleweed:helm-mirror-0.3.1-1.9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-18658"
}
]
}
opensuse-su-2019:0208-1
Vulnerability from csaf_opensuse
Published
2019-03-23 11:03
Modified
2019-03-23 11:03
Summary
Security update for runc
Notes
Title of the patch
Security update for runc
Description of the patch
This update for runc fixes the following issues:
Security vulnerablities addressed:
- CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid
write attacks to the host runc binary, which could lead to a container
breakout (bsc#1121967)
- CVE-2018-16873: Fix a remote command execution during 'go get -u'
(boo#1118897)
- CVE-2018-16874: Fix a directory traversal in 'go get' via curly braces in
import paths (boo#1118898)
- CVE-2018-16875: Fix a CPU denial of service issue (boo#1118899)
Other changes and bug fixes:
- Update go requirements to >= go1.10
- Create a symlink in /usr/bin/runc to enable rootless Podman and Buildah.
- Make use of %license macro
- Remove 'go test' from %check section, as it has only ever caused us problems
and hasn't (as far as I remember) ever caught a release-blocking issue. Smoke
testing has been far more useful. (boo#1095817)
- Upgrade to runc v1.0.0~rc6. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc6
Patchnames
openSUSE-2019-208
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for runc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for runc fixes the following issues:\n\nSecurity vulnerablities addressed:\n\n- CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid\n write attacks to the host runc binary, which could lead to a container\n breakout (bsc#1121967)\n- CVE-2018-16873: Fix a remote command execution during \u0027go get -u\u0027\n (boo#1118897)\n- CVE-2018-16874: Fix a directory traversal in \u0027go get\u0027 via curly braces in\n import paths (boo#1118898)\n- CVE-2018-16875: Fix a CPU denial of service issue (boo#1118899)\n\nOther changes and bug fixes:\n\n- Update go requirements to \u003e= go1.10\n- Create a symlink in /usr/bin/runc to enable rootless Podman and Buildah.\n- Make use of %license macro\n- Remove \u0027go test\u0027 from %check section, as it has only ever caused us problems\n and hasn\u0027t (as far as I remember) ever caught a release-blocking issue. Smoke\n testing has been far more useful. (boo#1095817)\n- Upgrade to runc v1.0.0~rc6. Upstream changelog is available from\n https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc6\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-208",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_0208-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:0208-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VC6NILQ66VPYH6KMNXONQWSWQWZS3YDD/#VC6NILQ66VPYH6KMNXONQWSWQWZS3YDD"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:0208-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VC6NILQ66VPYH6KMNXONQWSWQWZS3YDD/#VC6NILQ66VPYH6KMNXONQWSWQWZS3YDD"
},
{
"category": "self",
"summary": "SUSE Bug 1095817",
"url": "https://bugzilla.suse.com/1095817"
},
{
"category": "self",
"summary": "SUSE Bug 1118897",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "self",
"summary": "SUSE Bug 1118898",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "self",
"summary": "SUSE Bug 1118899",
"url": "https://bugzilla.suse.com/1118899"
},
{
"category": "self",
"summary": "SUSE Bug 1121967",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5736 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5736/"
}
],
"title": "Security update for runc",
"tracking": {
"current_release_date": "2019-03-23T11:03:28Z",
"generator": {
"date": "2019-03-23T11:03:28Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:0208-1",
"initial_release_date": "2019-03-23T11:03:28Z",
"revision_history": [
{
"date": "2019-03-23T11:03:28Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "runc-test-1.0.0~rc6-lp150.2.3.1.noarch",
"product": {
"name": "runc-test-1.0.0~rc6-lp150.2.3.1.noarch",
"product_id": "runc-test-1.0.0~rc6-lp150.2.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.0~rc6-lp150.2.3.1.x86_64",
"product": {
"name": "runc-1.0.0~rc6-lp150.2.3.1.x86_64",
"product_id": "runc-1.0.0~rc6-lp150.2.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.0~rc6-lp150.2.3.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.3.1.x86_64"
},
"product_reference": "runc-1.0.0~rc6-lp150.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-test-1.0.0~rc6-lp150.2.3.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.3.1.noarch"
},
"product_reference": "runc-test-1.0.0~rc6-lp150.2.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T11:03:28Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T11:03:28Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T11:03:28Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
},
{
"cve": "CVE-2019-5736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5736"
}
],
"notes": [
{
"category": "general",
"text": "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5736",
"url": "https://www.suse.com/security/cve/CVE-2019-5736"
},
{
"category": "external",
"summary": "SUSE Bug 1121967 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "external",
"summary": "SUSE Bug 1122185 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1122185"
},
{
"category": "external",
"summary": "SUSE Bug 1173421 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1173421"
},
{
"category": "external",
"summary": "SUSE Bug 1218894 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1218894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:runc-1.0.0~rc6-lp150.2.3.1.x86_64",
"openSUSE Leap 15.0:runc-test-1.0.0~rc6-lp150.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T11:03:28Z",
"details": "moderate"
}
],
"title": "CVE-2019-5736"
}
]
}
opensuse-su-2019:1499-1
Vulnerability from csaf_opensuse
Published
2019-06-03 08:21
Modified
2019-06-03 08:21
Summary
Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork
Notes
Title of the patch
Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork
Description of the patch
This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues:
Security issues fixed:
- CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967).
- CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013).
- CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897).
- CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898).
- CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899).
Other changes and bug fixes:
- Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068).
- Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068).
- Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068).
- docker-test: Improvements to test packaging (bsc#1128746).
- Move daemon.json file to /etc/docker directory (bsc#1114832).
- Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209).
- Fix go build failures (bsc#1121397).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2019-1499
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967).\n- CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013).\n- CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897).\n- CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898).\n- CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899).\n\nOther changes and bug fixes:\n\n- Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068).\n- Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068).\n- Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068).\n- docker-test: Improvements to test packaging (bsc#1128746).\n- Move daemon.json file to /etc/docker directory (bsc#1114832).\n- Revert golang(API) removal since it turns out this breaks \u003e= requires in certain cases (bsc#1114209).\n- Fix go build failures (bsc#1121397).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-1499",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1499-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:1499-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IF5UCHNMLYYGABZ53J2EKXLMRHH3UVO3/#IF5UCHNMLYYGABZ53J2EKXLMRHH3UVO3"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:1499-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IF5UCHNMLYYGABZ53J2EKXLMRHH3UVO3/#IF5UCHNMLYYGABZ53J2EKXLMRHH3UVO3"
},
{
"category": "self",
"summary": "SUSE Bug 1114209",
"url": "https://bugzilla.suse.com/1114209"
},
{
"category": "self",
"summary": "SUSE Bug 1114832",
"url": "https://bugzilla.suse.com/1114832"
},
{
"category": "self",
"summary": "SUSE Bug 1118897",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "self",
"summary": "SUSE Bug 1118898",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "self",
"summary": "SUSE Bug 1118899",
"url": "https://bugzilla.suse.com/1118899"
},
{
"category": "self",
"summary": "SUSE Bug 1121397",
"url": "https://bugzilla.suse.com/1121397"
},
{
"category": "self",
"summary": "SUSE Bug 1121967",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "self",
"summary": "SUSE Bug 1123013",
"url": "https://bugzilla.suse.com/1123013"
},
{
"category": "self",
"summary": "SUSE Bug 1128376",
"url": "https://bugzilla.suse.com/1128376"
},
{
"category": "self",
"summary": "SUSE Bug 1128746",
"url": "https://bugzilla.suse.com/1128746"
},
{
"category": "self",
"summary": "SUSE Bug 1134068",
"url": "https://bugzilla.suse.com/1134068"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5736 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6486 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6486/"
}
],
"title": "Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork",
"tracking": {
"current_release_date": "2019-06-03T08:21:16Z",
"generator": {
"date": "2019-06-03T08:21:16Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:1499-1",
"initial_release_date": "2019-06-03T08:21:16Z",
"revision_history": [
{
"date": "2019-06-03T08:21:16Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go-1.12-lp150.2.11.1.i586",
"product": {
"name": "go-1.12-lp150.2.11.1.i586",
"product_id": "go-1.12-lp150.2.11.1.i586"
}
},
{
"category": "product_version",
"name": "go-doc-1.12-lp150.2.11.1.i586",
"product": {
"name": "go-doc-1.12-lp150.2.11.1.i586",
"product_id": "go-doc-1.12-lp150.2.11.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-test-1.2.5-lp150.4.14.3.noarch",
"product": {
"name": "containerd-test-1.2.5-lp150.4.14.3.noarch",
"product_id": "containerd-test-1.2.5-lp150.4.14.3.noarch"
}
},
{
"category": "product_version",
"name": "docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"product": {
"name": "docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"product_id": "docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch"
}
},
{
"category": "product_version",
"name": "docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"product": {
"name": "docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"product_id": "docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"product": {
"name": "docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"product_id": "docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.2.5-lp150.4.14.3.x86_64",
"product": {
"name": "containerd-1.2.5-lp150.4.14.3.x86_64",
"product_id": "containerd-1.2.5-lp150.4.14.3.x86_64"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"product": {
"name": "containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"product_id": "containerd-ctr-1.2.5-lp150.4.14.3.x86_64"
}
},
{
"category": "product_version",
"name": "docker-18.09.6_ce-lp150.5.17.2.x86_64",
"product": {
"name": "docker-18.09.6_ce-lp150.5.17.2.x86_64",
"product_id": "docker-18.09.6_ce-lp150.5.17.2.x86_64"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"product_id": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"product": {
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"product_id": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"product": {
"name": "docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"product_id": "docker-test-18.09.6_ce-lp150.5.17.2.x86_64"
}
},
{
"category": "product_version",
"name": "go-1.12-lp150.2.11.1.x86_64",
"product": {
"name": "go-1.12-lp150.2.11.1.x86_64",
"product_id": "go-1.12-lp150.2.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "go-doc-1.12-lp150.2.11.1.x86_64",
"product": {
"name": "go-doc-1.12-lp150.2.11.1.x86_64",
"product_id": "go-doc-1.12-lp150.2.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "go-race-1.12-lp150.2.11.1.x86_64",
"product": {
"name": "go-race-1.12-lp150.2.11.1.x86_64",
"product_id": "go-race-1.12-lp150.2.11.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.11-1.11.9-lp150.9.3.x86_64",
"product": {
"name": "go1.11-1.11.9-lp150.9.3.x86_64",
"product_id": "go1.11-1.11.9-lp150.9.3.x86_64"
}
},
{
"category": "product_version",
"name": "go1.11-doc-1.11.9-lp150.9.3.x86_64",
"product": {
"name": "go1.11-doc-1.11.9-lp150.9.3.x86_64",
"product_id": "go1.11-doc-1.11.9-lp150.9.3.x86_64"
}
},
{
"category": "product_version",
"name": "go1.11-race-1.11.9-lp150.9.3.x86_64",
"product": {
"name": "go1.11-race-1.11.9-lp150.9.3.x86_64",
"product_id": "go1.11-race-1.11.9-lp150.9.3.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-1.12.4-lp150.2.2.x86_64",
"product": {
"name": "go1.12-1.12.4-lp150.2.2.x86_64",
"product_id": "go1.12-1.12.4-lp150.2.2.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-doc-1.12.4-lp150.2.2.x86_64",
"product": {
"name": "go1.12-doc-1.12.4-lp150.2.2.x86_64",
"product_id": "go1.12-doc-1.12.4-lp150.2.2.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-race-1.12.4-lp150.2.2.x86_64",
"product": {
"name": "go1.12-race-1.12.4-lp150.2.2.x86_64",
"product_id": "go1.12-race-1.12.4-lp150.2.2.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.2.5-lp150.4.14.3.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64"
},
"product_reference": "containerd-1.2.5-lp150.4.14.3.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-ctr-1.2.5-lp150.4.14.3.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64"
},
"product_reference": "containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-test-1.2.5-lp150.4.14.3.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch"
},
"product_reference": "containerd-test-1.2.5-lp150.4.14.3.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-18.09.6_ce-lp150.5.17.2.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64"
},
"product_reference": "docker-18.09.6_ce-lp150.5.17.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch"
},
"product_reference": "docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
},
"product_reference": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64"
},
"product_reference": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch"
},
"product_reference": "docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-test-18.09.6_ce-lp150.5.17.2.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64"
},
"product_reference": "docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch"
},
"product_reference": "docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-1.12-lp150.2.11.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586"
},
"product_reference": "go-1.12-lp150.2.11.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-1.12-lp150.2.11.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64"
},
"product_reference": "go-1.12-lp150.2.11.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-doc-1.12-lp150.2.11.1.i586 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586"
},
"product_reference": "go-doc-1.12-lp150.2.11.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-doc-1.12-lp150.2.11.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64"
},
"product_reference": "go-doc-1.12-lp150.2.11.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-race-1.12-lp150.2.11.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64"
},
"product_reference": "go-race-1.12-lp150.2.11.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.11-1.11.9-lp150.9.3.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64"
},
"product_reference": "go1.11-1.11.9-lp150.9.3.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.11-doc-1.11.9-lp150.9.3.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64"
},
"product_reference": "go1.11-doc-1.11.9-lp150.9.3.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.11-race-1.11.9-lp150.9.3.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64"
},
"product_reference": "go1.11-race-1.11.9-lp150.9.3.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-1.12.4-lp150.2.2.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64"
},
"product_reference": "go1.12-1.12.4-lp150.2.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-doc-1.12.4-lp150.2.2.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64"
},
"product_reference": "go1.12-doc-1.12.4-lp150.2.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-race-1.12.4-lp150.2.2.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64"
},
"product_reference": "go1.12-race-1.12.4-lp150.2.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
},
"product_reference": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch",
"openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch",
"openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch",
"openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-03T08:21:16Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch",
"openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch",
"openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch",
"openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-03T08:21:16Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch",
"openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch",
"openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch",
"openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-03T08:21:16Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
},
{
"cve": "CVE-2019-5736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5736"
}
],
"notes": [
{
"category": "general",
"text": "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch",
"openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5736",
"url": "https://www.suse.com/security/cve/CVE-2019-5736"
},
{
"category": "external",
"summary": "SUSE Bug 1121967 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "external",
"summary": "SUSE Bug 1122185 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1122185"
},
{
"category": "external",
"summary": "SUSE Bug 1173421 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1173421"
},
{
"category": "external",
"summary": "SUSE Bug 1218894 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1218894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch",
"openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch",
"openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-03T08:21:16Z",
"details": "moderate"
}
],
"title": "CVE-2019-5736"
},
{
"cve": "CVE-2019-6486",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6486"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch",
"openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6486",
"url": "https://www.suse.com/security/cve/CVE-2019-6486"
},
{
"category": "external",
"summary": "SUSE Bug 1123013 for CVE-2019-6486",
"url": "https://bugzilla.suse.com/1123013"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch",
"openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:containerd-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.2.5-lp150.4.14.3.x86_64",
"openSUSE Leap 15.0:containerd-test-1.2.5-lp150.4.14.3.noarch",
"openSUSE Leap 15.0:docker-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp150.5.21.2.noarch",
"openSUSE Leap 15.0:docker-test-18.09.6_ce-lp150.5.17.2.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.6_ce-lp150.5.17.2.noarch",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.i586",
"openSUSE Leap 15.0:go-doc-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go-race-1.12-lp150.2.11.1.x86_64",
"openSUSE Leap 15.0:go1.11-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-doc-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.11-race-1.11.9-lp150.9.3.x86_64",
"openSUSE Leap 15.0:go1.12-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-doc-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:go1.12-race-1.12.4-lp150.2.2.x86_64",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp150.3.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-03T08:21:16Z",
"details": "low"
}
],
"title": "CVE-2019-6486"
}
]
}
opensuse-su-2019:1506-1
Vulnerability from csaf_opensuse
Published
2019-06-03 11:22
Modified
2019-06-03 11:22
Summary
Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork
Notes
Title of the patch
Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork
Description of the patch
This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues:
Security issues fixed:
- CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967).
- CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013).
- CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897).
- CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898).
- CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899).
Other changes and bug fixes:
- Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068).
- Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068).
- Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068).
- docker-test: Improvements to test packaging (bsc#1128746).
- Move daemon.json file to /etc/docker directory (bsc#1114832).
- Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209).
- Fix go build failures (bsc#1121397).
This update was imported from the SUSE:SLE-15:Update update project.
This update was imported from the openSUSE:Leap:15.0:Update update project.
Patchnames
openSUSE-2019-1506
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967).\n- CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013).\n- CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897).\n- CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898).\n- CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899).\n\nOther changes and bug fixes:\n\n- Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068).\n- Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068).\n- Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068).\n- docker-test: Improvements to test packaging (bsc#1128746).\n- Move daemon.json file to /etc/docker directory (bsc#1114832).\n- Revert golang(API) removal since it turns out this breaks \u003e= requires in certain cases (bsc#1114209).\n- Fix go build failures (bsc#1121397).\n\nThis update was imported from the SUSE:SLE-15:Update update project.\nThis update was imported from the openSUSE:Leap:15.0:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-1506",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1506-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:1506-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HM6FFITESF23XEYSCI7KTKZVCPQU2CMO/#HM6FFITESF23XEYSCI7KTKZVCPQU2CMO"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:1506-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HM6FFITESF23XEYSCI7KTKZVCPQU2CMO/#HM6FFITESF23XEYSCI7KTKZVCPQU2CMO"
},
{
"category": "self",
"summary": "SUSE Bug 1114209",
"url": "https://bugzilla.suse.com/1114209"
},
{
"category": "self",
"summary": "SUSE Bug 1114832",
"url": "https://bugzilla.suse.com/1114832"
},
{
"category": "self",
"summary": "SUSE Bug 1118897",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "self",
"summary": "SUSE Bug 1118898",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "self",
"summary": "SUSE Bug 1118899",
"url": "https://bugzilla.suse.com/1118899"
},
{
"category": "self",
"summary": "SUSE Bug 1121397",
"url": "https://bugzilla.suse.com/1121397"
},
{
"category": "self",
"summary": "SUSE Bug 1121967",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "self",
"summary": "SUSE Bug 1123013",
"url": "https://bugzilla.suse.com/1123013"
},
{
"category": "self",
"summary": "SUSE Bug 1128376",
"url": "https://bugzilla.suse.com/1128376"
},
{
"category": "self",
"summary": "SUSE Bug 1128746",
"url": "https://bugzilla.suse.com/1128746"
},
{
"category": "self",
"summary": "SUSE Bug 1134068",
"url": "https://bugzilla.suse.com/1134068"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5736 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6486 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6486/"
}
],
"title": "Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork",
"tracking": {
"current_release_date": "2019-06-03T11:22:06Z",
"generator": {
"date": "2019-06-03T11:22:06Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:1506-1",
"initial_release_date": "2019-06-03T11:22:06Z",
"revision_history": [
{
"date": "2019-06-03T11:22:06Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go-1.12-bp150.2.6.1.aarch64",
"product": {
"name": "go-1.12-bp150.2.6.1.aarch64",
"product_id": "go-1.12-bp150.2.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "go-doc-1.12-bp150.2.6.1.aarch64",
"product": {
"name": "go-doc-1.12-bp150.2.6.1.aarch64",
"product_id": "go-doc-1.12-bp150.2.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go-1.12-bp150.2.6.1.ppc64le",
"product": {
"name": "go-1.12-bp150.2.6.1.ppc64le",
"product_id": "go-1.12-bp150.2.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go-doc-1.12-bp150.2.6.1.ppc64le",
"product": {
"name": "go-doc-1.12-bp150.2.6.1.ppc64le",
"product_id": "go-doc-1.12-bp150.2.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go-1.12-bp150.2.6.1.s390x",
"product": {
"name": "go-1.12-bp150.2.6.1.s390x",
"product_id": "go-1.12-bp150.2.6.1.s390x"
}
},
{
"category": "product_version",
"name": "go-doc-1.12-bp150.2.6.1.s390x",
"product": {
"name": "go-doc-1.12-bp150.2.6.1.s390x",
"product_id": "go-doc-1.12-bp150.2.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go-1.12-bp150.2.6.1.x86_64",
"product": {
"name": "go-1.12-bp150.2.6.1.x86_64",
"product_id": "go-1.12-bp150.2.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "go-doc-1.12-bp150.2.6.1.x86_64",
"product": {
"name": "go-doc-1.12-bp150.2.6.1.x86_64",
"product_id": "go-doc-1.12-bp150.2.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "go-race-1.12-bp150.2.6.1.x86_64",
"product": {
"name": "go-race-1.12-bp150.2.6.1.x86_64",
"product_id": "go-race-1.12-bp150.2.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15",
"product": {
"name": "SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go-1.12-bp150.2.6.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64"
},
"product_reference": "go-1.12-bp150.2.6.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-1.12-bp150.2.6.1.ppc64le as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le"
},
"product_reference": "go-1.12-bp150.2.6.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-1.12-bp150.2.6.1.s390x as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x"
},
"product_reference": "go-1.12-bp150.2.6.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-1.12-bp150.2.6.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64"
},
"product_reference": "go-1.12-bp150.2.6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-doc-1.12-bp150.2.6.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64"
},
"product_reference": "go-doc-1.12-bp150.2.6.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-doc-1.12-bp150.2.6.1.ppc64le as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le"
},
"product_reference": "go-doc-1.12-bp150.2.6.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-doc-1.12-bp150.2.6.1.s390x as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x"
},
"product_reference": "go-doc-1.12-bp150.2.6.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-doc-1.12-bp150.2.6.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64"
},
"product_reference": "go-doc-1.12-bp150.2.6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-race-1.12-bp150.2.6.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64"
},
"product_reference": "go-race-1.12-bp150.2.6.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-03T11:22:06Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-03T11:22:06Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-03T11:22:06Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
},
{
"cve": "CVE-2019-5736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5736"
}
],
"notes": [
{
"category": "general",
"text": "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5736",
"url": "https://www.suse.com/security/cve/CVE-2019-5736"
},
{
"category": "external",
"summary": "SUSE Bug 1121967 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "external",
"summary": "SUSE Bug 1122185 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1122185"
},
{
"category": "external",
"summary": "SUSE Bug 1173421 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1173421"
},
{
"category": "external",
"summary": "SUSE Bug 1218894 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1218894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-03T11:22:06Z",
"details": "moderate"
}
],
"title": "CVE-2019-5736"
},
{
"cve": "CVE-2019-6486",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6486"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6486",
"url": "https://www.suse.com/security/cve/CVE-2019-6486"
},
{
"category": "external",
"summary": "SUSE Bug 1123013 for CVE-2019-6486",
"url": "https://bugzilla.suse.com/1123013"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.aarch64",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.ppc64le",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.s390x",
"SUSE Package Hub 15:go-doc-1.12-bp150.2.6.1.x86_64",
"SUSE Package Hub 15:go-race-1.12-bp150.2.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-03T11:22:06Z",
"details": "low"
}
],
"title": "CVE-2019-6486"
}
]
}
opensuse-su-2024:10803-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
go1.10-1.10.8-8.2 on GA media
Notes
Title of the patch
go1.10-1.10.8-8.2 on GA media
Description of the patch
These are all security issues fixed in the go1.10-1.10.8-8.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10803
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "go1.10-1.10.8-8.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the go1.10-1.10.8-8.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10803",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10803-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-7189 page",
"url": "https://www.suse.com/security/cve/CVE-2014-7189/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8618 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3959 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3959/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5386 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5386/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15041 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15041/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15042 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15042/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8932 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8932/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6574 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6574/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6486 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6486/"
}
],
"title": "go1.10-1.10.8-8.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10803-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.10-1.10.8-8.2.aarch64",
"product": {
"name": "go1.10-1.10.8-8.2.aarch64",
"product_id": "go1.10-1.10.8-8.2.aarch64"
}
},
{
"category": "product_version",
"name": "go1.10-doc-1.10.8-8.2.aarch64",
"product": {
"name": "go1.10-doc-1.10.8-8.2.aarch64",
"product_id": "go1.10-doc-1.10.8-8.2.aarch64"
}
},
{
"category": "product_version",
"name": "go1.10-race-1.10.8-8.2.aarch64",
"product": {
"name": "go1.10-race-1.10.8-8.2.aarch64",
"product_id": "go1.10-race-1.10.8-8.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.10-1.10.8-8.2.ppc64le",
"product": {
"name": "go1.10-1.10.8-8.2.ppc64le",
"product_id": "go1.10-1.10.8-8.2.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.10-doc-1.10.8-8.2.ppc64le",
"product": {
"name": "go1.10-doc-1.10.8-8.2.ppc64le",
"product_id": "go1.10-doc-1.10.8-8.2.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.10-race-1.10.8-8.2.ppc64le",
"product": {
"name": "go1.10-race-1.10.8-8.2.ppc64le",
"product_id": "go1.10-race-1.10.8-8.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.10-1.10.8-8.2.s390x",
"product": {
"name": "go1.10-1.10.8-8.2.s390x",
"product_id": "go1.10-1.10.8-8.2.s390x"
}
},
{
"category": "product_version",
"name": "go1.10-doc-1.10.8-8.2.s390x",
"product": {
"name": "go1.10-doc-1.10.8-8.2.s390x",
"product_id": "go1.10-doc-1.10.8-8.2.s390x"
}
},
{
"category": "product_version",
"name": "go1.10-race-1.10.8-8.2.s390x",
"product": {
"name": "go1.10-race-1.10.8-8.2.s390x",
"product_id": "go1.10-race-1.10.8-8.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.10-1.10.8-8.2.x86_64",
"product": {
"name": "go1.10-1.10.8-8.2.x86_64",
"product_id": "go1.10-1.10.8-8.2.x86_64"
}
},
{
"category": "product_version",
"name": "go1.10-doc-1.10.8-8.2.x86_64",
"product": {
"name": "go1.10-doc-1.10.8-8.2.x86_64",
"product_id": "go1.10-doc-1.10.8-8.2.x86_64"
}
},
{
"category": "product_version",
"name": "go1.10-race-1.10.8-8.2.x86_64",
"product": {
"name": "go1.10-race-1.10.8-8.2.x86_64",
"product_id": "go1.10-race-1.10.8-8.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.10-1.10.8-8.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64"
},
"product_reference": "go1.10-1.10.8-8.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.10-1.10.8-8.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le"
},
"product_reference": "go1.10-1.10.8-8.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.10-1.10.8-8.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x"
},
"product_reference": "go1.10-1.10.8-8.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.10-1.10.8-8.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64"
},
"product_reference": "go1.10-1.10.8-8.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.10-doc-1.10.8-8.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64"
},
"product_reference": "go1.10-doc-1.10.8-8.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.10-doc-1.10.8-8.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le"
},
"product_reference": "go1.10-doc-1.10.8-8.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.10-doc-1.10.8-8.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x"
},
"product_reference": "go1.10-doc-1.10.8-8.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.10-doc-1.10.8-8.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64"
},
"product_reference": "go1.10-doc-1.10.8-8.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.10-race-1.10.8-8.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64"
},
"product_reference": "go1.10-race-1.10.8-8.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.10-race-1.10.8-8.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le"
},
"product_reference": "go1.10-race-1.10.8-8.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.10-race-1.10.8-8.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x"
},
"product_reference": "go1.10-race-1.10.8-8.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.10-race-1.10.8-8.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
},
"product_reference": "go1.10-race-1.10.8-8.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-7189",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-7189"
}
],
"notes": [
{
"category": "general",
"text": "crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-7189",
"url": "https://www.suse.com/security/cve/CVE-2014-7189"
},
{
"category": "external",
"summary": "SUSE Bug 898901 for CVE-2014-7189",
"url": "https://bugzilla.suse.com/898901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-7189"
},
{
"cve": "CVE-2015-8618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8618"
}
],
"notes": [
{
"category": "general",
"text": "The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8618",
"url": "https://www.suse.com/security/cve/CVE-2015-8618"
},
{
"category": "external",
"summary": "SUSE Bug 957814 for CVE-2015-8618",
"url": "https://bugzilla.suse.com/957814"
},
{
"category": "external",
"summary": "SUSE Bug 960151 for CVE-2015-8618",
"url": "https://bugzilla.suse.com/960151"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2015-8618"
},
{
"cve": "CVE-2016-3959",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3959"
}
],
"notes": [
{
"category": "general",
"text": "The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3959",
"url": "https://www.suse.com/security/cve/CVE-2016-3959"
},
{
"category": "external",
"summary": "SUSE Bug 974232 for CVE-2016-3959",
"url": "https://bugzilla.suse.com/974232"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-3959"
},
{
"cve": "CVE-2016-5386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5386"
}
],
"notes": [
{
"category": "general",
"text": "The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5386",
"url": "https://www.suse.com/security/cve/CVE-2016-5386"
},
{
"category": "external",
"summary": "SUSE Bug 988484 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/988484"
},
{
"category": "external",
"summary": "SUSE Bug 988486 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/988486"
},
{
"category": "external",
"summary": "SUSE Bug 988487 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/988487"
},
{
"category": "external",
"summary": "SUSE Bug 988488 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/988488"
},
{
"category": "external",
"summary": "SUSE Bug 988489 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/988489"
},
{
"category": "external",
"summary": "SUSE Bug 988491 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/988491"
},
{
"category": "external",
"summary": "SUSE Bug 988492 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/988492"
},
{
"category": "external",
"summary": "SUSE Bug 989125 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/989125"
},
{
"category": "external",
"summary": "SUSE Bug 989174 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/989174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-5386"
},
{
"cve": "CVE-2017-15041",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15041"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.8.4 and 1.9.x before 1.9.1 allows \"go get\" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git checkout in its pkg2 directory and some other work is done to ensure the proper ordering of operations, \"go get\" can be tricked into reusing this Git checkout for the fetch of code from pkg2. If the Subversion repository\u0027s Git checkout has malicious commands in .git/hooks/, they will execute on the system running \"go get.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15041",
"url": "https://www.suse.com/security/cve/CVE-2017-15041"
},
{
"category": "external",
"summary": "SUSE Bug 1062085 for CVE-2017-15041",
"url": "https://bugzilla.suse.com/1062085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2017-15041"
},
{
"cve": "CVE-2017-15042",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15042"
}
],
"notes": [
{
"category": "general",
"text": "An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was documented to do so. In 2013, upstream issue #5184, this was changed so that the server may decide whether PLAIN is acceptable. The result is that if you set up a man-in-the-middle SMTP server that doesn\u0027t advertise STARTTLS and does advertise that PLAIN auth is OK, the smtp.PlainAuth implementation sends the username and password.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15042",
"url": "https://www.suse.com/security/cve/CVE-2017-15042"
},
{
"category": "external",
"summary": "SUSE Bug 1062087 for CVE-2017-15042",
"url": "https://bugzilla.suse.com/1062087"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2017-15042"
},
{
"cve": "CVE-2017-8932",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8932"
}
],
"notes": [
{
"category": "general",
"text": "A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8932",
"url": "https://www.suse.com/security/cve/CVE-2017-8932"
},
{
"category": "external",
"summary": "SUSE Bug 1040618 for CVE-2017-8932",
"url": "https://bugzilla.suse.com/1040618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-8932"
},
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
},
{
"cve": "CVE-2018-6574",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6574"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow \"go get\" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6574",
"url": "https://www.suse.com/security/cve/CVE-2018-6574"
},
{
"category": "external",
"summary": "SUSE Bug 1080006 for CVE-2018-6574",
"url": "https://bugzilla.suse.com/1080006"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-6574"
},
{
"cve": "CVE-2019-6486",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6486"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6486",
"url": "https://www.suse.com/security/cve/CVE-2019-6486"
},
{
"category": "external",
"summary": "SUSE Bug 1123013 for CVE-2019-6486",
"url": "https://bugzilla.suse.com/1123013"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-doc-1.10.8-8.2.x86_64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.aarch64",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.ppc64le",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.s390x",
"openSUSE Tumbleweed:go1.10-race-1.10.8-8.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-6486"
}
]
}
opensuse-su-2024:10741-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
etcd-3.4.16-3.1 on GA media
Notes
Title of the patch
etcd-3.4.16-3.1 on GA media
Description of the patch
These are all security issues fixed in the etcd-3.4.16-3.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10741
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "etcd-3.4.16-3.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the etcd-3.4.16-3.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10741",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10741-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16886 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15106 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15106/"
}
],
"title": "etcd-3.4.16-3.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10741-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "etcd-3.4.16-3.1.aarch64",
"product": {
"name": "etcd-3.4.16-3.1.aarch64",
"product_id": "etcd-3.4.16-3.1.aarch64"
}
},
{
"category": "product_version",
"name": "etcdctl-3.4.16-3.1.aarch64",
"product": {
"name": "etcdctl-3.4.16-3.1.aarch64",
"product_id": "etcdctl-3.4.16-3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-3.4.16-3.1.ppc64le",
"product": {
"name": "etcd-3.4.16-3.1.ppc64le",
"product_id": "etcd-3.4.16-3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "etcdctl-3.4.16-3.1.ppc64le",
"product": {
"name": "etcdctl-3.4.16-3.1.ppc64le",
"product_id": "etcdctl-3.4.16-3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-3.4.16-3.1.s390x",
"product": {
"name": "etcd-3.4.16-3.1.s390x",
"product_id": "etcd-3.4.16-3.1.s390x"
}
},
{
"category": "product_version",
"name": "etcdctl-3.4.16-3.1.s390x",
"product": {
"name": "etcdctl-3.4.16-3.1.s390x",
"product_id": "etcdctl-3.4.16-3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-3.4.16-3.1.x86_64",
"product": {
"name": "etcd-3.4.16-3.1.x86_64",
"product_id": "etcd-3.4.16-3.1.x86_64"
}
},
{
"category": "product_version",
"name": "etcdctl-3.4.16-3.1.x86_64",
"product": {
"name": "etcdctl-3.4.16-3.1.x86_64",
"product_id": "etcdctl-3.4.16-3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-3.4.16-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:etcd-3.4.16-3.1.aarch64"
},
"product_reference": "etcd-3.4.16-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-3.4.16-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:etcd-3.4.16-3.1.ppc64le"
},
"product_reference": "etcd-3.4.16-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-3.4.16-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:etcd-3.4.16-3.1.s390x"
},
"product_reference": "etcd-3.4.16-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-3.4.16-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:etcd-3.4.16-3.1.x86_64"
},
"product_reference": "etcd-3.4.16-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcdctl-3.4.16-3.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:etcdctl-3.4.16-3.1.aarch64"
},
"product_reference": "etcdctl-3.4.16-3.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcdctl-3.4.16-3.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:etcdctl-3.4.16-3.1.ppc64le"
},
"product_reference": "etcdctl-3.4.16-3.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcdctl-3.4.16-3.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:etcdctl-3.4.16-3.1.s390x"
},
"product_reference": "etcdctl-3.4.16-3.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcdctl-3.4.16-3.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:etcdctl-3.4.16-3.1.x86_64"
},
"product_reference": "etcdctl-3.4.16-3.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:etcd-3.4.16-3.1.aarch64",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.ppc64le",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.s390x",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.x86_64",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.aarch64",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.ppc64le",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.s390x",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:etcd-3.4.16-3.1.aarch64",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.ppc64le",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.s390x",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.x86_64",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.aarch64",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.ppc64le",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.s390x",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:etcd-3.4.16-3.1.aarch64",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.ppc64le",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.s390x",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.x86_64",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.aarch64",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.ppc64le",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.s390x",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:etcd-3.4.16-3.1.aarch64",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.ppc64le",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.s390x",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.x86_64",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.aarch64",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.ppc64le",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.s390x",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:etcd-3.4.16-3.1.aarch64",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.ppc64le",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.s390x",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.x86_64",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.aarch64",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.ppc64le",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.s390x",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:etcd-3.4.16-3.1.aarch64",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.ppc64le",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.s390x",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.x86_64",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.aarch64",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.ppc64le",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.s390x",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:etcd-3.4.16-3.1.aarch64",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.ppc64le",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.s390x",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.x86_64",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.aarch64",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.ppc64le",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.s390x",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:etcd-3.4.16-3.1.aarch64",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.ppc64le",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.s390x",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.x86_64",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.aarch64",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.ppc64le",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.s390x",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:etcd-3.4.16-3.1.aarch64",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.ppc64le",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.s390x",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.x86_64",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.aarch64",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.ppc64le",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.s390x",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
},
{
"cve": "CVE-2018-16886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16886"
}
],
"notes": [
{
"category": "general",
"text": "etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:etcd-3.4.16-3.1.aarch64",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.ppc64le",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.s390x",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.x86_64",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.aarch64",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.ppc64le",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.s390x",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16886",
"url": "https://www.suse.com/security/cve/CVE-2018-16886"
},
{
"category": "external",
"summary": "SUSE Bug 1121850 for CVE-2018-16886",
"url": "https://bugzilla.suse.com/1121850"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:etcd-3.4.16-3.1.aarch64",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.ppc64le",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.s390x",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.x86_64",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.aarch64",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.ppc64le",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.s390x",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:etcd-3.4.16-3.1.aarch64",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.ppc64le",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.s390x",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.x86_64",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.aarch64",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.ppc64le",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.s390x",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16886"
},
{
"cve": "CVE-2020-15106",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15106"
}
],
"notes": [
{
"category": "general",
"text": "In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:etcd-3.4.16-3.1.aarch64",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.ppc64le",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.s390x",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.x86_64",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.aarch64",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.ppc64le",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.s390x",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15106",
"url": "https://www.suse.com/security/cve/CVE-2020-15106"
},
{
"category": "external",
"summary": "SUSE Bug 1174951 for CVE-2020-15106",
"url": "https://bugzilla.suse.com/1174951"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:etcd-3.4.16-3.1.aarch64",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.ppc64le",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.s390x",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.x86_64",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.aarch64",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.ppc64le",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.s390x",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:etcd-3.4.16-3.1.aarch64",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.ppc64le",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.s390x",
"openSUSE Tumbleweed:etcd-3.4.16-3.1.x86_64",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.aarch64",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.ppc64le",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.s390x",
"openSUSE Tumbleweed:etcdctl-3.4.16-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-15106"
}
]
}
opensuse-su-2024:11358-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
runc-1.0.2-1.2 on GA media
Notes
Title of the patch
runc-1.0.2-1.2 on GA media
Description of the patch
These are all security issues fixed in the runc-1.0.2-1.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11358
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "runc-1.0.2-1.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the runc-1.0.2-1.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11358",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11358-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9962 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16884 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19921 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19921/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5736 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-30465 page",
"url": "https://www.suse.com/security/cve/CVE-2021-30465/"
}
],
"title": "runc-1.0.2-1.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11358-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.2-1.2.aarch64",
"product": {
"name": "runc-1.0.2-1.2.aarch64",
"product_id": "runc-1.0.2-1.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.2-1.2.ppc64le",
"product": {
"name": "runc-1.0.2-1.2.ppc64le",
"product_id": "runc-1.0.2-1.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.2-1.2.s390x",
"product": {
"name": "runc-1.0.2-1.2.s390x",
"product_id": "runc-1.0.2-1.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.2-1.2.x86_64",
"product": {
"name": "runc-1.0.2-1.2.x86_64",
"product_id": "runc-1.0.2-1.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.2-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64"
},
"product_reference": "runc-1.0.2-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.2-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le"
},
"product_reference": "runc-1.0.2-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.2-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:runc-1.0.2-1.2.s390x"
},
"product_reference": "runc-1.0.2-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.2-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
},
"product_reference": "runc-1.0.2-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-9962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9962"
}
],
"notes": [
{
"category": "general",
"text": "RunC allowed additional container processes via \u0027runc exec\u0027 to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
"openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
"openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
"openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9962",
"url": "https://www.suse.com/security/cve/CVE-2016-9962"
},
{
"category": "external",
"summary": "SUSE Bug 1012568 for CVE-2016-9962",
"url": "https://bugzilla.suse.com/1012568"
},
{
"category": "external",
"summary": "SUSE Bug 1173425 for CVE-2016-9962",
"url": "https://bugzilla.suse.com/1173425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
"openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
"openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
"openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
"openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
"openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
"openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9962"
},
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
"openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
"openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
"openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
"openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
"openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
"openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
"openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
"openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
"openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
"openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
"openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
"openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
"openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
"openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
"openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
"openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
"openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
"openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
"openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
"openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
"openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
"openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
"openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
"openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
"openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
"openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
"openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
},
{
"cve": "CVE-2019-16884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16884"
}
],
"notes": [
{
"category": "general",
"text": "runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
"openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
"openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
"openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16884",
"url": "https://www.suse.com/security/cve/CVE-2019-16884"
},
{
"category": "external",
"summary": "SUSE Bug 1152308 for CVE-2019-16884",
"url": "https://bugzilla.suse.com/1152308"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
"openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
"openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
"openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
"openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
"openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
"openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-16884"
},
{
"cve": "CVE-2019-19921",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19921"
}
],
"notes": [
{
"category": "general",
"text": "runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
"openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
"openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
"openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19921",
"url": "https://www.suse.com/security/cve/CVE-2019-19921"
},
{
"category": "external",
"summary": "SUSE Bug 1160452 for CVE-2019-19921",
"url": "https://bugzilla.suse.com/1160452"
},
{
"category": "external",
"summary": "SUSE Bug 1208962 for CVE-2019-19921",
"url": "https://bugzilla.suse.com/1208962"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
"openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
"openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
"openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
"openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
"openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
"openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-19921"
},
{
"cve": "CVE-2019-5736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5736"
}
],
"notes": [
{
"category": "general",
"text": "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
"openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
"openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
"openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5736",
"url": "https://www.suse.com/security/cve/CVE-2019-5736"
},
{
"category": "external",
"summary": "SUSE Bug 1121967 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "external",
"summary": "SUSE Bug 1122185 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1122185"
},
{
"category": "external",
"summary": "SUSE Bug 1173421 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1173421"
},
{
"category": "external",
"summary": "SUSE Bug 1218894 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1218894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
"openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
"openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
"openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
"openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
"openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
"openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-5736"
},
{
"cve": "CVE-2021-30465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-30465"
}
],
"notes": [
{
"category": "general",
"text": "runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
"openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
"openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
"openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-30465",
"url": "https://www.suse.com/security/cve/CVE-2021-30465"
},
{
"category": "external",
"summary": "SUSE Bug 1185405 for CVE-2021-30465",
"url": "https://bugzilla.suse.com/1185405"
},
{
"category": "external",
"summary": "SUSE Bug 1189161 for CVE-2021-30465",
"url": "https://bugzilla.suse.com/1189161"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
"openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
"openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
"openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:runc-1.0.2-1.2.aarch64",
"openSUSE Tumbleweed:runc-1.0.2-1.2.ppc64le",
"openSUSE Tumbleweed:runc-1.0.2-1.2.s390x",
"openSUSE Tumbleweed:runc-1.0.2-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-30465"
}
]
}
opensuse-su-2024:10804-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
go1.11-1.11.13-10.5 on GA media
Notes
Title of the patch
go1.11-1.11.13-10.5 on GA media
Description of the patch
These are all security issues fixed in the go1.11-1.11.13-10.5 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10804
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "go1.11-1.11.13-10.5 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the go1.11-1.11.13-10.5 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10804",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10804-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-7189 page",
"url": "https://www.suse.com/security/cve/CVE-2014-7189/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8618 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3959 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3959/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5386 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5386/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15041 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15041/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15042 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15042/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8932 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8932/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6574 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6574/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14809 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14809/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6486 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6486/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9512 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9512/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9514 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9514/"
}
],
"title": "go1.11-1.11.13-10.5 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10804-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.11-1.11.13-10.5.aarch64",
"product": {
"name": "go1.11-1.11.13-10.5.aarch64",
"product_id": "go1.11-1.11.13-10.5.aarch64"
}
},
{
"category": "product_version",
"name": "go1.11-doc-1.11.13-10.5.aarch64",
"product": {
"name": "go1.11-doc-1.11.13-10.5.aarch64",
"product_id": "go1.11-doc-1.11.13-10.5.aarch64"
}
},
{
"category": "product_version",
"name": "go1.11-race-1.11.13-10.5.aarch64",
"product": {
"name": "go1.11-race-1.11.13-10.5.aarch64",
"product_id": "go1.11-race-1.11.13-10.5.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.11-1.11.13-10.5.ppc64le",
"product": {
"name": "go1.11-1.11.13-10.5.ppc64le",
"product_id": "go1.11-1.11.13-10.5.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.11-doc-1.11.13-10.5.ppc64le",
"product": {
"name": "go1.11-doc-1.11.13-10.5.ppc64le",
"product_id": "go1.11-doc-1.11.13-10.5.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.11-race-1.11.13-10.5.ppc64le",
"product": {
"name": "go1.11-race-1.11.13-10.5.ppc64le",
"product_id": "go1.11-race-1.11.13-10.5.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.11-1.11.13-10.5.s390x",
"product": {
"name": "go1.11-1.11.13-10.5.s390x",
"product_id": "go1.11-1.11.13-10.5.s390x"
}
},
{
"category": "product_version",
"name": "go1.11-doc-1.11.13-10.5.s390x",
"product": {
"name": "go1.11-doc-1.11.13-10.5.s390x",
"product_id": "go1.11-doc-1.11.13-10.5.s390x"
}
},
{
"category": "product_version",
"name": "go1.11-race-1.11.13-10.5.s390x",
"product": {
"name": "go1.11-race-1.11.13-10.5.s390x",
"product_id": "go1.11-race-1.11.13-10.5.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.11-1.11.13-10.5.x86_64",
"product": {
"name": "go1.11-1.11.13-10.5.x86_64",
"product_id": "go1.11-1.11.13-10.5.x86_64"
}
},
{
"category": "product_version",
"name": "go1.11-doc-1.11.13-10.5.x86_64",
"product": {
"name": "go1.11-doc-1.11.13-10.5.x86_64",
"product_id": "go1.11-doc-1.11.13-10.5.x86_64"
}
},
{
"category": "product_version",
"name": "go1.11-race-1.11.13-10.5.x86_64",
"product": {
"name": "go1.11-race-1.11.13-10.5.x86_64",
"product_id": "go1.11-race-1.11.13-10.5.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.11-1.11.13-10.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64"
},
"product_reference": "go1.11-1.11.13-10.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.11-1.11.13-10.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le"
},
"product_reference": "go1.11-1.11.13-10.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.11-1.11.13-10.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x"
},
"product_reference": "go1.11-1.11.13-10.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.11-1.11.13-10.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64"
},
"product_reference": "go1.11-1.11.13-10.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.11-doc-1.11.13-10.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64"
},
"product_reference": "go1.11-doc-1.11.13-10.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.11-doc-1.11.13-10.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le"
},
"product_reference": "go1.11-doc-1.11.13-10.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.11-doc-1.11.13-10.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x"
},
"product_reference": "go1.11-doc-1.11.13-10.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.11-doc-1.11.13-10.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64"
},
"product_reference": "go1.11-doc-1.11.13-10.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.11-race-1.11.13-10.5.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64"
},
"product_reference": "go1.11-race-1.11.13-10.5.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.11-race-1.11.13-10.5.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le"
},
"product_reference": "go1.11-race-1.11.13-10.5.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.11-race-1.11.13-10.5.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x"
},
"product_reference": "go1.11-race-1.11.13-10.5.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.11-race-1.11.13-10.5.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
},
"product_reference": "go1.11-race-1.11.13-10.5.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-7189",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-7189"
}
],
"notes": [
{
"category": "general",
"text": "crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-7189",
"url": "https://www.suse.com/security/cve/CVE-2014-7189"
},
{
"category": "external",
"summary": "SUSE Bug 898901 for CVE-2014-7189",
"url": "https://bugzilla.suse.com/898901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-7189"
},
{
"cve": "CVE-2015-8618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8618"
}
],
"notes": [
{
"category": "general",
"text": "The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8618",
"url": "https://www.suse.com/security/cve/CVE-2015-8618"
},
{
"category": "external",
"summary": "SUSE Bug 957814 for CVE-2015-8618",
"url": "https://bugzilla.suse.com/957814"
},
{
"category": "external",
"summary": "SUSE Bug 960151 for CVE-2015-8618",
"url": "https://bugzilla.suse.com/960151"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2015-8618"
},
{
"cve": "CVE-2016-3959",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3959"
}
],
"notes": [
{
"category": "general",
"text": "The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3959",
"url": "https://www.suse.com/security/cve/CVE-2016-3959"
},
{
"category": "external",
"summary": "SUSE Bug 974232 for CVE-2016-3959",
"url": "https://bugzilla.suse.com/974232"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-3959"
},
{
"cve": "CVE-2016-5386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5386"
}
],
"notes": [
{
"category": "general",
"text": "The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5386",
"url": "https://www.suse.com/security/cve/CVE-2016-5386"
},
{
"category": "external",
"summary": "SUSE Bug 988484 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/988484"
},
{
"category": "external",
"summary": "SUSE Bug 988486 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/988486"
},
{
"category": "external",
"summary": "SUSE Bug 988487 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/988487"
},
{
"category": "external",
"summary": "SUSE Bug 988488 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/988488"
},
{
"category": "external",
"summary": "SUSE Bug 988489 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/988489"
},
{
"category": "external",
"summary": "SUSE Bug 988491 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/988491"
},
{
"category": "external",
"summary": "SUSE Bug 988492 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/988492"
},
{
"category": "external",
"summary": "SUSE Bug 989125 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/989125"
},
{
"category": "external",
"summary": "SUSE Bug 989174 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/989174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-5386"
},
{
"cve": "CVE-2017-15041",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15041"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.8.4 and 1.9.x before 1.9.1 allows \"go get\" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git checkout in its pkg2 directory and some other work is done to ensure the proper ordering of operations, \"go get\" can be tricked into reusing this Git checkout for the fetch of code from pkg2. If the Subversion repository\u0027s Git checkout has malicious commands in .git/hooks/, they will execute on the system running \"go get.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15041",
"url": "https://www.suse.com/security/cve/CVE-2017-15041"
},
{
"category": "external",
"summary": "SUSE Bug 1062085 for CVE-2017-15041",
"url": "https://bugzilla.suse.com/1062085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2017-15041"
},
{
"cve": "CVE-2017-15042",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15042"
}
],
"notes": [
{
"category": "general",
"text": "An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was documented to do so. In 2013, upstream issue #5184, this was changed so that the server may decide whether PLAIN is acceptable. The result is that if you set up a man-in-the-middle SMTP server that doesn\u0027t advertise STARTTLS and does advertise that PLAIN auth is OK, the smtp.PlainAuth implementation sends the username and password.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15042",
"url": "https://www.suse.com/security/cve/CVE-2017-15042"
},
{
"category": "external",
"summary": "SUSE Bug 1062087 for CVE-2017-15042",
"url": "https://bugzilla.suse.com/1062087"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2017-15042"
},
{
"cve": "CVE-2017-8932",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8932"
}
],
"notes": [
{
"category": "general",
"text": "A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8932",
"url": "https://www.suse.com/security/cve/CVE-2017-8932"
},
{
"category": "external",
"summary": "SUSE Bug 1040618 for CVE-2017-8932",
"url": "https://bugzilla.suse.com/1040618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-8932"
},
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
},
{
"cve": "CVE-2018-6574",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6574"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow \"go get\" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6574",
"url": "https://www.suse.com/security/cve/CVE-2018-6574"
},
{
"category": "external",
"summary": "SUSE Bug 1080006 for CVE-2018-6574",
"url": "https://bugzilla.suse.com/1080006"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-6574"
},
{
"cve": "CVE-2019-14809",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14809"
}
],
"notes": [
{
"category": "general",
"text": "net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14809",
"url": "https://www.suse.com/security/cve/CVE-2019-14809"
},
{
"category": "external",
"summary": "SUSE Bug 1146123 for CVE-2019-14809",
"url": "https://bugzilla.suse.com/1146123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-14809"
},
{
"cve": "CVE-2019-6486",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6486"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6486",
"url": "https://www.suse.com/security/cve/CVE-2019-6486"
},
{
"category": "external",
"summary": "SUSE Bug 1123013 for CVE-2019-6486",
"url": "https://bugzilla.suse.com/1123013"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-6486"
},
{
"cve": "CVE-2019-9512",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9512"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9512",
"url": "https://www.suse.com/security/cve/CVE-2019-9512"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146099 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1146099"
},
{
"category": "external",
"summary": "SUSE Bug 1146111 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1146111"
},
{
"category": "external",
"summary": "SUSE Bug 1147142 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1147142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9512"
},
{
"cve": "CVE-2019-9514",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9514"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9514",
"url": "https://www.suse.com/security/cve/CVE-2019-9514"
},
{
"category": "external",
"summary": "SUSE Bug 1145662 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1145662"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146095 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1146095"
},
{
"category": "external",
"summary": "SUSE Bug 1146115 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1146115"
},
{
"category": "external",
"summary": "SUSE Bug 1147142 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1147142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-doc-1.11.13-10.5.x86_64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.aarch64",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.ppc64le",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.s390x",
"openSUSE Tumbleweed:go1.11-race-1.11.13-10.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9514"
}
]
}
opensuse-su-2024:10722-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
docker-20.10.6_ce-2.1 on GA media
Notes
Title of the patch
docker-20.10.6_ce-2.1 on GA media
Description of the patch
These are all security issues fixed in the docker-20.10.6_ce-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10722
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "docker-20.10.6_ce-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the docker-20.10.6_ce-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10722",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10722-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9962 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-14992 page",
"url": "https://www.suse.com/security/cve/CVE-2017-14992/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16539 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16539/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10892 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10892/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-15664 page",
"url": "https://www.suse.com/security/cve/CVE-2018-15664/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20699 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13509 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13509/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14271 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14271/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13401 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13401/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15257 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15257/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21284 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21284/"
}
],
"title": "docker-20.10.6_ce-2.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10722-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-20.10.6_ce-2.1.aarch64",
"product": {
"name": "docker-20.10.6_ce-2.1.aarch64",
"product_id": "docker-20.10.6_ce-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-bash-completion-20.10.6_ce-2.1.aarch64",
"product": {
"name": "docker-bash-completion-20.10.6_ce-2.1.aarch64",
"product_id": "docker-bash-completion-20.10.6_ce-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-fish-completion-20.10.6_ce-2.1.aarch64",
"product": {
"name": "docker-fish-completion-20.10.6_ce-2.1.aarch64",
"product_id": "docker-fish-completion-20.10.6_ce-2.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"product": {
"name": "docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"product_id": "docker-zsh-completion-20.10.6_ce-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-20.10.6_ce-2.1.ppc64le",
"product": {
"name": "docker-20.10.6_ce-2.1.ppc64le",
"product_id": "docker-20.10.6_ce-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"product": {
"name": "docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"product_id": "docker-bash-completion-20.10.6_ce-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"product": {
"name": "docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"product_id": "docker-fish-completion-20.10.6_ce-2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"product": {
"name": "docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"product_id": "docker-zsh-completion-20.10.6_ce-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-20.10.6_ce-2.1.s390x",
"product": {
"name": "docker-20.10.6_ce-2.1.s390x",
"product_id": "docker-20.10.6_ce-2.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-bash-completion-20.10.6_ce-2.1.s390x",
"product": {
"name": "docker-bash-completion-20.10.6_ce-2.1.s390x",
"product_id": "docker-bash-completion-20.10.6_ce-2.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-fish-completion-20.10.6_ce-2.1.s390x",
"product": {
"name": "docker-fish-completion-20.10.6_ce-2.1.s390x",
"product_id": "docker-fish-completion-20.10.6_ce-2.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-20.10.6_ce-2.1.s390x",
"product": {
"name": "docker-zsh-completion-20.10.6_ce-2.1.s390x",
"product_id": "docker-zsh-completion-20.10.6_ce-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-20.10.6_ce-2.1.x86_64",
"product": {
"name": "docker-20.10.6_ce-2.1.x86_64",
"product_id": "docker-20.10.6_ce-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-bash-completion-20.10.6_ce-2.1.x86_64",
"product": {
"name": "docker-bash-completion-20.10.6_ce-2.1.x86_64",
"product_id": "docker-bash-completion-20.10.6_ce-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-fish-completion-20.10.6_ce-2.1.x86_64",
"product": {
"name": "docker-fish-completion-20.10.6_ce-2.1.x86_64",
"product_id": "docker-fish-completion-20.10.6_ce-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-20.10.6_ce-2.1.x86_64",
"product": {
"name": "docker-zsh-completion-20.10.6_ce-2.1.x86_64",
"product_id": "docker-zsh-completion-20.10.6_ce-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-20.10.6_ce-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64"
},
"product_reference": "docker-20.10.6_ce-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-20.10.6_ce-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le"
},
"product_reference": "docker-20.10.6_ce-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-20.10.6_ce-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x"
},
"product_reference": "docker-20.10.6_ce-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-20.10.6_ce-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64"
},
"product_reference": "docker-20.10.6_ce-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-20.10.6_ce-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64"
},
"product_reference": "docker-bash-completion-20.10.6_ce-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-20.10.6_ce-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le"
},
"product_reference": "docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-20.10.6_ce-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x"
},
"product_reference": "docker-bash-completion-20.10.6_ce-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-20.10.6_ce-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64"
},
"product_reference": "docker-bash-completion-20.10.6_ce-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-fish-completion-20.10.6_ce-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64"
},
"product_reference": "docker-fish-completion-20.10.6_ce-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-fish-completion-20.10.6_ce-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le"
},
"product_reference": "docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-fish-completion-20.10.6_ce-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x"
},
"product_reference": "docker-fish-completion-20.10.6_ce-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-fish-completion-20.10.6_ce-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64"
},
"product_reference": "docker-fish-completion-20.10.6_ce-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-zsh-completion-20.10.6_ce-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64"
},
"product_reference": "docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-zsh-completion-20.10.6_ce-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le"
},
"product_reference": "docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-zsh-completion-20.10.6_ce-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x"
},
"product_reference": "docker-zsh-completion-20.10.6_ce-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-zsh-completion-20.10.6_ce-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
},
"product_reference": "docker-zsh-completion-20.10.6_ce-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-9962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9962"
}
],
"notes": [
{
"category": "general",
"text": "RunC allowed additional container processes via \u0027runc exec\u0027 to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9962",
"url": "https://www.suse.com/security/cve/CVE-2016-9962"
},
{
"category": "external",
"summary": "SUSE Bug 1012568 for CVE-2016-9962",
"url": "https://bugzilla.suse.com/1012568"
},
{
"category": "external",
"summary": "SUSE Bug 1173425 for CVE-2016-9962",
"url": "https://bugzilla.suse.com/1173425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9962"
},
{
"cve": "CVE-2017-14992",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-14992"
}
],
"notes": [
{
"category": "general",
"text": "Lack of content verification in Docker-CE (Also known as Moby) versions 1.12.6-0, 1.10.3, 17.03.0, 17.03.1, 17.03.2, 17.06.0, 17.06.1, 17.06.2, 17.09.0, and earlier allows a remote attacker to cause a Denial of Service via a crafted image layer payload, aka gzip bombing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-14992",
"url": "https://www.suse.com/security/cve/CVE-2017-14992"
},
{
"category": "external",
"summary": "SUSE Bug 1066210 for CVE-2017-14992",
"url": "https://bugzilla.suse.com/1066210"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-14992"
},
{
"cve": "CVE-2017-16539",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16539"
}
],
"notes": [
{
"category": "general",
"text": "The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through 17.03.2-ce does not block /proc/scsi pathnames, which allows attackers to trigger data loss (when certain older Linux kernels are used) by leveraging Docker container access to write a \"scsi remove-single-device\" line to /proc/scsi/scsi, aka SCSI MICDROP.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16539",
"url": "https://www.suse.com/security/cve/CVE-2017-16539"
},
{
"category": "external",
"summary": "SUSE Bug 1066801 for CVE-2017-16539",
"url": "https://bugzilla.suse.com/1066801"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-16539"
},
{
"cve": "CVE-2018-10892",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10892"
}
],
"notes": [
{
"category": "general",
"text": "The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host\u0027s hardware like enabling/disabling bluetooth or turning up/down keyboard brightness.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10892",
"url": "https://www.suse.com/security/cve/CVE-2018-10892"
},
{
"category": "external",
"summary": "SUSE Bug 1100331 for CVE-2018-10892",
"url": "https://bugzilla.suse.com/1100331"
},
{
"category": "external",
"summary": "SUSE Bug 1100838 for CVE-2018-10892",
"url": "https://bugzilla.suse.com/1100838"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-10892"
},
{
"cve": "CVE-2018-15664",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-15664"
}
],
"notes": [
{
"category": "general",
"text": "In Docker through 18.06.1-ce-rc2, the API endpoints behind the \u0027docker cp\u0027 command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-15664",
"url": "https://www.suse.com/security/cve/CVE-2018-15664"
},
{
"category": "external",
"summary": "SUSE Bug 1096726 for CVE-2018-15664",
"url": "https://bugzilla.suse.com/1096726"
},
{
"category": "external",
"summary": "SUSE Bug 1139649 for CVE-2018-15664",
"url": "https://bugzilla.suse.com/1139649"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-15664"
},
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
},
{
"cve": "CVE-2018-20699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20699"
}
],
"notes": [
{
"category": "general",
"text": "Docker Engine before 18.09 allows attackers to cause a denial of service (dockerd memory consumption) via a large integer in a --cpuset-mems or --cpuset-cpus value, related to daemon/daemon_unix.go, pkg/parsers/parsers.go, and pkg/sysinfo/sysinfo.go.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20699",
"url": "https://www.suse.com/security/cve/CVE-2018-20699"
},
{
"category": "external",
"summary": "SUSE Bug 1121768 for CVE-2018-20699",
"url": "https://bugzilla.suse.com/1121768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-20699"
},
{
"cve": "CVE-2019-13509",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13509"
}
],
"notes": [
{
"category": "general",
"text": "In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13509",
"url": "https://www.suse.com/security/cve/CVE-2019-13509"
},
{
"category": "external",
"summary": "SUSE Bug 1142160 for CVE-2019-13509",
"url": "https://bugzilla.suse.com/1142160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-13509"
},
{
"cve": "CVE-2019-14271",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14271"
}
],
"notes": [
{
"category": "general",
"text": "In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14271",
"url": "https://www.suse.com/security/cve/CVE-2019-14271"
},
{
"category": "external",
"summary": "SUSE Bug 1143409 for CVE-2019-14271",
"url": "https://bugzilla.suse.com/1143409"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-14271"
},
{
"cve": "CVE-2020-13401",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13401"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Docker Engine before 19.03.11. An attacker in a container, with the CAP_NET_RAW capability, can craft IPv6 router advertisements, and consequently spoof external IPv6 hosts, obtain sensitive information, or cause a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13401",
"url": "https://www.suse.com/security/cve/CVE-2020-13401"
},
{
"category": "external",
"summary": "SUSE Bug 1172375 for CVE-2020-13401",
"url": "https://bugzilla.suse.com/1172375"
},
{
"category": "external",
"summary": "SUSE Bug 1172377 for CVE-2020-13401",
"url": "https://bugzilla.suse.com/1172377"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-13401"
},
{
"cve": "CVE-2020-15257",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15257"
}
],
"notes": [
{
"category": "general",
"text": "containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim\u0027s API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon as they are released. It should be noted that containers started with an old version of containerd-shim should be stopped and restarted, as running containers will continue to be vulnerable even after an upgrade. If you are not providing the ability for untrusted users to start containers in the same network namespace as the shim (typically the \"host\" network namespace, for example with docker run --net=host or hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of isolation mechanisms used for a container necessarily increases that container\u0027s privilege, regardless of what container runtime is used for running that container.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15257",
"url": "https://www.suse.com/security/cve/CVE-2020-15257"
},
{
"category": "external",
"summary": "SUSE Bug 1178969 for CVE-2020-15257",
"url": "https://bugzilla.suse.com/1178969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-15257"
},
{
"cve": "CVE-2021-21284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21284"
}
],
"notes": [
{
"category": "general",
"text": "In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using \"--userns-remap\", if the root user in the remapped namespace has access to the host filesystem they can modify files under \"/var/lib/docker/\u003cremapping\u003e\" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21284",
"url": "https://www.suse.com/security/cve/CVE-2021-21284"
},
{
"category": "external",
"summary": "SUSE Bug 1181732 for CVE-2021-21284",
"url": "https://bugzilla.suse.com/1181732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-bash-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-fish-completion-20.10.6_ce-2.1.x86_64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.aarch64",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.ppc64le",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.s390x",
"openSUSE Tumbleweed:docker-zsh-completion-20.10.6_ce-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2021-21284"
}
]
}
opensuse-su-2024:10761-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
flannel-0.14.0-1.2 on GA media
Notes
Title of the patch
flannel-0.14.0-1.2 on GA media
Description of the patch
These are all security issues fixed in the flannel-0.14.0-1.2 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10761
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "flannel-0.14.0-1.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the flannel-0.14.0-1.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10761",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10761-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14697 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14697/"
}
],
"title": "flannel-0.14.0-1.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10761-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "flannel-0.14.0-1.2.aarch64",
"product": {
"name": "flannel-0.14.0-1.2.aarch64",
"product_id": "flannel-0.14.0-1.2.aarch64"
}
},
{
"category": "product_version",
"name": "flannel-k8s-yaml-0.14.0-1.2.aarch64",
"product": {
"name": "flannel-k8s-yaml-0.14.0-1.2.aarch64",
"product_id": "flannel-k8s-yaml-0.14.0-1.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "flannel-0.14.0-1.2.ppc64le",
"product": {
"name": "flannel-0.14.0-1.2.ppc64le",
"product_id": "flannel-0.14.0-1.2.ppc64le"
}
},
{
"category": "product_version",
"name": "flannel-k8s-yaml-0.14.0-1.2.ppc64le",
"product": {
"name": "flannel-k8s-yaml-0.14.0-1.2.ppc64le",
"product_id": "flannel-k8s-yaml-0.14.0-1.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "flannel-0.14.0-1.2.s390x",
"product": {
"name": "flannel-0.14.0-1.2.s390x",
"product_id": "flannel-0.14.0-1.2.s390x"
}
},
{
"category": "product_version",
"name": "flannel-k8s-yaml-0.14.0-1.2.s390x",
"product": {
"name": "flannel-k8s-yaml-0.14.0-1.2.s390x",
"product_id": "flannel-k8s-yaml-0.14.0-1.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "flannel-0.14.0-1.2.x86_64",
"product": {
"name": "flannel-0.14.0-1.2.x86_64",
"product_id": "flannel-0.14.0-1.2.x86_64"
}
},
{
"category": "product_version",
"name": "flannel-k8s-yaml-0.14.0-1.2.x86_64",
"product": {
"name": "flannel-k8s-yaml-0.14.0-1.2.x86_64",
"product_id": "flannel-k8s-yaml-0.14.0-1.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "flannel-0.14.0-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flannel-0.14.0-1.2.aarch64"
},
"product_reference": "flannel-0.14.0-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flannel-0.14.0-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flannel-0.14.0-1.2.ppc64le"
},
"product_reference": "flannel-0.14.0-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flannel-0.14.0-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flannel-0.14.0-1.2.s390x"
},
"product_reference": "flannel-0.14.0-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flannel-0.14.0-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flannel-0.14.0-1.2.x86_64"
},
"product_reference": "flannel-0.14.0-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flannel-k8s-yaml-0.14.0-1.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.aarch64"
},
"product_reference": "flannel-k8s-yaml-0.14.0-1.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flannel-k8s-yaml-0.14.0-1.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.ppc64le"
},
"product_reference": "flannel-k8s-yaml-0.14.0-1.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flannel-k8s-yaml-0.14.0-1.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.s390x"
},
"product_reference": "flannel-k8s-yaml-0.14.0-1.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "flannel-k8s-yaml-0.14.0-1.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.x86_64"
},
"product_reference": "flannel-k8s-yaml-0.14.0-1.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:flannel-0.14.0-1.2.aarch64",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.ppc64le",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.s390x",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.x86_64",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.aarch64",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.ppc64le",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.s390x",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:flannel-0.14.0-1.2.aarch64",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.ppc64le",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.s390x",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.x86_64",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.aarch64",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.ppc64le",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.s390x",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:flannel-0.14.0-1.2.aarch64",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.ppc64le",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.s390x",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.x86_64",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.aarch64",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.ppc64le",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.s390x",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:flannel-0.14.0-1.2.aarch64",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.ppc64le",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.s390x",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.x86_64",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.aarch64",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.ppc64le",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.s390x",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:flannel-0.14.0-1.2.aarch64",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.ppc64le",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.s390x",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.x86_64",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.aarch64",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.ppc64le",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.s390x",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:flannel-0.14.0-1.2.aarch64",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.ppc64le",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.s390x",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.x86_64",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.aarch64",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.ppc64le",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.s390x",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:flannel-0.14.0-1.2.aarch64",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.ppc64le",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.s390x",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.x86_64",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.aarch64",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.ppc64le",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.s390x",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:flannel-0.14.0-1.2.aarch64",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.ppc64le",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.s390x",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.x86_64",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.aarch64",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.ppc64le",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.s390x",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:flannel-0.14.0-1.2.aarch64",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.ppc64le",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.s390x",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.x86_64",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.aarch64",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.ppc64le",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.s390x",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
},
{
"cve": "CVE-2019-14697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14697"
}
],
"notes": [
{
"category": "general",
"text": "musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application\u0027s source code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:flannel-0.14.0-1.2.aarch64",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.ppc64le",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.s390x",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.x86_64",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.aarch64",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.ppc64le",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.s390x",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14697",
"url": "https://www.suse.com/security/cve/CVE-2019-14697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:flannel-0.14.0-1.2.aarch64",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.ppc64le",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.s390x",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.x86_64",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.aarch64",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.ppc64le",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.s390x",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:flannel-0.14.0-1.2.aarch64",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.ppc64le",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.s390x",
"openSUSE Tumbleweed:flannel-0.14.0-1.2.x86_64",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.aarch64",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.ppc64le",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.s390x",
"openSUSE Tumbleweed:flannel-k8s-yaml-0.14.0-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2019-14697"
}
]
}
opensuse-su-2019:1444-1
Vulnerability from csaf_opensuse
Published
2019-05-27 05:09
Modified
2019-05-27 05:09
Summary
Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork
Notes
Title of the patch
Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork
Description of the patch
This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues:
Security issues fixed:
- CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967).
- CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013).
- CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897).
- CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898).
- CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899).
Other changes and bug fixes:
- Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068).
- Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068).
- Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068).
- docker-test: Improvements to test packaging (bsc#1128746).
- Move daemon.json file to /etc/docker directory (bsc#1114832).
- Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209).
- Fix go build failures (bsc#1121397).
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2019-1444
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967).\n- CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013).\n- CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897).\n- CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898).\n- CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899).\n\nOther changes and bug fixes:\n\n- Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068).\n- Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068).\n- Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068).\n- docker-test: Improvements to test packaging (bsc#1128746).\n- Move daemon.json file to /etc/docker directory (bsc#1114832).\n- Revert golang(API) removal since it turns out this breaks \u003e= requires in certain cases (bsc#1114209).\n- Fix go build failures (bsc#1121397).\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-1444",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_1444-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:1444-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CER2ESZ3IMKBBAWOVTY65MHSHQAI2UVB/#CER2ESZ3IMKBBAWOVTY65MHSHQAI2UVB"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:1444-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CER2ESZ3IMKBBAWOVTY65MHSHQAI2UVB/#CER2ESZ3IMKBBAWOVTY65MHSHQAI2UVB"
},
{
"category": "self",
"summary": "SUSE Bug 1114209",
"url": "https://bugzilla.suse.com/1114209"
},
{
"category": "self",
"summary": "SUSE Bug 1114832",
"url": "https://bugzilla.suse.com/1114832"
},
{
"category": "self",
"summary": "SUSE Bug 1118897",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "self",
"summary": "SUSE Bug 1118898",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "self",
"summary": "SUSE Bug 1118899",
"url": "https://bugzilla.suse.com/1118899"
},
{
"category": "self",
"summary": "SUSE Bug 1121397",
"url": "https://bugzilla.suse.com/1121397"
},
{
"category": "self",
"summary": "SUSE Bug 1121967",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "self",
"summary": "SUSE Bug 1123013",
"url": "https://bugzilla.suse.com/1123013"
},
{
"category": "self",
"summary": "SUSE Bug 1128376",
"url": "https://bugzilla.suse.com/1128376"
},
{
"category": "self",
"summary": "SUSE Bug 1128746",
"url": "https://bugzilla.suse.com/1128746"
},
{
"category": "self",
"summary": "SUSE Bug 1134068",
"url": "https://bugzilla.suse.com/1134068"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5736 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6486 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6486/"
}
],
"title": "Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork",
"tracking": {
"current_release_date": "2019-05-27T05:09:20Z",
"generator": {
"date": "2019-05-27T05:09:20Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:1444-1",
"initial_release_date": "2019-05-27T05:09:20Z",
"revision_history": [
{
"date": "2019-05-27T05:09:20Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go-1.12-lp151.2.3.1.i586",
"product": {
"name": "go-1.12-lp151.2.3.1.i586",
"product_id": "go-1.12-lp151.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "go-doc-1.12-lp151.2.3.1.i586",
"product": {
"name": "go-doc-1.12-lp151.2.3.1.i586",
"product_id": "go-doc-1.12-lp151.2.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-test-1.2.5-lp151.2.3.1.noarch",
"product": {
"name": "containerd-test-1.2.5-lp151.2.3.1.noarch",
"product_id": "containerd-test-1.2.5-lp151.2.3.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"product": {
"name": "docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"product_id": "docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"product": {
"name": "docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"product_id": "docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"product": {
"name": "docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"product_id": "docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.2.5-lp151.2.3.1.x86_64",
"product": {
"name": "containerd-1.2.5-lp151.2.3.1.x86_64",
"product_id": "containerd-1.2.5-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"product": {
"name": "containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"product_id": "containerd-ctr-1.2.5-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-18.09.6_ce-lp151.2.3.1.x86_64",
"product": {
"name": "docker-18.09.6_ce-lp151.2.3.1.x86_64",
"product_id": "docker-18.09.6_ce-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"product_id": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"product": {
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"product_id": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"product": {
"name": "docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"product_id": "docker-test-18.09.6_ce-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "go-1.12-lp151.2.3.1.x86_64",
"product": {
"name": "go-1.12-lp151.2.3.1.x86_64",
"product_id": "go-1.12-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "go-doc-1.12-lp151.2.3.1.x86_64",
"product": {
"name": "go-doc-1.12-lp151.2.3.1.x86_64",
"product_id": "go-doc-1.12-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "go-race-1.12-lp151.2.3.1.x86_64",
"product": {
"name": "go-race-1.12-lp151.2.3.1.x86_64",
"product_id": "go-race-1.12-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.11-1.11.9-lp151.2.3.1.x86_64",
"product": {
"name": "go1.11-1.11.9-lp151.2.3.1.x86_64",
"product_id": "go1.11-1.11.9-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"product": {
"name": "go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"product_id": "go1.11-doc-1.11.9-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"product": {
"name": "go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"product_id": "go1.11-race-1.11.9-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-1.12.4-lp151.2.3.1.x86_64",
"product": {
"name": "go1.12-1.12.4-lp151.2.3.1.x86_64",
"product_id": "go1.12-1.12.4-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"product": {
"name": "go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"product_id": "go1.12-doc-1.12.4-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"product": {
"name": "go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"product_id": "go1.12-race-1.12.4-lp151.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.2.5-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64"
},
"product_reference": "containerd-1.2.5-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-ctr-1.2.5-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64"
},
"product_reference": "containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-test-1.2.5-lp151.2.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch"
},
"product_reference": "containerd-test-1.2.5-lp151.2.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-18.09.6_ce-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64"
},
"product_reference": "docker-18.09.6_ce-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch"
},
"product_reference": "docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
},
"product_reference": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64"
},
"product_reference": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch"
},
"product_reference": "docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-test-18.09.6_ce-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64"
},
"product_reference": "docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch"
},
"product_reference": "docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-1.12-lp151.2.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586"
},
"product_reference": "go-1.12-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-1.12-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64"
},
"product_reference": "go-1.12-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-doc-1.12-lp151.2.3.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586"
},
"product_reference": "go-doc-1.12-lp151.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-doc-1.12-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64"
},
"product_reference": "go-doc-1.12-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-race-1.12-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64"
},
"product_reference": "go-race-1.12-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.11-1.11.9-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64"
},
"product_reference": "go1.11-1.11.9-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.11-doc-1.11.9-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64"
},
"product_reference": "go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.11-race-1.11.9-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64"
},
"product_reference": "go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-1.12.4-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64"
},
"product_reference": "go1.12-1.12.4-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-doc-1.12.4-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64"
},
"product_reference": "go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-race-1.12.4-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64"
},
"product_reference": "go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
},
"product_reference": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-05-27T05:09:20Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-05-27T05:09:20Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-05-27T05:09:20Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
},
{
"cve": "CVE-2019-5736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5736"
}
],
"notes": [
{
"category": "general",
"text": "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5736",
"url": "https://www.suse.com/security/cve/CVE-2019-5736"
},
{
"category": "external",
"summary": "SUSE Bug 1121967 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "external",
"summary": "SUSE Bug 1122185 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1122185"
},
{
"category": "external",
"summary": "SUSE Bug 1173421 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1173421"
},
{
"category": "external",
"summary": "SUSE Bug 1218894 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1218894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-05-27T05:09:20Z",
"details": "moderate"
}
],
"title": "CVE-2019-5736"
},
{
"cve": "CVE-2019-6486",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6486"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6486",
"url": "https://www.suse.com/security/cve/CVE-2019-6486"
},
{
"category": "external",
"summary": "SUSE Bug 1123013 for CVE-2019-6486",
"url": "https://bugzilla.suse.com/1123013"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:containerd-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-ctr-1.2.5-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:containerd-test-1.2.5-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-bash-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.x86_64",
"openSUSE Leap 15.1:docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:docker-test-18.09.6_ce-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:docker-zsh-completion-18.09.6_ce-lp151.2.3.1.noarch",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.i586",
"openSUSE Leap 15.1:go-doc-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go-race-1.12-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-doc-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.11-race-1.11.9-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-doc-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:go1.12-race-1.12.4-lp151.2.3.1.x86_64",
"openSUSE Leap 15.1:golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-05-27T05:09:20Z",
"details": "low"
}
],
"title": "CVE-2019-6486"
}
]
}
opensuse-su-2024:10802-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
go-1.17-1.1 on GA media
Notes
Title of the patch
go-1.17-1.1 on GA media
Description of the patch
These are all security issues fixed in the go-1.17-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10802
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "go-1.17-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the go-1.17-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10802",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10802-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5386 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5386/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15041 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15041/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15042 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15042/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8932 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8932/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6574 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6574/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7187 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6486 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6486/"
}
],
"title": "go-1.17-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10802-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go-1.17-1.1.aarch64",
"product": {
"name": "go-1.17-1.1.aarch64",
"product_id": "go-1.17-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go-doc-1.17-1.1.aarch64",
"product": {
"name": "go-doc-1.17-1.1.aarch64",
"product_id": "go-doc-1.17-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go-race-1.17-1.1.aarch64",
"product": {
"name": "go-race-1.17-1.1.aarch64",
"product_id": "go-race-1.17-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go-1.17-1.1.ppc64le",
"product": {
"name": "go-1.17-1.1.ppc64le",
"product_id": "go-1.17-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go-doc-1.17-1.1.ppc64le",
"product": {
"name": "go-doc-1.17-1.1.ppc64le",
"product_id": "go-doc-1.17-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go-race-1.17-1.1.ppc64le",
"product": {
"name": "go-race-1.17-1.1.ppc64le",
"product_id": "go-race-1.17-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go-1.17-1.1.s390x",
"product": {
"name": "go-1.17-1.1.s390x",
"product_id": "go-1.17-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go-doc-1.17-1.1.s390x",
"product": {
"name": "go-doc-1.17-1.1.s390x",
"product_id": "go-doc-1.17-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go-race-1.17-1.1.s390x",
"product": {
"name": "go-race-1.17-1.1.s390x",
"product_id": "go-race-1.17-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go-1.17-1.1.x86_64",
"product": {
"name": "go-1.17-1.1.x86_64",
"product_id": "go-1.17-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go-doc-1.17-1.1.x86_64",
"product": {
"name": "go-doc-1.17-1.1.x86_64",
"product_id": "go-doc-1.17-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go-race-1.17-1.1.x86_64",
"product": {
"name": "go-race-1.17-1.1.x86_64",
"product_id": "go-race-1.17-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go-1.17-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go-1.17-1.1.aarch64"
},
"product_reference": "go-1.17-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-1.17-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go-1.17-1.1.ppc64le"
},
"product_reference": "go-1.17-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-1.17-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go-1.17-1.1.s390x"
},
"product_reference": "go-1.17-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-1.17-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go-1.17-1.1.x86_64"
},
"product_reference": "go-1.17-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-doc-1.17-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go-doc-1.17-1.1.aarch64"
},
"product_reference": "go-doc-1.17-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-doc-1.17-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go-doc-1.17-1.1.ppc64le"
},
"product_reference": "go-doc-1.17-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-doc-1.17-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go-doc-1.17-1.1.s390x"
},
"product_reference": "go-doc-1.17-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-doc-1.17-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go-doc-1.17-1.1.x86_64"
},
"product_reference": "go-doc-1.17-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-race-1.17-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go-race-1.17-1.1.aarch64"
},
"product_reference": "go-race-1.17-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-race-1.17-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go-race-1.17-1.1.ppc64le"
},
"product_reference": "go-race-1.17-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-race-1.17-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go-race-1.17-1.1.s390x"
},
"product_reference": "go-race-1.17-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-race-1.17-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go-race-1.17-1.1.x86_64"
},
"product_reference": "go-race-1.17-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-5386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5386"
}
],
"notes": [
{
"category": "general",
"text": "The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-doc-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-doc-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-race-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-race-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-race-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-race-1.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5386",
"url": "https://www.suse.com/security/cve/CVE-2016-5386"
},
{
"category": "external",
"summary": "SUSE Bug 988484 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/988484"
},
{
"category": "external",
"summary": "SUSE Bug 988486 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/988486"
},
{
"category": "external",
"summary": "SUSE Bug 988487 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/988487"
},
{
"category": "external",
"summary": "SUSE Bug 988488 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/988488"
},
{
"category": "external",
"summary": "SUSE Bug 988489 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/988489"
},
{
"category": "external",
"summary": "SUSE Bug 988491 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/988491"
},
{
"category": "external",
"summary": "SUSE Bug 988492 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/988492"
},
{
"category": "external",
"summary": "SUSE Bug 989125 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/989125"
},
{
"category": "external",
"summary": "SUSE Bug 989174 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/989174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-doc-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-doc-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-race-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-race-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-race-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-race-1.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-doc-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-doc-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-race-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-race-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-race-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-race-1.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-5386"
},
{
"cve": "CVE-2017-15041",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15041"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.8.4 and 1.9.x before 1.9.1 allows \"go get\" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git checkout in its pkg2 directory and some other work is done to ensure the proper ordering of operations, \"go get\" can be tricked into reusing this Git checkout for the fetch of code from pkg2. If the Subversion repository\u0027s Git checkout has malicious commands in .git/hooks/, they will execute on the system running \"go get.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-doc-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-doc-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-race-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-race-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-race-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-race-1.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15041",
"url": "https://www.suse.com/security/cve/CVE-2017-15041"
},
{
"category": "external",
"summary": "SUSE Bug 1062085 for CVE-2017-15041",
"url": "https://bugzilla.suse.com/1062085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-doc-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-doc-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-race-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-race-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-race-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-race-1.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-doc-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-doc-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-race-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-race-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-race-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-race-1.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2017-15041"
},
{
"cve": "CVE-2017-15042",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15042"
}
],
"notes": [
{
"category": "general",
"text": "An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was documented to do so. In 2013, upstream issue #5184, this was changed so that the server may decide whether PLAIN is acceptable. The result is that if you set up a man-in-the-middle SMTP server that doesn\u0027t advertise STARTTLS and does advertise that PLAIN auth is OK, the smtp.PlainAuth implementation sends the username and password.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-doc-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-doc-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-race-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-race-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-race-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-race-1.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15042",
"url": "https://www.suse.com/security/cve/CVE-2017-15042"
},
{
"category": "external",
"summary": "SUSE Bug 1062087 for CVE-2017-15042",
"url": "https://bugzilla.suse.com/1062087"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-doc-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-doc-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-race-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-race-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-race-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-race-1.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-doc-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-doc-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-race-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-race-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-race-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-race-1.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2017-15042"
},
{
"cve": "CVE-2017-8932",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8932"
}
],
"notes": [
{
"category": "general",
"text": "A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-doc-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-doc-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-race-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-race-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-race-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-race-1.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8932",
"url": "https://www.suse.com/security/cve/CVE-2017-8932"
},
{
"category": "external",
"summary": "SUSE Bug 1040618 for CVE-2017-8932",
"url": "https://bugzilla.suse.com/1040618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-doc-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-doc-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-race-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-race-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-race-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-race-1.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-doc-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-doc-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-race-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-race-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-race-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-race-1.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-8932"
},
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-doc-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-doc-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-race-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-race-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-race-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-race-1.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-doc-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-doc-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-race-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-race-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-race-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-race-1.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-doc-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-doc-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-race-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-race-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-race-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-race-1.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-doc-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-doc-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-race-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-race-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-race-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-race-1.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-doc-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-doc-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-race-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-race-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-race-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-race-1.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-doc-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-doc-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-race-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-race-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-race-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-race-1.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-doc-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-doc-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-race-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-race-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-race-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-race-1.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-doc-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-doc-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-race-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-race-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-race-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-race-1.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-doc-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-doc-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-race-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-race-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-race-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-race-1.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
},
{
"cve": "CVE-2018-6574",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6574"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow \"go get\" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-doc-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-doc-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-race-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-race-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-race-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-race-1.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6574",
"url": "https://www.suse.com/security/cve/CVE-2018-6574"
},
{
"category": "external",
"summary": "SUSE Bug 1080006 for CVE-2018-6574",
"url": "https://bugzilla.suse.com/1080006"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-doc-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-doc-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-race-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-race-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-race-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-race-1.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-doc-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-doc-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-race-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-race-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-race-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-race-1.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-6574"
},
{
"cve": "CVE-2018-7187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7187"
}
],
"notes": [
{
"category": "general",
"text": "The \"go get\" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for \"://\" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-doc-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-doc-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-race-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-race-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-race-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-race-1.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7187",
"url": "https://www.suse.com/security/cve/CVE-2018-7187"
},
{
"category": "external",
"summary": "SUSE Bug 1080006 for CVE-2018-7187",
"url": "https://bugzilla.suse.com/1080006"
},
{
"category": "external",
"summary": "SUSE Bug 1081495 for CVE-2018-7187",
"url": "https://bugzilla.suse.com/1081495"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-doc-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-doc-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-race-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-race-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-race-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-race-1.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-doc-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-doc-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-race-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-race-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-race-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-race-1.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-7187"
},
{
"cve": "CVE-2019-6486",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6486"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-doc-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-doc-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-race-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-race-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-race-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-race-1.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6486",
"url": "https://www.suse.com/security/cve/CVE-2019-6486"
},
{
"category": "external",
"summary": "SUSE Bug 1123013 for CVE-2019-6486",
"url": "https://bugzilla.suse.com/1123013"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-doc-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-doc-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-race-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-race-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-race-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-race-1.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-doc-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-doc-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-doc-1.17-1.1.x86_64",
"openSUSE Tumbleweed:go-race-1.17-1.1.aarch64",
"openSUSE Tumbleweed:go-race-1.17-1.1.ppc64le",
"openSUSE Tumbleweed:go-race-1.17-1.1.s390x",
"openSUSE Tumbleweed:go-race-1.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-6486"
}
]
}
opensuse-su-2019:0189-1
Vulnerability from csaf_opensuse
Published
2019-03-23 11:00
Modified
2019-03-23 11:00
Summary
Security update for docker
Notes
Title of the patch
Security update for docker
Description of the patch
This update for containerd, docker, docker-runc and golang-github-docker-libnetwork fixes the following issues:
Security issues fixed for containerd, docker, docker-runc and golang-github-docker-libnetwork:
- CVE-2018-16873: cmd/go: remote command execution during 'go get -u' (bsc#1118897)
- CVE-2018-16874: cmd/go: directory traversal in 'go get' via curly braces in import paths (bsc#1118898)
- CVE-2018-16875: crypto/x509: CPU denial of service (bsc#1118899)
Non-security issues fixed for docker:
- Disable leap based builds for kubic flavor (bsc#1121412)
- Allow users to explicitly specify the NIS domainname of a container (bsc#1001161)
- Update docker.service to match upstream and avoid rlimit problems (bsc#1112980)
- Allow docker images larger then 23GB (bsc#1118990)
- Docker version update to version 18.09.0-ce (bsc#1115464)
This update was imported from the SUSE:SLE-15:Update update project.
Patchnames
openSUSE-2019-189
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for docker",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for containerd, docker, docker-runc and golang-github-docker-libnetwork fixes the following issues:\n\nSecurity issues fixed for containerd, docker, docker-runc and golang-github-docker-libnetwork:\n\n- CVE-2018-16873: cmd/go: remote command execution during \u0027go get -u\u0027 (bsc#1118897)\n- CVE-2018-16874: cmd/go: directory traversal in \u0027go get\u0027 via curly braces in import paths (bsc#1118898)\n- CVE-2018-16875: crypto/x509: CPU denial of service (bsc#1118899)\n\nNon-security issues fixed for docker:\n\n- Disable leap based builds for kubic flavor (bsc#1121412)\n- Allow users to explicitly specify the NIS domainname of a container (bsc#1001161)\n- Update docker.service to match upstream and avoid rlimit problems (bsc#1112980)\n- Allow docker images larger then 23GB (bsc#1118990)\n- Docker version update to version 18.09.0-ce (bsc#1115464)\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-189",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_0189-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:0189-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XWOQPNXXBRMZ3GUIAPIJWBLSX4C6UKIN/#XWOQPNXXBRMZ3GUIAPIJWBLSX4C6UKIN"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:0189-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XWOQPNXXBRMZ3GUIAPIJWBLSX4C6UKIN/#XWOQPNXXBRMZ3GUIAPIJWBLSX4C6UKIN"
},
{
"category": "self",
"summary": "SUSE Bug 1001161",
"url": "https://bugzilla.suse.com/1001161"
},
{
"category": "self",
"summary": "SUSE Bug 1112980",
"url": "https://bugzilla.suse.com/1112980"
},
{
"category": "self",
"summary": "SUSE Bug 1115464",
"url": "https://bugzilla.suse.com/1115464"
},
{
"category": "self",
"summary": "SUSE Bug 1118897",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "self",
"summary": "SUSE Bug 1118898",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "self",
"summary": "SUSE Bug 1118899",
"url": "https://bugzilla.suse.com/1118899"
},
{
"category": "self",
"summary": "SUSE Bug 1118990",
"url": "https://bugzilla.suse.com/1118990"
},
{
"category": "self",
"summary": "SUSE Bug 1121412",
"url": "https://bugzilla.suse.com/1121412"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
}
],
"title": "Security update for docker",
"tracking": {
"current_release_date": "2019-03-23T11:00:22Z",
"generator": {
"date": "2019-03-23T11:00:22Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:0189-1",
"initial_release_date": "2019-03-23T11:00:22Z",
"revision_history": [
{
"date": "2019-03-23T11:00:22Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "containerd-test-1.1.2-lp150.4.6.1.noarch",
"product": {
"name": "containerd-test-1.1.2-lp150.4.6.1.noarch",
"product_id": "containerd-test-1.1.2-lp150.4.6.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-bash-completion-18.09.0_ce-lp150.5.9.1.noarch",
"product": {
"name": "docker-bash-completion-18.09.0_ce-lp150.5.9.1.noarch",
"product_id": "docker-bash-completion-18.09.0_ce-lp150.5.9.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.6.1.noarch",
"product": {
"name": "docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.6.1.noarch",
"product_id": "docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.6.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-18.09.0_ce-lp150.5.9.1.noarch",
"product": {
"name": "docker-zsh-completion-18.09.0_ce-lp150.5.9.1.noarch",
"product_id": "docker-zsh-completion-18.09.0_ce-lp150.5.9.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.1.2-lp150.4.6.1.x86_64",
"product": {
"name": "containerd-1.1.2-lp150.4.6.1.x86_64",
"product_id": "containerd-1.1.2-lp150.4.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.1.2-lp150.4.6.1.x86_64",
"product": {
"name": "containerd-ctr-1.1.2-lp150.4.6.1.x86_64",
"product_id": "containerd-ctr-1.1.2-lp150.4.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-18.09.0_ce-lp150.5.9.1.x86_64",
"product": {
"name": "docker-18.09.0_ce-lp150.5.9.1.x86_64",
"product_id": "docker-18.09.0_ce-lp150.5.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-lp150.3.6.1.x86_64",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-lp150.3.6.1.x86_64",
"product_id": "docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-lp150.3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.6.1.x86_64",
"product": {
"name": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.6.1.x86_64",
"product_id": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.0_ce-lp150.5.9.1.x86_64",
"product": {
"name": "docker-test-18.09.0_ce-lp150.5.9.1.x86_64",
"product_id": "docker-test-18.09.0_ce-lp150.5.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-lp150.3.6.1.x86_64",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-lp150.3.6.1.x86_64",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-lp150.3.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.1.2-lp150.4.6.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:containerd-1.1.2-lp150.4.6.1.x86_64"
},
"product_reference": "containerd-1.1.2-lp150.4.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-ctr-1.1.2-lp150.4.6.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:containerd-ctr-1.1.2-lp150.4.6.1.x86_64"
},
"product_reference": "containerd-ctr-1.1.2-lp150.4.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-test-1.1.2-lp150.4.6.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:containerd-test-1.1.2-lp150.4.6.1.noarch"
},
"product_reference": "containerd-test-1.1.2-lp150.4.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-18.09.0_ce-lp150.5.9.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-18.09.0_ce-lp150.5.9.1.x86_64"
},
"product_reference": "docker-18.09.0_ce-lp150.5.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-18.09.0_ce-lp150.5.9.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-bash-completion-18.09.0_ce-lp150.5.9.1.noarch"
},
"product_reference": "docker-bash-completion-18.09.0_ce-lp150.5.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-lp150.3.6.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-lp150.3.6.1.x86_64"
},
"product_reference": "docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-lp150.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.6.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.6.1.x86_64"
},
"product_reference": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.6.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.6.1.noarch"
},
"product_reference": "docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-test-18.09.0_ce-lp150.5.9.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-test-18.09.0_ce-lp150.5.9.1.x86_64"
},
"product_reference": "docker-test-18.09.0_ce-lp150.5.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-zsh-completion-18.09.0_ce-lp150.5.9.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:docker-zsh-completion-18.09.0_ce-lp150.5.9.1.noarch"
},
"product_reference": "docker-zsh-completion-18.09.0_ce-lp150.5.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-lp150.3.6.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-lp150.3.6.1.x86_64"
},
"product_reference": "golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-lp150.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:containerd-1.1.2-lp150.4.6.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.1.2-lp150.4.6.1.x86_64",
"openSUSE Leap 15.0:containerd-test-1.1.2-lp150.4.6.1.noarch",
"openSUSE Leap 15.0:docker-18.09.0_ce-lp150.5.9.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.0_ce-lp150.5.9.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-lp150.3.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.6.1.noarch",
"openSUSE Leap 15.0:docker-test-18.09.0_ce-lp150.5.9.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.0_ce-lp150.5.9.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-lp150.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:containerd-1.1.2-lp150.4.6.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.1.2-lp150.4.6.1.x86_64",
"openSUSE Leap 15.0:containerd-test-1.1.2-lp150.4.6.1.noarch",
"openSUSE Leap 15.0:docker-18.09.0_ce-lp150.5.9.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.0_ce-lp150.5.9.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-lp150.3.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.6.1.noarch",
"openSUSE Leap 15.0:docker-test-18.09.0_ce-lp150.5.9.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.0_ce-lp150.5.9.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-lp150.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:containerd-1.1.2-lp150.4.6.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.1.2-lp150.4.6.1.x86_64",
"openSUSE Leap 15.0:containerd-test-1.1.2-lp150.4.6.1.noarch",
"openSUSE Leap 15.0:docker-18.09.0_ce-lp150.5.9.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.0_ce-lp150.5.9.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-lp150.3.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.6.1.noarch",
"openSUSE Leap 15.0:docker-test-18.09.0_ce-lp150.5.9.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.0_ce-lp150.5.9.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-lp150.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T11:00:22Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:containerd-1.1.2-lp150.4.6.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.1.2-lp150.4.6.1.x86_64",
"openSUSE Leap 15.0:containerd-test-1.1.2-lp150.4.6.1.noarch",
"openSUSE Leap 15.0:docker-18.09.0_ce-lp150.5.9.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.0_ce-lp150.5.9.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-lp150.3.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.6.1.noarch",
"openSUSE Leap 15.0:docker-test-18.09.0_ce-lp150.5.9.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.0_ce-lp150.5.9.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-lp150.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:containerd-1.1.2-lp150.4.6.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.1.2-lp150.4.6.1.x86_64",
"openSUSE Leap 15.0:containerd-test-1.1.2-lp150.4.6.1.noarch",
"openSUSE Leap 15.0:docker-18.09.0_ce-lp150.5.9.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.0_ce-lp150.5.9.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-lp150.3.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.6.1.noarch",
"openSUSE Leap 15.0:docker-test-18.09.0_ce-lp150.5.9.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.0_ce-lp150.5.9.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-lp150.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.0:containerd-1.1.2-lp150.4.6.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.1.2-lp150.4.6.1.x86_64",
"openSUSE Leap 15.0:containerd-test-1.1.2-lp150.4.6.1.noarch",
"openSUSE Leap 15.0:docker-18.09.0_ce-lp150.5.9.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.0_ce-lp150.5.9.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-lp150.3.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.6.1.noarch",
"openSUSE Leap 15.0:docker-test-18.09.0_ce-lp150.5.9.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.0_ce-lp150.5.9.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-lp150.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T11:00:22Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:containerd-1.1.2-lp150.4.6.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.1.2-lp150.4.6.1.x86_64",
"openSUSE Leap 15.0:containerd-test-1.1.2-lp150.4.6.1.noarch",
"openSUSE Leap 15.0:docker-18.09.0_ce-lp150.5.9.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.0_ce-lp150.5.9.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-lp150.3.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.6.1.noarch",
"openSUSE Leap 15.0:docker-test-18.09.0_ce-lp150.5.9.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.0_ce-lp150.5.9.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-lp150.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:containerd-1.1.2-lp150.4.6.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.1.2-lp150.4.6.1.x86_64",
"openSUSE Leap 15.0:containerd-test-1.1.2-lp150.4.6.1.noarch",
"openSUSE Leap 15.0:docker-18.09.0_ce-lp150.5.9.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.0_ce-lp150.5.9.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-lp150.3.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.6.1.noarch",
"openSUSE Leap 15.0:docker-test-18.09.0_ce-lp150.5.9.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.0_ce-lp150.5.9.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-lp150.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:containerd-1.1.2-lp150.4.6.1.x86_64",
"openSUSE Leap 15.0:containerd-ctr-1.1.2-lp150.4.6.1.x86_64",
"openSUSE Leap 15.0:containerd-test-1.1.2-lp150.4.6.1.noarch",
"openSUSE Leap 15.0:docker-18.09.0_ce-lp150.5.9.1.x86_64",
"openSUSE Leap 15.0:docker-bash-completion-18.09.0_ce-lp150.5.9.1.noarch",
"openSUSE Leap 15.0:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-lp150.3.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.6.1.x86_64",
"openSUSE Leap 15.0:docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-lp150.5.6.1.noarch",
"openSUSE Leap 15.0:docker-test-18.09.0_ce-lp150.5.9.1.x86_64",
"openSUSE Leap 15.0:docker-zsh-completion-18.09.0_ce-lp150.5.9.1.noarch",
"openSUSE Leap 15.0:golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-lp150.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T11:00:22Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
}
]
}
opensuse-su-2024:10841-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
helm-3.6.3-1.1 on GA media
Notes
Title of the patch
helm-3.6.3-1.1 on GA media
Description of the patch
These are all security issues fixed in the helm-3.6.3-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10841
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "helm-3.6.3-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the helm-3.6.3-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10841",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10841-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
}
],
"title": "helm-3.6.3-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10841-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "helm-3.6.3-1.1.aarch64",
"product": {
"name": "helm-3.6.3-1.1.aarch64",
"product_id": "helm-3.6.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "helm-bash-completion-3.6.3-1.1.aarch64",
"product": {
"name": "helm-bash-completion-3.6.3-1.1.aarch64",
"product_id": "helm-bash-completion-3.6.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "helm-zsh-completion-3.6.3-1.1.aarch64",
"product": {
"name": "helm-zsh-completion-3.6.3-1.1.aarch64",
"product_id": "helm-zsh-completion-3.6.3-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-3.6.3-1.1.ppc64le",
"product": {
"name": "helm-3.6.3-1.1.ppc64le",
"product_id": "helm-3.6.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "helm-bash-completion-3.6.3-1.1.ppc64le",
"product": {
"name": "helm-bash-completion-3.6.3-1.1.ppc64le",
"product_id": "helm-bash-completion-3.6.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "helm-zsh-completion-3.6.3-1.1.ppc64le",
"product": {
"name": "helm-zsh-completion-3.6.3-1.1.ppc64le",
"product_id": "helm-zsh-completion-3.6.3-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-3.6.3-1.1.s390x",
"product": {
"name": "helm-3.6.3-1.1.s390x",
"product_id": "helm-3.6.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "helm-bash-completion-3.6.3-1.1.s390x",
"product": {
"name": "helm-bash-completion-3.6.3-1.1.s390x",
"product_id": "helm-bash-completion-3.6.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "helm-zsh-completion-3.6.3-1.1.s390x",
"product": {
"name": "helm-zsh-completion-3.6.3-1.1.s390x",
"product_id": "helm-zsh-completion-3.6.3-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-3.6.3-1.1.x86_64",
"product": {
"name": "helm-3.6.3-1.1.x86_64",
"product_id": "helm-3.6.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "helm-bash-completion-3.6.3-1.1.x86_64",
"product": {
"name": "helm-bash-completion-3.6.3-1.1.x86_64",
"product_id": "helm-bash-completion-3.6.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "helm-zsh-completion-3.6.3-1.1.x86_64",
"product": {
"name": "helm-zsh-completion-3.6.3-1.1.x86_64",
"product_id": "helm-zsh-completion-3.6.3-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.6.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:helm-3.6.3-1.1.aarch64"
},
"product_reference": "helm-3.6.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.6.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:helm-3.6.3-1.1.ppc64le"
},
"product_reference": "helm-3.6.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.6.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:helm-3.6.3-1.1.s390x"
},
"product_reference": "helm-3.6.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-3.6.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:helm-3.6.3-1.1.x86_64"
},
"product_reference": "helm-3.6.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-bash-completion-3.6.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.aarch64"
},
"product_reference": "helm-bash-completion-3.6.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-bash-completion-3.6.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.ppc64le"
},
"product_reference": "helm-bash-completion-3.6.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-bash-completion-3.6.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.s390x"
},
"product_reference": "helm-bash-completion-3.6.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-bash-completion-3.6.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.x86_64"
},
"product_reference": "helm-bash-completion-3.6.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-zsh-completion-3.6.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.aarch64"
},
"product_reference": "helm-zsh-completion-3.6.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-zsh-completion-3.6.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.ppc64le"
},
"product_reference": "helm-zsh-completion-3.6.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-zsh-completion-3.6.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.s390x"
},
"product_reference": "helm-zsh-completion-3.6.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-zsh-completion-3.6.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.x86_64"
},
"product_reference": "helm-zsh-completion-3.6.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:helm-3.6.3-1.1.aarch64",
"openSUSE Tumbleweed:helm-3.6.3-1.1.ppc64le",
"openSUSE Tumbleweed:helm-3.6.3-1.1.s390x",
"openSUSE Tumbleweed:helm-3.6.3-1.1.x86_64",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.aarch64",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.ppc64le",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.s390x",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.x86_64",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.aarch64",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.ppc64le",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.s390x",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:helm-3.6.3-1.1.aarch64",
"openSUSE Tumbleweed:helm-3.6.3-1.1.ppc64le",
"openSUSE Tumbleweed:helm-3.6.3-1.1.s390x",
"openSUSE Tumbleweed:helm-3.6.3-1.1.x86_64",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.aarch64",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.ppc64le",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.s390x",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.x86_64",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.aarch64",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.ppc64le",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.s390x",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:helm-3.6.3-1.1.aarch64",
"openSUSE Tumbleweed:helm-3.6.3-1.1.ppc64le",
"openSUSE Tumbleweed:helm-3.6.3-1.1.s390x",
"openSUSE Tumbleweed:helm-3.6.3-1.1.x86_64",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.aarch64",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.ppc64le",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.s390x",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.x86_64",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.aarch64",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.ppc64le",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.s390x",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:helm-3.6.3-1.1.aarch64",
"openSUSE Tumbleweed:helm-3.6.3-1.1.ppc64le",
"openSUSE Tumbleweed:helm-3.6.3-1.1.s390x",
"openSUSE Tumbleweed:helm-3.6.3-1.1.x86_64",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.aarch64",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.ppc64le",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.s390x",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.x86_64",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.aarch64",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.ppc64le",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.s390x",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:helm-3.6.3-1.1.aarch64",
"openSUSE Tumbleweed:helm-3.6.3-1.1.ppc64le",
"openSUSE Tumbleweed:helm-3.6.3-1.1.s390x",
"openSUSE Tumbleweed:helm-3.6.3-1.1.x86_64",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.aarch64",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.ppc64le",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.s390x",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.x86_64",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.aarch64",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.ppc64le",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.s390x",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:helm-3.6.3-1.1.aarch64",
"openSUSE Tumbleweed:helm-3.6.3-1.1.ppc64le",
"openSUSE Tumbleweed:helm-3.6.3-1.1.s390x",
"openSUSE Tumbleweed:helm-3.6.3-1.1.x86_64",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.aarch64",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.ppc64le",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.s390x",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.x86_64",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.aarch64",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.ppc64le",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.s390x",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:helm-3.6.3-1.1.aarch64",
"openSUSE Tumbleweed:helm-3.6.3-1.1.ppc64le",
"openSUSE Tumbleweed:helm-3.6.3-1.1.s390x",
"openSUSE Tumbleweed:helm-3.6.3-1.1.x86_64",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.aarch64",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.ppc64le",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.s390x",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.x86_64",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.aarch64",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.ppc64le",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.s390x",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:helm-3.6.3-1.1.aarch64",
"openSUSE Tumbleweed:helm-3.6.3-1.1.ppc64le",
"openSUSE Tumbleweed:helm-3.6.3-1.1.s390x",
"openSUSE Tumbleweed:helm-3.6.3-1.1.x86_64",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.aarch64",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.ppc64le",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.s390x",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.x86_64",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.aarch64",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.ppc64le",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.s390x",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:helm-3.6.3-1.1.aarch64",
"openSUSE Tumbleweed:helm-3.6.3-1.1.ppc64le",
"openSUSE Tumbleweed:helm-3.6.3-1.1.s390x",
"openSUSE Tumbleweed:helm-3.6.3-1.1.x86_64",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.aarch64",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.ppc64le",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.s390x",
"openSUSE Tumbleweed:helm-bash-completion-3.6.3-1.1.x86_64",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.aarch64",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.ppc64le",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.s390x",
"openSUSE Tumbleweed:helm-zsh-completion-3.6.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
}
]
}
opensuse-su-2024:10805-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
go1.12-1.12.17-4.8 on GA media
Notes
Title of the patch
go1.12-1.12.17-4.8 on GA media
Description of the patch
These are all security issues fixed in the go1.12-1.12.17-4.8 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10805
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "go1.12-1.12.17-4.8 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the go1.12-1.12.17-4.8 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10805",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10805-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-7189 page",
"url": "https://www.suse.com/security/cve/CVE-2014-7189/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-8618 page",
"url": "https://www.suse.com/security/cve/CVE-2015-8618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3959 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3959/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-5386 page",
"url": "https://www.suse.com/security/cve/CVE-2016-5386/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15041 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15041/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15042 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15042/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8932 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8932/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6574 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6574/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11888 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11888/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14809 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14809/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16276 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16276/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17596 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17596/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6486 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6486/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9512 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9512/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9514 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9514/"
}
],
"title": "go1.12-1.12.17-4.8 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10805-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.12-1.12.17-4.8.aarch64",
"product": {
"name": "go1.12-1.12.17-4.8.aarch64",
"product_id": "go1.12-1.12.17-4.8.aarch64"
}
},
{
"category": "product_version",
"name": "go1.12-doc-1.12.17-4.8.aarch64",
"product": {
"name": "go1.12-doc-1.12.17-4.8.aarch64",
"product_id": "go1.12-doc-1.12.17-4.8.aarch64"
}
},
{
"category": "product_version",
"name": "go1.12-race-1.12.17-4.8.aarch64",
"product": {
"name": "go1.12-race-1.12.17-4.8.aarch64",
"product_id": "go1.12-race-1.12.17-4.8.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.12-1.12.17-4.8.ppc64le",
"product": {
"name": "go1.12-1.12.17-4.8.ppc64le",
"product_id": "go1.12-1.12.17-4.8.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.12-doc-1.12.17-4.8.ppc64le",
"product": {
"name": "go1.12-doc-1.12.17-4.8.ppc64le",
"product_id": "go1.12-doc-1.12.17-4.8.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.12-race-1.12.17-4.8.ppc64le",
"product": {
"name": "go1.12-race-1.12.17-4.8.ppc64le",
"product_id": "go1.12-race-1.12.17-4.8.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.12-1.12.17-4.8.s390x",
"product": {
"name": "go1.12-1.12.17-4.8.s390x",
"product_id": "go1.12-1.12.17-4.8.s390x"
}
},
{
"category": "product_version",
"name": "go1.12-doc-1.12.17-4.8.s390x",
"product": {
"name": "go1.12-doc-1.12.17-4.8.s390x",
"product_id": "go1.12-doc-1.12.17-4.8.s390x"
}
},
{
"category": "product_version",
"name": "go1.12-race-1.12.17-4.8.s390x",
"product": {
"name": "go1.12-race-1.12.17-4.8.s390x",
"product_id": "go1.12-race-1.12.17-4.8.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.12-1.12.17-4.8.x86_64",
"product": {
"name": "go1.12-1.12.17-4.8.x86_64",
"product_id": "go1.12-1.12.17-4.8.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-doc-1.12.17-4.8.x86_64",
"product": {
"name": "go1.12-doc-1.12.17-4.8.x86_64",
"product_id": "go1.12-doc-1.12.17-4.8.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-race-1.12.17-4.8.x86_64",
"product": {
"name": "go1.12-race-1.12.17-4.8.x86_64",
"product_id": "go1.12-race-1.12.17-4.8.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-1.12.17-4.8.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64"
},
"product_reference": "go1.12-1.12.17-4.8.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-1.12.17-4.8.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le"
},
"product_reference": "go1.12-1.12.17-4.8.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-1.12.17-4.8.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x"
},
"product_reference": "go1.12-1.12.17-4.8.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-1.12.17-4.8.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64"
},
"product_reference": "go1.12-1.12.17-4.8.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-doc-1.12.17-4.8.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64"
},
"product_reference": "go1.12-doc-1.12.17-4.8.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-doc-1.12.17-4.8.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le"
},
"product_reference": "go1.12-doc-1.12.17-4.8.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-doc-1.12.17-4.8.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x"
},
"product_reference": "go1.12-doc-1.12.17-4.8.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-doc-1.12.17-4.8.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64"
},
"product_reference": "go1.12-doc-1.12.17-4.8.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-race-1.12.17-4.8.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64"
},
"product_reference": "go1.12-race-1.12.17-4.8.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-race-1.12.17-4.8.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le"
},
"product_reference": "go1.12-race-1.12.17-4.8.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-race-1.12.17-4.8.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x"
},
"product_reference": "go1.12-race-1.12.17-4.8.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.12-race-1.12.17-4.8.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
},
"product_reference": "go1.12-race-1.12.17-4.8.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2014-7189",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-7189"
}
],
"notes": [
{
"category": "general",
"text": "crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-7189",
"url": "https://www.suse.com/security/cve/CVE-2014-7189"
},
{
"category": "external",
"summary": "SUSE Bug 898901 for CVE-2014-7189",
"url": "https://bugzilla.suse.com/898901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-7189"
},
{
"cve": "CVE-2015-8618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-8618"
}
],
"notes": [
{
"category": "general",
"text": "The Int.Exp Montgomery code in the math/big library in Go 1.5.x before 1.5.3 mishandles carry propagation and produces incorrect output, which makes it easier for attackers to obtain private RSA keys via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-8618",
"url": "https://www.suse.com/security/cve/CVE-2015-8618"
},
{
"category": "external",
"summary": "SUSE Bug 957814 for CVE-2015-8618",
"url": "https://bugzilla.suse.com/957814"
},
{
"category": "external",
"summary": "SUSE Bug 960151 for CVE-2015-8618",
"url": "https://bugzilla.suse.com/960151"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2015-8618"
},
{
"cve": "CVE-2016-3959",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3959"
}
],
"notes": [
{
"category": "general",
"text": "The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3959",
"url": "https://www.suse.com/security/cve/CVE-2016-3959"
},
{
"category": "external",
"summary": "SUSE Bug 974232 for CVE-2016-3959",
"url": "https://bugzilla.suse.com/974232"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-3959"
},
{
"cve": "CVE-2016-5386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-5386"
}
],
"notes": [
{
"category": "general",
"text": "The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application\u0027s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-5386",
"url": "https://www.suse.com/security/cve/CVE-2016-5386"
},
{
"category": "external",
"summary": "SUSE Bug 988484 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/988484"
},
{
"category": "external",
"summary": "SUSE Bug 988486 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/988486"
},
{
"category": "external",
"summary": "SUSE Bug 988487 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/988487"
},
{
"category": "external",
"summary": "SUSE Bug 988488 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/988488"
},
{
"category": "external",
"summary": "SUSE Bug 988489 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/988489"
},
{
"category": "external",
"summary": "SUSE Bug 988491 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/988491"
},
{
"category": "external",
"summary": "SUSE Bug 988492 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/988492"
},
{
"category": "external",
"summary": "SUSE Bug 989125 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/989125"
},
{
"category": "external",
"summary": "SUSE Bug 989174 for CVE-2016-5386",
"url": "https://bugzilla.suse.com/989174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-5386"
},
{
"cve": "CVE-2017-15041",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15041"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.8.4 and 1.9.x before 1.9.1 allows \"go get\" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the Subversion repository includes a Git checkout in its pkg2 directory and some other work is done to ensure the proper ordering of operations, \"go get\" can be tricked into reusing this Git checkout for the fetch of code from pkg2. If the Subversion repository\u0027s Git checkout has malicious commands in .git/hooks/, they will execute on the system running \"go get.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15041",
"url": "https://www.suse.com/security/cve/CVE-2017-15041"
},
{
"category": "external",
"summary": "SUSE Bug 1062085 for CVE-2017-15041",
"url": "https://bugzilla.suse.com/1062085"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2017-15041"
},
{
"cve": "CVE-2017-15042",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15042"
}
],
"notes": [
{
"category": "general",
"text": "An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was documented to do so. In 2013, upstream issue #5184, this was changed so that the server may decide whether PLAIN is acceptable. The result is that if you set up a man-in-the-middle SMTP server that doesn\u0027t advertise STARTTLS and does advertise that PLAIN auth is OK, the smtp.PlainAuth implementation sends the username and password.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15042",
"url": "https://www.suse.com/security/cve/CVE-2017-15042"
},
{
"category": "external",
"summary": "SUSE Bug 1062087 for CVE-2017-15042",
"url": "https://bugzilla.suse.com/1062087"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2017-15042"
},
{
"cve": "CVE-2017-8932",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8932"
}
],
"notes": [
{
"category": "general",
"text": "A bug in the standard library ScalarMult implementation of curve P-256 for amd64 architectures in Go before 1.7.6 and 1.8.x before 1.8.2 causes incorrect results to be generated for specific input points. An adaptive attack can be mounted to progressively extract the scalar input to ScalarMult by submitting crafted points and observing failures to the derive correct output. This leads to a full key recovery attack against static ECDH, as used in popular JWT libraries.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8932",
"url": "https://www.suse.com/security/cve/CVE-2017-8932"
},
{
"category": "external",
"summary": "SUSE Bug 1040618 for CVE-2017-8932",
"url": "https://bugzilla.suse.com/1040618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-8932"
},
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
},
{
"cve": "CVE-2018-6574",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6574"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow \"go get\" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6574",
"url": "https://www.suse.com/security/cve/CVE-2018-6574"
},
{
"category": "external",
"summary": "SUSE Bug 1080006 for CVE-2018-6574",
"url": "https://bugzilla.suse.com/1080006"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-6574"
},
{
"cve": "CVE-2019-11888",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11888"
}
],
"notes": [
{
"category": "general",
"text": "Go through 1.12.5 on Windows mishandles process creation with a nil environment in conjunction with a non-nil token, which allows attackers to obtain sensitive information or gain privileges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11888",
"url": "https://www.suse.com/security/cve/CVE-2019-11888"
},
{
"category": "external",
"summary": "SUSE Bug 1146203 for CVE-2019-11888",
"url": "https://bugzilla.suse.com/1146203"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11888"
},
{
"cve": "CVE-2019-14809",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14809"
}
],
"notes": [
{
"category": "general",
"text": "net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can compose a crafted javascript:// URL that results in a hostname of google.com.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14809",
"url": "https://www.suse.com/security/cve/CVE-2019-14809"
},
{
"category": "external",
"summary": "SUSE Bug 1146123 for CVE-2019-14809",
"url": "https://bugzilla.suse.com/1146123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-14809"
},
{
"cve": "CVE-2019-16276",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16276"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16276",
"url": "https://www.suse.com/security/cve/CVE-2019-16276"
},
{
"category": "external",
"summary": "SUSE Bug 1152082 for CVE-2019-16276",
"url": "https://bugzilla.suse.com/1152082"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-16276"
},
{
"cve": "CVE-2019-17596",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17596"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17596",
"url": "https://www.suse.com/security/cve/CVE-2019-17596"
},
{
"category": "external",
"summary": "SUSE Bug 1154402 for CVE-2019-17596",
"url": "https://bugzilla.suse.com/1154402"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-17596"
},
{
"cve": "CVE-2019-6486",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6486"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6486",
"url": "https://www.suse.com/security/cve/CVE-2019-6486"
},
{
"category": "external",
"summary": "SUSE Bug 1123013 for CVE-2019-6486",
"url": "https://bugzilla.suse.com/1123013"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-6486"
},
{
"cve": "CVE-2019-9512",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9512"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9512",
"url": "https://www.suse.com/security/cve/CVE-2019-9512"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146099 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1146099"
},
{
"category": "external",
"summary": "SUSE Bug 1146111 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1146111"
},
{
"category": "external",
"summary": "SUSE Bug 1147142 for CVE-2019-9512",
"url": "https://bugzilla.suse.com/1147142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9512"
},
{
"cve": "CVE-2019-9514",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9514"
}
],
"notes": [
{
"category": "general",
"text": "Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9514",
"url": "https://www.suse.com/security/cve/CVE-2019-9514"
},
{
"category": "external",
"summary": "SUSE Bug 1145662 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1145662"
},
{
"category": "external",
"summary": "SUSE Bug 1145663 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1145663"
},
{
"category": "external",
"summary": "SUSE Bug 1146095 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1146095"
},
{
"category": "external",
"summary": "SUSE Bug 1146115 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1146115"
},
{
"category": "external",
"summary": "SUSE Bug 1147142 for CVE-2019-9514",
"url": "https://bugzilla.suse.com/1147142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-doc-1.12.17-4.8.x86_64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.aarch64",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.ppc64le",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.s390x",
"openSUSE Tumbleweed:go1.12-race-1.12.17-4.8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-9514"
}
]
}
opensuse-su-2019:0170-1
Vulnerability from csaf_opensuse
Published
2019-02-13 16:51
Modified
2019-02-13 16:51
Summary
Security update for runc
Notes
Title of the patch
Security update for runc
Description of the patch
This update for runc fixes the following issues:
Security vulnerabilities addressed:
- CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid
write attacks to the host runc binary, which could lead to a container
breakout (bsc#1121967)
- CVE-2018-16873: Fix a remote command execution during 'go get -u'
(boo#1118897)
- CVE-2018-16874: Fix a directory traversal in 'go get' via curly braces in
import paths (boo#1118898)
- CVE-2018-16875: Fix a CPU denial of service issue (boo#1118899)
Other changes and bug fixes:
- Update go requirements to >= go1.10
- Create a symlink in /usr/bin/runc to enable rootless Podman and Buildah.
- Make use of %license macro
- Remove 'go test' from %check section, as it has only ever caused us problems
and hasn't (as far as I remember) ever caught a release-blocking issue. Smoke
testing has been far more useful. (boo#1095817)
- Upgrade to runc v1.0.0~rc6. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc6
Patchnames
openSUSE-2019-170
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for runc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for runc fixes the following issues:\n\nSecurity vulnerabilities addressed:\n\n- CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid\n write attacks to the host runc binary, which could lead to a container\n breakout (bsc#1121967)\n- CVE-2018-16873: Fix a remote command execution during \u0027go get -u\u0027\n (boo#1118897)\n- CVE-2018-16874: Fix a directory traversal in \u0027go get\u0027 via curly braces in\n import paths (boo#1118898)\n- CVE-2018-16875: Fix a CPU denial of service issue (boo#1118899)\n\nOther changes and bug fixes:\n\n- Update go requirements to \u003e= go1.10\n- Create a symlink in /usr/bin/runc to enable rootless Podman and Buildah.\n- Make use of %license macro\n- Remove \u0027go test\u0027 from %check section, as it has only ever caused us problems\n and hasn\u0027t (as far as I remember) ever caught a release-blocking issue. Smoke\n testing has been far more useful. (boo#1095817)\n- Upgrade to runc v1.0.0~rc6. Upstream changelog is available from\n https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc6\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-170",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_0170-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:0170-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/K5SY7VBRVPPL5WRVFFIC7CSECFNB3NGY/#K5SY7VBRVPPL5WRVFFIC7CSECFNB3NGY"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:0170-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/K5SY7VBRVPPL5WRVFFIC7CSECFNB3NGY/#K5SY7VBRVPPL5WRVFFIC7CSECFNB3NGY"
},
{
"category": "self",
"summary": "SUSE Bug 1095817",
"url": "https://bugzilla.suse.com/1095817"
},
{
"category": "self",
"summary": "SUSE Bug 1118897",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "self",
"summary": "SUSE Bug 1118898",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "self",
"summary": "SUSE Bug 1118899",
"url": "https://bugzilla.suse.com/1118899"
},
{
"category": "self",
"summary": "SUSE Bug 1121967",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5736 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5736/"
}
],
"title": "Security update for runc",
"tracking": {
"current_release_date": "2019-02-13T16:51:49Z",
"generator": {
"date": "2019-02-13T16:51:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:0170-1",
"initial_release_date": "2019-02-13T16:51:49Z",
"revision_history": [
{
"date": "2019-02-13T16:51:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.0~rc6-bp150.2.3.1.aarch64",
"product": {
"name": "runc-1.0.0~rc6-bp150.2.3.1.aarch64",
"product_id": "runc-1.0.0~rc6-bp150.2.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-test-1.0.0~rc6-bp150.2.3.1.noarch",
"product": {
"name": "runc-test-1.0.0~rc6-bp150.2.3.1.noarch",
"product_id": "runc-test-1.0.0~rc6-bp150.2.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.0~rc6-bp150.2.3.1.ppc64le",
"product": {
"name": "runc-1.0.0~rc6-bp150.2.3.1.ppc64le",
"product_id": "runc-1.0.0~rc6-bp150.2.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.0~rc6-bp150.2.3.1.s390x",
"product": {
"name": "runc-1.0.0~rc6-bp150.2.3.1.s390x",
"product_id": "runc-1.0.0~rc6-bp150.2.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "runc-1.0.0~rc6-bp150.2.3.1.x86_64",
"product": {
"name": "runc-1.0.0~rc6-bp150.2.3.1.x86_64",
"product_id": "runc-1.0.0~rc6-bp150.2.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15",
"product": {
"name": "SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.0~rc6-bp150.2.3.1.aarch64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.aarch64"
},
"product_reference": "runc-1.0.0~rc6-bp150.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.0~rc6-bp150.2.3.1.ppc64le as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.ppc64le"
},
"product_reference": "runc-1.0.0~rc6-bp150.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.0~rc6-bp150.2.3.1.s390x as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.s390x"
},
"product_reference": "runc-1.0.0~rc6-bp150.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.0~rc6-bp150.2.3.1.x86_64 as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.x86_64"
},
"product_reference": "runc-1.0.0~rc6-bp150.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-test-1.0.0~rc6-bp150.2.3.1.noarch as component of SUSE Package Hub 15",
"product_id": "SUSE Package Hub 15:runc-test-1.0.0~rc6-bp150.2.3.1.noarch"
},
"product_reference": "runc-test-1.0.0~rc6-bp150.2.3.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.aarch64",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.ppc64le",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.s390x",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.x86_64",
"SUSE Package Hub 15:runc-test-1.0.0~rc6-bp150.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.aarch64",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.ppc64le",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.s390x",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.x86_64",
"SUSE Package Hub 15:runc-test-1.0.0~rc6-bp150.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.aarch64",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.ppc64le",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.s390x",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.x86_64",
"SUSE Package Hub 15:runc-test-1.0.0~rc6-bp150.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-13T16:51:49Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.aarch64",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.ppc64le",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.s390x",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.x86_64",
"SUSE Package Hub 15:runc-test-1.0.0~rc6-bp150.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.aarch64",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.ppc64le",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.s390x",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.x86_64",
"SUSE Package Hub 15:runc-test-1.0.0~rc6-bp150.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.aarch64",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.ppc64le",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.s390x",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.x86_64",
"SUSE Package Hub 15:runc-test-1.0.0~rc6-bp150.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-13T16:51:49Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.aarch64",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.ppc64le",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.s390x",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.x86_64",
"SUSE Package Hub 15:runc-test-1.0.0~rc6-bp150.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.aarch64",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.ppc64le",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.s390x",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.x86_64",
"SUSE Package Hub 15:runc-test-1.0.0~rc6-bp150.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.aarch64",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.ppc64le",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.s390x",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.x86_64",
"SUSE Package Hub 15:runc-test-1.0.0~rc6-bp150.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-13T16:51:49Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
},
{
"cve": "CVE-2019-5736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5736"
}
],
"notes": [
{
"category": "general",
"text": "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.aarch64",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.ppc64le",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.s390x",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.x86_64",
"SUSE Package Hub 15:runc-test-1.0.0~rc6-bp150.2.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5736",
"url": "https://www.suse.com/security/cve/CVE-2019-5736"
},
{
"category": "external",
"summary": "SUSE Bug 1121967 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "external",
"summary": "SUSE Bug 1122185 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1122185"
},
{
"category": "external",
"summary": "SUSE Bug 1173421 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1173421"
},
{
"category": "external",
"summary": "SUSE Bug 1218894 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1218894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.aarch64",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.ppc64le",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.s390x",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.x86_64",
"SUSE Package Hub 15:runc-test-1.0.0~rc6-bp150.2.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.aarch64",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.ppc64le",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.s390x",
"SUSE Package Hub 15:runc-1.0.0~rc6-bp150.2.3.1.x86_64",
"SUSE Package Hub 15:runc-test-1.0.0~rc6-bp150.2.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-13T16:51:49Z",
"details": "moderate"
}
],
"title": "CVE-2019-5736"
}
]
}
suse-su-2018:4297-1
Vulnerability from csaf_suse
Published
2018-12-28 17:39
Modified
2018-12-28 17:39
Summary
Security update for containerd, docker and go
Notes
Title of the patch
Security update for containerd, docker and go
Description of the patch
This update for containerd, docker and go fixes the following issues:
containerd and docker:
- Add backport for building containerd (bsc#1102522, bsc#1113313)
- Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce.
(bsc#1102522)
- Enable seccomp support on SLE12 (fate#325877)
- Update to containerd v1.1.1, which is the required version for the Docker
v18.06.0-ce upgrade. (bsc#1102522)
- Put containerd under the podruntime slice (bsc#1086185)
- 3rd party registries used the default Docker certificate (bsc#1084533)
- Handle build breakage due to missing 'export GOPATH' (caused by resolution of
boo#1119634). I believe Docker is one of the only packages with this problem.
go:
- golang: arbitrary command execution via VCS path (bsc#1081495, CVE-2018-7187)
- Make profile.d/go.sh no longer set GOROOT=, in order to make switching
between versions no longer break. This ends up removing the need for go.sh
entirely (because GOPATH is also set automatically) (boo#1119634)
- Fix a regression that broke go get for import path patterns containing '...'
(bsc#1119706)
Additionally, the package go1.10 has been added.
Patchnames
SUSE-SLE-Module-Containers-15-2018-3064,SUSE-SLE-Module-Development-Tools-OBS-15-2018-3064
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for containerd, docker and go",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for containerd, docker and go fixes the following issues:\n\ncontainerd and docker:\n\n- Add backport for building containerd (bsc#1102522, bsc#1113313)\n- Upgrade to containerd v1.1.2, which is required for Docker v18.06.1-ce.\n (bsc#1102522)\n- Enable seccomp support on SLE12 (fate#325877)\n- Update to containerd v1.1.1, which is the required version for the Docker\n v18.06.0-ce upgrade. (bsc#1102522)\n- Put containerd under the podruntime slice (bsc#1086185) \n- 3rd party registries used the default Docker certificate (bsc#1084533)\n- Handle build breakage due to missing \u0027export GOPATH\u0027 (caused by resolution of\n boo#1119634). I believe Docker is one of the only packages with this problem.\n\ngo:\n \n- golang: arbitrary command execution via VCS path (bsc#1081495, CVE-2018-7187)\n- Make profile.d/go.sh no longer set GOROOT=, in order to make switching\n between versions no longer break. This ends up removing the need for go.sh\n entirely (because GOPATH is also set automatically) (boo#1119634)\n- Fix a regression that broke go get for import path patterns containing \u0027...\u0027\n (bsc#1119706)\n\nAdditionally, the package go1.10 has been added.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Module-Containers-15-2018-3064,SUSE-SLE-Module-Development-Tools-OBS-15-2018-3064",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_4297-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:4297-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20184297-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:4297-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-December/005006.html"
},
{
"category": "self",
"summary": "SUSE Bug 1047218",
"url": "https://bugzilla.suse.com/1047218"
},
{
"category": "self",
"summary": "SUSE Bug 1074971",
"url": "https://bugzilla.suse.com/1074971"
},
{
"category": "self",
"summary": "SUSE Bug 1080978",
"url": "https://bugzilla.suse.com/1080978"
},
{
"category": "self",
"summary": "SUSE Bug 1081495",
"url": "https://bugzilla.suse.com/1081495"
},
{
"category": "self",
"summary": "SUSE Bug 1084533",
"url": "https://bugzilla.suse.com/1084533"
},
{
"category": "self",
"summary": "SUSE Bug 1086185",
"url": "https://bugzilla.suse.com/1086185"
},
{
"category": "self",
"summary": "SUSE Bug 1094680",
"url": "https://bugzilla.suse.com/1094680"
},
{
"category": "self",
"summary": "SUSE Bug 1095817",
"url": "https://bugzilla.suse.com/1095817"
},
{
"category": "self",
"summary": "SUSE Bug 1098017",
"url": "https://bugzilla.suse.com/1098017"
},
{
"category": "self",
"summary": "SUSE Bug 1102522",
"url": "https://bugzilla.suse.com/1102522"
},
{
"category": "self",
"summary": "SUSE Bug 1104821",
"url": "https://bugzilla.suse.com/1104821"
},
{
"category": "self",
"summary": "SUSE Bug 1105000",
"url": "https://bugzilla.suse.com/1105000"
},
{
"category": "self",
"summary": "SUSE Bug 1108038",
"url": "https://bugzilla.suse.com/1108038"
},
{
"category": "self",
"summary": "SUSE Bug 1113313",
"url": "https://bugzilla.suse.com/1113313"
},
{
"category": "self",
"summary": "SUSE Bug 1113978",
"url": "https://bugzilla.suse.com/1113978"
},
{
"category": "self",
"summary": "SUSE Bug 1114209",
"url": "https://bugzilla.suse.com/1114209"
},
{
"category": "self",
"summary": "SUSE Bug 1118897",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "self",
"summary": "SUSE Bug 1118898",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "self",
"summary": "SUSE Bug 1118899",
"url": "https://bugzilla.suse.com/1118899"
},
{
"category": "self",
"summary": "SUSE Bug 1119634",
"url": "https://bugzilla.suse.com/1119634"
},
{
"category": "self",
"summary": "SUSE Bug 1119706",
"url": "https://bugzilla.suse.com/1119706"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7187 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7187/"
}
],
"title": "Security update for containerd, docker and go",
"tracking": {
"current_release_date": "2018-12-28T17:39:11Z",
"generator": {
"date": "2018-12-28T17:39:11Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:4297-1",
"initial_release_date": "2018-12-28T17:39:11Z",
"revision_history": [
{
"date": "2018-12-28T17:39:11Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-bash-completion-18.06.1_ce-6.8.2.noarch",
"product": {
"name": "docker-bash-completion-18.06.1_ce-6.8.2.noarch",
"product_id": "docker-bash-completion-18.06.1_ce-6.8.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.1.2-5.3.4.ppc64le",
"product": {
"name": "containerd-1.1.2-5.3.4.ppc64le",
"product_id": "containerd-1.1.2-5.3.4.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-18.06.1_ce-6.8.2.ppc64le",
"product": {
"name": "docker-18.06.1_ce-6.8.2.ppc64le",
"product_id": "docker-18.06.1_ce-6.8.2.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.ppc64le",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.ppc64le",
"product_id": "docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.ppc64le",
"product": {
"name": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.ppc64le",
"product_id": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.1.2-5.3.4.s390x",
"product": {
"name": "containerd-1.1.2-5.3.4.s390x",
"product_id": "containerd-1.1.2-5.3.4.s390x"
}
},
{
"category": "product_version",
"name": "docker-18.06.1_ce-6.8.2.s390x",
"product": {
"name": "docker-18.06.1_ce-6.8.2.s390x",
"product_id": "docker-18.06.1_ce-6.8.2.s390x"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.s390x",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.s390x",
"product_id": "docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.s390x"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.s390x",
"product": {
"name": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.s390x",
"product_id": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.1.2-5.3.4.x86_64",
"product": {
"name": "containerd-1.1.2-5.3.4.x86_64",
"product_id": "containerd-1.1.2-5.3.4.x86_64"
}
},
{
"category": "product_version",
"name": "docker-18.06.1_ce-6.8.2.x86_64",
"product": {
"name": "docker-18.06.1_ce-6.8.2.x86_64",
"product_id": "docker-18.06.1_ce-6.8.2.x86_64"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.x86_64",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.x86_64",
"product_id": "docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.x86_64"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.x86_64",
"product": {
"name": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.x86_64",
"product_id": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.1.2-5.3.4.ppc64le as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.ppc64le"
},
"product_reference": "containerd-1.1.2-5.3.4.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.1.2-5.3.4.s390x as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.s390x"
},
"product_reference": "containerd-1.1.2-5.3.4.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.1.2-5.3.4.x86_64 as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.x86_64"
},
"product_reference": "containerd-1.1.2-5.3.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-18.06.1_ce-6.8.2.ppc64le as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.ppc64le"
},
"product_reference": "docker-18.06.1_ce-6.8.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-18.06.1_ce-6.8.2.s390x as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.s390x"
},
"product_reference": "docker-18.06.1_ce-6.8.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-18.06.1_ce-6.8.2.x86_64 as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.x86_64"
},
"product_reference": "docker-18.06.1_ce-6.8.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-18.06.1_ce-6.8.2.noarch as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.06.1_ce-6.8.2.noarch"
},
"product_reference": "docker-bash-completion-18.06.1_ce-6.8.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.ppc64le as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.ppc64le"
},
"product_reference": "docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.s390x as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.s390x"
},
"product_reference": "docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.x86_64 as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.x86_64"
},
"product_reference": "docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.ppc64le as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.ppc64le"
},
"product_reference": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.s390x as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.s390x"
},
"product_reference": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.x86_64 as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.x86_64"
},
"product_reference": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.06.1_ce-6.8.2.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.06.1_ce-6.8.2.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.06.1_ce-6.8.2.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-28T17:39:11Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.06.1_ce-6.8.2.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.06.1_ce-6.8.2.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.06.1_ce-6.8.2.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-28T17:39:11Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.06.1_ce-6.8.2.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.06.1_ce-6.8.2.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.06.1_ce-6.8.2.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-28T17:39:11Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
},
{
"cve": "CVE-2018-7187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7187"
}
],
"notes": [
{
"category": "general",
"text": "The \"go get\" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for \"://\" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.06.1_ce-6.8.2.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7187",
"url": "https://www.suse.com/security/cve/CVE-2018-7187"
},
{
"category": "external",
"summary": "SUSE Bug 1080006 for CVE-2018-7187",
"url": "https://bugzilla.suse.com/1080006"
},
{
"category": "external",
"summary": "SUSE Bug 1081495 for CVE-2018-7187",
"url": "https://bugzilla.suse.com/1081495"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.06.1_ce-6.8.2.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.3.4.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.06.1_ce-6.8.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.06.1_ce-6.8.2.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3.5.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-28T17:39:11Z",
"details": "moderate"
}
],
"title": "CVE-2018-7187"
}
]
}
suse-su-2019:0573-1
Vulnerability from csaf_suse
Published
2019-03-08 12:49
Modified
2019-03-08 12:49
Summary
Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc
Notes
Title of the patch
Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc
Description of the patch
This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues:
Security issues fixed:
- CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899).
- CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898).
- CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897).
- CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container
breakout (bsc#1121967).
Other changes and bug fixes:
- Update shell completion to use Group: System/Shells.
- Add daemon.json file with rotation logs configuration (bsc#1114832)
- Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84.
See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md.
- Disable leap based builds for kubic flavor (bsc#1121412).
- Allow users to explicitly specify the NIS domain name of a container (bsc#1001161).
- Update docker.service to match upstream and avoid rlimit problems (bsc#1112980).
- Update go requirements to >= go1.10
- Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429).
- Remove the usage of 'cp -r' to reduce noise in the build logs.
Patchnames
SUSE-2019-573,SUSE-OpenStack-Cloud-6-LTSS-2019-573,SUSE-SLE-Module-Containers-12-2019-573
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899).\n- CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898).\n- CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897).\n- CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container\n breakout (bsc#1121967).\n\nOther changes and bug fixes:\n\n- Update shell completion to use Group: System/Shells.\n- Add daemon.json file with rotation logs configuration (bsc#1114832)\n- Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84.\n See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md.\n- Disable leap based builds for kubic flavor (bsc#1121412).\n- Allow users to explicitly specify the NIS domain name of a container (bsc#1001161).\n- Update docker.service to match upstream and avoid rlimit problems (bsc#1112980).\n- Update go requirements to \u003e= go1.10 \n- Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429).\n- Remove the usage of \u0027cp -r\u0027 to reduce noise in the build logs.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-573,SUSE-OpenStack-Cloud-6-LTSS-2019-573,SUSE-SLE-Module-Containers-12-2019-573",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0573-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0573-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190573-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0573-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-March/005178.html"
},
{
"category": "self",
"summary": "SUSE Bug 1001161",
"url": "https://bugzilla.suse.com/1001161"
},
{
"category": "self",
"summary": "SUSE Bug 1048046",
"url": "https://bugzilla.suse.com/1048046"
},
{
"category": "self",
"summary": "SUSE Bug 1051429",
"url": "https://bugzilla.suse.com/1051429"
},
{
"category": "self",
"summary": "SUSE Bug 1112980",
"url": "https://bugzilla.suse.com/1112980"
},
{
"category": "self",
"summary": "SUSE Bug 1114832",
"url": "https://bugzilla.suse.com/1114832"
},
{
"category": "self",
"summary": "SUSE Bug 1118897",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "self",
"summary": "SUSE Bug 1118898",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "self",
"summary": "SUSE Bug 1118899",
"url": "https://bugzilla.suse.com/1118899"
},
{
"category": "self",
"summary": "SUSE Bug 1121412",
"url": "https://bugzilla.suse.com/1121412"
},
{
"category": "self",
"summary": "SUSE Bug 1121967",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "self",
"summary": "SUSE Bug 1124308",
"url": "https://bugzilla.suse.com/1124308"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9962 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9962/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5736 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5736/"
}
],
"title": "Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc",
"tracking": {
"current_release_date": "2019-03-08T12:49:44Z",
"generator": {
"date": "2019-03-08T12:49:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0573-1",
"initial_release_date": "2019-03-08T12:49:44Z",
"revision_history": [
{
"date": "2019-03-08T12:49:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.2.2-16.14.2.aarch64",
"product": {
"name": "containerd-1.2.2-16.14.2.aarch64",
"product_id": "containerd-1.2.2-16.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.2.2-16.14.2.aarch64",
"product": {
"name": "containerd-ctr-1.2.2-16.14.2.aarch64",
"product_id": "containerd-ctr-1.2.2-16.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "containerd-kubic-1.2.2-16.14.2.aarch64",
"product": {
"name": "containerd-kubic-1.2.2-16.14.2.aarch64",
"product_id": "containerd-kubic-1.2.2-16.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "containerd-kubic-ctr-1.2.2-16.14.2.aarch64",
"product": {
"name": "containerd-kubic-ctr-1.2.2-16.14.2.aarch64",
"product_id": "containerd-kubic-ctr-1.2.2-16.14.2.aarch64"
}
},
{
"category": "product_version",
"name": "docker-18.09.1_ce-98.34.2.aarch64",
"product": {
"name": "docker-18.09.1_ce-98.34.2.aarch64",
"product_id": "docker-18.09.1_ce-98.34.2.aarch64"
}
},
{
"category": "product_version",
"name": "docker-kubic-18.09.1_ce-98.34.2.aarch64",
"product": {
"name": "docker-kubic-18.09.1_ce-98.34.2.aarch64",
"product_id": "docker-kubic-18.09.1_ce-98.34.2.aarch64"
}
},
{
"category": "product_version",
"name": "docker-kubic-kubeadm-criconfig-18.09.1_ce-98.34.2.aarch64",
"product": {
"name": "docker-kubic-kubeadm-criconfig-18.09.1_ce-98.34.2.aarch64",
"product_id": "docker-kubic-kubeadm-criconfig-18.09.1_ce-98.34.2.aarch64"
}
},
{
"category": "product_version",
"name": "docker-kubic-test-18.09.1_ce-98.34.2.aarch64",
"product": {
"name": "docker-kubic-test-18.09.1_ce-98.34.2.aarch64",
"product_id": "docker-kubic-test-18.09.1_ce-98.34.2.aarch64"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.aarch64",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.aarch64",
"product_id": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.aarch64"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.aarch64",
"product": {
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.aarch64",
"product_id": "docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.aarch64"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.aarch64",
"product": {
"name": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.aarch64",
"product_id": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.aarch64"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.aarch64",
"product": {
"name": "docker-runc-kubic-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.aarch64",
"product_id": "docker-runc-kubic-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.aarch64"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.1_ce-98.34.2.aarch64",
"product": {
"name": "docker-test-18.09.1_ce-98.34.2.aarch64",
"product_id": "docker-test-18.09.1_ce-98.34.2.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.aarch64",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.aarch64",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.aarch64",
"product": {
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.aarch64",
"product_id": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.2.2-16.14.2.i586",
"product": {
"name": "containerd-1.2.2-16.14.2.i586",
"product_id": "containerd-1.2.2-16.14.2.i586"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.2.2-16.14.2.i586",
"product": {
"name": "containerd-ctr-1.2.2-16.14.2.i586",
"product_id": "containerd-ctr-1.2.2-16.14.2.i586"
}
},
{
"category": "product_version",
"name": "containerd-kubic-1.2.2-16.14.2.i586",
"product": {
"name": "containerd-kubic-1.2.2-16.14.2.i586",
"product_id": "containerd-kubic-1.2.2-16.14.2.i586"
}
},
{
"category": "product_version",
"name": "containerd-kubic-ctr-1.2.2-16.14.2.i586",
"product": {
"name": "containerd-kubic-ctr-1.2.2-16.14.2.i586",
"product_id": "containerd-kubic-ctr-1.2.2-16.14.2.i586"
}
},
{
"category": "product_version",
"name": "docker-18.09.1_ce-98.34.2.i586",
"product": {
"name": "docker-18.09.1_ce-98.34.2.i586",
"product_id": "docker-18.09.1_ce-98.34.2.i586"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.i586",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.i586",
"product_id": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.i586"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.i586",
"product": {
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.i586",
"product_id": "docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.i586"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.i586",
"product": {
"name": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.i586",
"product_id": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.i586"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.i586",
"product": {
"name": "docker-runc-kubic-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.i586",
"product_id": "docker-runc-kubic-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.i586"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.1_ce-98.34.2.i586",
"product": {
"name": "docker-test-18.09.1_ce-98.34.2.i586",
"product_id": "docker-test-18.09.1_ce-98.34.2.i586"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.i586",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.i586",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.i586"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.i586",
"product": {
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.i586",
"product_id": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-kubic-test-1.2.2-16.14.2.noarch",
"product": {
"name": "containerd-kubic-test-1.2.2-16.14.2.noarch",
"product_id": "containerd-kubic-test-1.2.2-16.14.2.noarch"
}
},
{
"category": "product_version",
"name": "containerd-test-1.2.2-16.14.2.noarch",
"product": {
"name": "containerd-test-1.2.2-16.14.2.noarch",
"product_id": "containerd-test-1.2.2-16.14.2.noarch"
}
},
{
"category": "product_version",
"name": "docker-bash-completion-18.09.1_ce-98.34.2.noarch",
"product": {
"name": "docker-bash-completion-18.09.1_ce-98.34.2.noarch",
"product_id": "docker-bash-completion-18.09.1_ce-98.34.2.noarch"
}
},
{
"category": "product_version",
"name": "docker-kubic-bash-completion-18.09.1_ce-98.34.2.noarch",
"product": {
"name": "docker-kubic-bash-completion-18.09.1_ce-98.34.2.noarch",
"product_id": "docker-kubic-bash-completion-18.09.1_ce-98.34.2.noarch"
}
},
{
"category": "product_version",
"name": "docker-kubic-zsh-completion-18.09.1_ce-98.34.2.noarch",
"product": {
"name": "docker-kubic-zsh-completion-18.09.1_ce-98.34.2.noarch",
"product_id": "docker-kubic-zsh-completion-18.09.1_ce-98.34.2.noarch"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-test-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.noarch",
"product": {
"name": "docker-runc-kubic-test-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.noarch",
"product_id": "docker-runc-kubic-test-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.noarch"
}
},
{
"category": "product_version",
"name": "docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.noarch",
"product": {
"name": "docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.noarch",
"product_id": "docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.noarch"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-18.09.1_ce-98.34.2.noarch",
"product": {
"name": "docker-zsh-completion-18.09.1_ce-98.34.2.noarch",
"product_id": "docker-zsh-completion-18.09.1_ce-98.34.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.2.2-16.14.2.ppc64le",
"product": {
"name": "containerd-1.2.2-16.14.2.ppc64le",
"product_id": "containerd-1.2.2-16.14.2.ppc64le"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.2.2-16.14.2.ppc64le",
"product": {
"name": "containerd-ctr-1.2.2-16.14.2.ppc64le",
"product_id": "containerd-ctr-1.2.2-16.14.2.ppc64le"
}
},
{
"category": "product_version",
"name": "containerd-kubic-1.2.2-16.14.2.ppc64le",
"product": {
"name": "containerd-kubic-1.2.2-16.14.2.ppc64le",
"product_id": "containerd-kubic-1.2.2-16.14.2.ppc64le"
}
},
{
"category": "product_version",
"name": "containerd-kubic-ctr-1.2.2-16.14.2.ppc64le",
"product": {
"name": "containerd-kubic-ctr-1.2.2-16.14.2.ppc64le",
"product_id": "containerd-kubic-ctr-1.2.2-16.14.2.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-18.09.1_ce-98.34.2.ppc64le",
"product": {
"name": "docker-18.09.1_ce-98.34.2.ppc64le",
"product_id": "docker-18.09.1_ce-98.34.2.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-kubic-18.09.1_ce-98.34.2.ppc64le",
"product": {
"name": "docker-kubic-18.09.1_ce-98.34.2.ppc64le",
"product_id": "docker-kubic-18.09.1_ce-98.34.2.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-kubic-kubeadm-criconfig-18.09.1_ce-98.34.2.ppc64le",
"product": {
"name": "docker-kubic-kubeadm-criconfig-18.09.1_ce-98.34.2.ppc64le",
"product_id": "docker-kubic-kubeadm-criconfig-18.09.1_ce-98.34.2.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-kubic-test-18.09.1_ce-98.34.2.ppc64le",
"product": {
"name": "docker-kubic-test-18.09.1_ce-98.34.2.ppc64le",
"product_id": "docker-kubic-test-18.09.1_ce-98.34.2.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.ppc64le",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.ppc64le",
"product_id": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.ppc64le",
"product": {
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.ppc64le",
"product_id": "docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.ppc64le",
"product": {
"name": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.ppc64le",
"product_id": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.ppc64le",
"product": {
"name": "docker-runc-kubic-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.ppc64le",
"product_id": "docker-runc-kubic-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.1_ce-98.34.2.ppc64le",
"product": {
"name": "docker-test-18.09.1_ce-98.34.2.ppc64le",
"product_id": "docker-test-18.09.1_ce-98.34.2.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.ppc64le",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.ppc64le",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.ppc64le",
"product": {
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.ppc64le",
"product_id": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.2.2-16.14.2.s390x",
"product": {
"name": "containerd-1.2.2-16.14.2.s390x",
"product_id": "containerd-1.2.2-16.14.2.s390x"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.2.2-16.14.2.s390x",
"product": {
"name": "containerd-ctr-1.2.2-16.14.2.s390x",
"product_id": "containerd-ctr-1.2.2-16.14.2.s390x"
}
},
{
"category": "product_version",
"name": "containerd-kubic-1.2.2-16.14.2.s390x",
"product": {
"name": "containerd-kubic-1.2.2-16.14.2.s390x",
"product_id": "containerd-kubic-1.2.2-16.14.2.s390x"
}
},
{
"category": "product_version",
"name": "containerd-kubic-ctr-1.2.2-16.14.2.s390x",
"product": {
"name": "containerd-kubic-ctr-1.2.2-16.14.2.s390x",
"product_id": "containerd-kubic-ctr-1.2.2-16.14.2.s390x"
}
},
{
"category": "product_version",
"name": "docker-18.09.1_ce-98.34.2.s390x",
"product": {
"name": "docker-18.09.1_ce-98.34.2.s390x",
"product_id": "docker-18.09.1_ce-98.34.2.s390x"
}
},
{
"category": "product_version",
"name": "docker-kubic-18.09.1_ce-98.34.2.s390x",
"product": {
"name": "docker-kubic-18.09.1_ce-98.34.2.s390x",
"product_id": "docker-kubic-18.09.1_ce-98.34.2.s390x"
}
},
{
"category": "product_version",
"name": "docker-kubic-kubeadm-criconfig-18.09.1_ce-98.34.2.s390x",
"product": {
"name": "docker-kubic-kubeadm-criconfig-18.09.1_ce-98.34.2.s390x",
"product_id": "docker-kubic-kubeadm-criconfig-18.09.1_ce-98.34.2.s390x"
}
},
{
"category": "product_version",
"name": "docker-kubic-test-18.09.1_ce-98.34.2.s390x",
"product": {
"name": "docker-kubic-test-18.09.1_ce-98.34.2.s390x",
"product_id": "docker-kubic-test-18.09.1_ce-98.34.2.s390x"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.s390x",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.s390x",
"product_id": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.s390x"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.s390x",
"product": {
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.s390x",
"product_id": "docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.s390x"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.s390x",
"product": {
"name": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.s390x",
"product_id": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.s390x"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.s390x",
"product": {
"name": "docker-runc-kubic-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.s390x",
"product_id": "docker-runc-kubic-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.s390x"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.1_ce-98.34.2.s390x",
"product": {
"name": "docker-test-18.09.1_ce-98.34.2.s390x",
"product_id": "docker-test-18.09.1_ce-98.34.2.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.s390x",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.s390x",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.s390x",
"product": {
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.s390x",
"product_id": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.2.2-16.14.2.x86_64",
"product": {
"name": "containerd-1.2.2-16.14.2.x86_64",
"product_id": "containerd-1.2.2-16.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.2.2-16.14.2.x86_64",
"product": {
"name": "containerd-ctr-1.2.2-16.14.2.x86_64",
"product_id": "containerd-ctr-1.2.2-16.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "containerd-kubic-1.2.2-16.14.2.x86_64",
"product": {
"name": "containerd-kubic-1.2.2-16.14.2.x86_64",
"product_id": "containerd-kubic-1.2.2-16.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "containerd-kubic-ctr-1.2.2-16.14.2.x86_64",
"product": {
"name": "containerd-kubic-ctr-1.2.2-16.14.2.x86_64",
"product_id": "containerd-kubic-ctr-1.2.2-16.14.2.x86_64"
}
},
{
"category": "product_version",
"name": "docker-18.09.1_ce-98.34.2.x86_64",
"product": {
"name": "docker-18.09.1_ce-98.34.2.x86_64",
"product_id": "docker-18.09.1_ce-98.34.2.x86_64"
}
},
{
"category": "product_version",
"name": "docker-kubic-18.09.1_ce-98.34.2.x86_64",
"product": {
"name": "docker-kubic-18.09.1_ce-98.34.2.x86_64",
"product_id": "docker-kubic-18.09.1_ce-98.34.2.x86_64"
}
},
{
"category": "product_version",
"name": "docker-kubic-kubeadm-criconfig-18.09.1_ce-98.34.2.x86_64",
"product": {
"name": "docker-kubic-kubeadm-criconfig-18.09.1_ce-98.34.2.x86_64",
"product_id": "docker-kubic-kubeadm-criconfig-18.09.1_ce-98.34.2.x86_64"
}
},
{
"category": "product_version",
"name": "docker-kubic-test-18.09.1_ce-98.34.2.x86_64",
"product": {
"name": "docker-kubic-test-18.09.1_ce-98.34.2.x86_64",
"product_id": "docker-kubic-test-18.09.1_ce-98.34.2.x86_64"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"product_id": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"product": {
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"product_id": "docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64",
"product": {
"name": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64",
"product_id": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64",
"product": {
"name": "docker-runc-kubic-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64",
"product_id": "docker-runc-kubic-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.1_ce-98.34.2.x86_64",
"product": {
"name": "docker-test-18.09.1_ce-98.34.2.x86_64",
"product_id": "docker-test-18.09.1_ce-98.34.2.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"product": {
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"product_id": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 6-LTSS",
"product": {
"name": "SUSE OpenStack Cloud 6-LTSS",
"product_id": "SUSE OpenStack Cloud 6-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-ltss:6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 12",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.2.2-16.14.2.x86_64 as component of SUSE OpenStack Cloud 6-LTSS",
"product_id": "SUSE OpenStack Cloud 6-LTSS:containerd-1.2.2-16.14.2.x86_64"
},
"product_reference": "containerd-1.2.2-16.14.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-18.09.1_ce-98.34.2.x86_64 as component of SUSE OpenStack Cloud 6-LTSS",
"product_id": "SUSE OpenStack Cloud 6-LTSS:docker-18.09.1_ce-98.34.2.x86_64"
},
"product_reference": "docker-18.09.1_ce-98.34.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64 as component of SUSE OpenStack Cloud 6-LTSS",
"product_id": "SUSE OpenStack Cloud 6-LTSS:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64"
},
"product_reference": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64 as component of SUSE OpenStack Cloud 6-LTSS",
"product_id": "SUSE OpenStack Cloud 6-LTSS:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64"
},
"product_reference": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.2.2-16.14.2.ppc64le as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.ppc64le"
},
"product_reference": "containerd-1.2.2-16.14.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.2.2-16.14.2.s390x as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.s390x"
},
"product_reference": "containerd-1.2.2-16.14.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.2.2-16.14.2.x86_64 as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.x86_64"
},
"product_reference": "containerd-1.2.2-16.14.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-18.09.1_ce-98.34.2.ppc64le as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.ppc64le"
},
"product_reference": "docker-18.09.1_ce-98.34.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-18.09.1_ce-98.34.2.s390x as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.s390x"
},
"product_reference": "docker-18.09.1_ce-98.34.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-18.09.1_ce-98.34.2.x86_64 as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.x86_64"
},
"product_reference": "docker-18.09.1_ce-98.34.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.ppc64le as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.ppc64le"
},
"product_reference": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.s390x as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.s390x"
},
"product_reference": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64 as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64"
},
"product_reference": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.ppc64le as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.ppc64le"
},
"product_reference": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.s390x as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.s390x"
},
"product_reference": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64 as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64"
},
"product_reference": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-9962",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9962"
}
],
"notes": [
{
"category": "general",
"text": "RunC allowed additional container processes via \u0027runc exec\u0027 to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:containerd-1.2.2-16.14.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-18.09.1_ce-98.34.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9962",
"url": "https://www.suse.com/security/cve/CVE-2016-9962"
},
{
"category": "external",
"summary": "SUSE Bug 1012568 for CVE-2016-9962",
"url": "https://bugzilla.suse.com/1012568"
},
{
"category": "external",
"summary": "SUSE Bug 1173425 for CVE-2016-9962",
"url": "https://bugzilla.suse.com/1173425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:containerd-1.2.2-16.14.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-18.09.1_ce-98.34.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:containerd-1.2.2-16.14.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-18.09.1_ce-98.34.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-08T12:49:44Z",
"details": "moderate"
}
],
"title": "CVE-2016-9962"
},
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:containerd-1.2.2-16.14.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-18.09.1_ce-98.34.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:containerd-1.2.2-16.14.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-18.09.1_ce-98.34.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:containerd-1.2.2-16.14.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-18.09.1_ce-98.34.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-08T12:49:44Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:containerd-1.2.2-16.14.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-18.09.1_ce-98.34.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:containerd-1.2.2-16.14.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-18.09.1_ce-98.34.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:containerd-1.2.2-16.14.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-18.09.1_ce-98.34.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-08T12:49:44Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:containerd-1.2.2-16.14.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-18.09.1_ce-98.34.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:containerd-1.2.2-16.14.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-18.09.1_ce-98.34.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:containerd-1.2.2-16.14.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-18.09.1_ce-98.34.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-08T12:49:44Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
},
{
"cve": "CVE-2019-5736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5736"
}
],
"notes": [
{
"category": "general",
"text": "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:containerd-1.2.2-16.14.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-18.09.1_ce-98.34.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5736",
"url": "https://www.suse.com/security/cve/CVE-2019-5736"
},
{
"category": "external",
"summary": "SUSE Bug 1121967 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "external",
"summary": "SUSE Bug 1122185 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1122185"
},
{
"category": "external",
"summary": "SUSE Bug 1173421 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1173421"
},
{
"category": "external",
"summary": "SUSE Bug 1218894 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1218894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:containerd-1.2.2-16.14.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-18.09.1_ce-98.34.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.2-16.14.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.1_ce-98.34.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:containerd-1.2.2-16.14.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-18.09.1_ce-98.34.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16.2.x86_64",
"SUSE OpenStack Cloud 6-LTSS:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-08T12:49:44Z",
"details": "moderate"
}
],
"title": "CVE-2019-5736"
}
]
}
suse-su-2019:0286-1
Vulnerability from csaf_suse
Published
2019-02-07 12:45
Modified
2019-02-07 12:45
Summary
Security update for docker
Notes
Title of the patch
Security update for docker
Description of the patch
This update for containerd, docker, docker-runc and golang-github-docker-libnetwork fixes the following issues:
Security issues fixed for containerd, docker, docker-runc and golang-github-docker-libnetwork:
- CVE-2018-16873: cmd/go: remote command execution during 'go get -u' (bsc#1118897)
- CVE-2018-16874: cmd/go: directory traversal in 'go get' via curly braces in import paths (bsc#1118898)
- CVE-2018-16875: crypto/x509: CPU denial of service (bsc#1118899)
Non-security issues fixed for docker:
- Disable leap based builds for kubic flavor (bsc#1121412)
- Allow users to explicitly specify the NIS domainname of a container (bsc#1001161)
- Update docker.service to match upstream and avoid rlimit problems (bsc#1112980)
- Allow docker images larger then 23GB (bsc#1118990)
- Docker version update to version 18.09.0-ce (bsc#1115464)
Patchnames
SUSE-2019-286,SUSE-SLE-Module-Containers-15-2019-286,SUSE-SLE-Module-Development-Tools-OBS-15-2019-286
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for docker",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for containerd, docker, docker-runc and golang-github-docker-libnetwork fixes the following issues:\n\nSecurity issues fixed for containerd, docker, docker-runc and golang-github-docker-libnetwork:\n\n- CVE-2018-16873: cmd/go: remote command execution during \u0027go get -u\u0027 (bsc#1118897)\n- CVE-2018-16874: cmd/go: directory traversal in \u0027go get\u0027 via curly braces in import paths (bsc#1118898)\n- CVE-2018-16875: crypto/x509: CPU denial of service (bsc#1118899)\n\nNon-security issues fixed for docker:\n\n- Disable leap based builds for kubic flavor (bsc#1121412)\n- Allow users to explicitly specify the NIS domainname of a container (bsc#1001161)\n- Update docker.service to match upstream and avoid rlimit problems (bsc#1112980)\n- Allow docker images larger then 23GB (bsc#1118990)\n- Docker version update to version 18.09.0-ce (bsc#1115464)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-286,SUSE-SLE-Module-Containers-15-2019-286,SUSE-SLE-Module-Development-Tools-OBS-15-2019-286",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0286-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0286-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190286-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0286-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-February/005093.html"
},
{
"category": "self",
"summary": "SUSE Bug 1001161",
"url": "https://bugzilla.suse.com/1001161"
},
{
"category": "self",
"summary": "SUSE Bug 1112980",
"url": "https://bugzilla.suse.com/1112980"
},
{
"category": "self",
"summary": "SUSE Bug 1115464",
"url": "https://bugzilla.suse.com/1115464"
},
{
"category": "self",
"summary": "SUSE Bug 1118897",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "self",
"summary": "SUSE Bug 1118898",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "self",
"summary": "SUSE Bug 1118899",
"url": "https://bugzilla.suse.com/1118899"
},
{
"category": "self",
"summary": "SUSE Bug 1118990",
"url": "https://bugzilla.suse.com/1118990"
},
{
"category": "self",
"summary": "SUSE Bug 1121412",
"url": "https://bugzilla.suse.com/1121412"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
}
],
"title": "Security update for docker",
"tracking": {
"current_release_date": "2019-02-07T12:45:30Z",
"generator": {
"date": "2019-02-07T12:45:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0286-1",
"initial_release_date": "2019-02-07T12:45:30Z",
"revision_history": [
{
"date": "2019-02-07T12:45:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.1.2-5.6.1.aarch64",
"product": {
"name": "containerd-1.1.2-5.6.1.aarch64",
"product_id": "containerd-1.1.2-5.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.1.2-5.6.1.aarch64",
"product": {
"name": "containerd-ctr-1.1.2-5.6.1.aarch64",
"product_id": "containerd-ctr-1.1.2-5.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "containerd-kubic-1.1.2-5.6.1.aarch64",
"product": {
"name": "containerd-kubic-1.1.2-5.6.1.aarch64",
"product_id": "containerd-kubic-1.1.2-5.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "containerd-kubic-ctr-1.1.2-5.6.1.aarch64",
"product": {
"name": "containerd-kubic-ctr-1.1.2-5.6.1.aarch64",
"product_id": "containerd-kubic-ctr-1.1.2-5.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-18.09.0_ce-6.11.2.aarch64",
"product": {
"name": "docker-18.09.0_ce-6.11.2.aarch64",
"product_id": "docker-18.09.0_ce-6.11.2.aarch64"
}
},
{
"category": "product_version",
"name": "docker-kubic-18.09.0_ce-6.11.2.aarch64",
"product": {
"name": "docker-kubic-18.09.0_ce-6.11.2.aarch64",
"product_id": "docker-kubic-18.09.0_ce-6.11.2.aarch64"
}
},
{
"category": "product_version",
"name": "docker-kubic-kubeadm-criconfig-18.09.0_ce-6.11.2.aarch64",
"product": {
"name": "docker-kubic-kubeadm-criconfig-18.09.0_ce-6.11.2.aarch64",
"product_id": "docker-kubic-kubeadm-criconfig-18.09.0_ce-6.11.2.aarch64"
}
},
{
"category": "product_version",
"name": "docker-kubic-test-18.09.0_ce-6.11.2.aarch64",
"product": {
"name": "docker-kubic-test-18.09.0_ce-6.11.2.aarch64",
"product_id": "docker-kubic-test-18.09.0_ce-6.11.2.aarch64"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.aarch64",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.aarch64",
"product_id": "docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2704_6da50d197830-4.6.1.aarch64",
"product": {
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2704_6da50d197830-4.6.1.aarch64",
"product_id": "docker-libnetwork-kubic-0.7.0.1+gitr2704_6da50d197830-4.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.aarch64",
"product": {
"name": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.aarch64",
"product_id": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.aarch64",
"product": {
"name": "docker-runc-kubic-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.aarch64",
"product_id": "docker-runc-kubic-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.0_ce-6.11.2.aarch64",
"product": {
"name": "docker-test-18.09.0_ce-6.11.2.aarch64",
"product_id": "docker-test-18.09.0_ce-6.11.2.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.aarch64",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.aarch64",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2704_6da50d197830-4.6.1.aarch64",
"product": {
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2704_6da50d197830-4.6.1.aarch64",
"product_id": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2704_6da50d197830-4.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.1.2-5.6.1.i586",
"product": {
"name": "containerd-1.1.2-5.6.1.i586",
"product_id": "containerd-1.1.2-5.6.1.i586"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.1.2-5.6.1.i586",
"product": {
"name": "containerd-ctr-1.1.2-5.6.1.i586",
"product_id": "containerd-ctr-1.1.2-5.6.1.i586"
}
},
{
"category": "product_version",
"name": "containerd-kubic-1.1.2-5.6.1.i586",
"product": {
"name": "containerd-kubic-1.1.2-5.6.1.i586",
"product_id": "containerd-kubic-1.1.2-5.6.1.i586"
}
},
{
"category": "product_version",
"name": "containerd-kubic-ctr-1.1.2-5.6.1.i586",
"product": {
"name": "containerd-kubic-ctr-1.1.2-5.6.1.i586",
"product_id": "containerd-kubic-ctr-1.1.2-5.6.1.i586"
}
},
{
"category": "product_version",
"name": "docker-18.09.0_ce-6.11.2.i586",
"product": {
"name": "docker-18.09.0_ce-6.11.2.i586",
"product_id": "docker-18.09.0_ce-6.11.2.i586"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.i586",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.i586",
"product_id": "docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.i586"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2704_6da50d197830-4.6.1.i586",
"product": {
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2704_6da50d197830-4.6.1.i586",
"product_id": "docker-libnetwork-kubic-0.7.0.1+gitr2704_6da50d197830-4.6.1.i586"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.i586",
"product": {
"name": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.i586",
"product_id": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.i586"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.i586",
"product": {
"name": "docker-runc-kubic-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.i586",
"product_id": "docker-runc-kubic-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.i586"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.0_ce-6.11.2.i586",
"product": {
"name": "docker-test-18.09.0_ce-6.11.2.i586",
"product_id": "docker-test-18.09.0_ce-6.11.2.i586"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.i586",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.i586",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.i586"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2704_6da50d197830-4.6.1.i586",
"product": {
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2704_6da50d197830-4.6.1.i586",
"product_id": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2704_6da50d197830-4.6.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-kubic-test-1.1.2-5.6.1.noarch",
"product": {
"name": "containerd-kubic-test-1.1.2-5.6.1.noarch",
"product_id": "containerd-kubic-test-1.1.2-5.6.1.noarch"
}
},
{
"category": "product_version",
"name": "containerd-test-1.1.2-5.6.1.noarch",
"product": {
"name": "containerd-test-1.1.2-5.6.1.noarch",
"product_id": "containerd-test-1.1.2-5.6.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-bash-completion-18.09.0_ce-6.11.2.noarch",
"product": {
"name": "docker-bash-completion-18.09.0_ce-6.11.2.noarch",
"product_id": "docker-bash-completion-18.09.0_ce-6.11.2.noarch"
}
},
{
"category": "product_version",
"name": "docker-kubic-bash-completion-18.09.0_ce-6.11.2.noarch",
"product": {
"name": "docker-kubic-bash-completion-18.09.0_ce-6.11.2.noarch",
"product_id": "docker-kubic-bash-completion-18.09.0_ce-6.11.2.noarch"
}
},
{
"category": "product_version",
"name": "docker-kubic-zsh-completion-18.09.0_ce-6.11.2.noarch",
"product": {
"name": "docker-kubic-zsh-completion-18.09.0_ce-6.11.2.noarch",
"product_id": "docker-kubic-zsh-completion-18.09.0_ce-6.11.2.noarch"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-test-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.noarch",
"product": {
"name": "docker-runc-kubic-test-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.noarch",
"product_id": "docker-runc-kubic-test-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.noarch",
"product": {
"name": "docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.noarch",
"product_id": "docker-runc-test-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-18.09.0_ce-6.11.2.noarch",
"product": {
"name": "docker-zsh-completion-18.09.0_ce-6.11.2.noarch",
"product_id": "docker-zsh-completion-18.09.0_ce-6.11.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.1.2-5.6.1.ppc64le",
"product": {
"name": "containerd-1.1.2-5.6.1.ppc64le",
"product_id": "containerd-1.1.2-5.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.1.2-5.6.1.ppc64le",
"product": {
"name": "containerd-ctr-1.1.2-5.6.1.ppc64le",
"product_id": "containerd-ctr-1.1.2-5.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "containerd-kubic-1.1.2-5.6.1.ppc64le",
"product": {
"name": "containerd-kubic-1.1.2-5.6.1.ppc64le",
"product_id": "containerd-kubic-1.1.2-5.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "containerd-kubic-ctr-1.1.2-5.6.1.ppc64le",
"product": {
"name": "containerd-kubic-ctr-1.1.2-5.6.1.ppc64le",
"product_id": "containerd-kubic-ctr-1.1.2-5.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-18.09.0_ce-6.11.2.ppc64le",
"product": {
"name": "docker-18.09.0_ce-6.11.2.ppc64le",
"product_id": "docker-18.09.0_ce-6.11.2.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-kubic-18.09.0_ce-6.11.2.ppc64le",
"product": {
"name": "docker-kubic-18.09.0_ce-6.11.2.ppc64le",
"product_id": "docker-kubic-18.09.0_ce-6.11.2.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-kubic-kubeadm-criconfig-18.09.0_ce-6.11.2.ppc64le",
"product": {
"name": "docker-kubic-kubeadm-criconfig-18.09.0_ce-6.11.2.ppc64le",
"product_id": "docker-kubic-kubeadm-criconfig-18.09.0_ce-6.11.2.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-kubic-test-18.09.0_ce-6.11.2.ppc64le",
"product": {
"name": "docker-kubic-test-18.09.0_ce-6.11.2.ppc64le",
"product_id": "docker-kubic-test-18.09.0_ce-6.11.2.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.ppc64le",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.ppc64le",
"product_id": "docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2704_6da50d197830-4.6.1.ppc64le",
"product": {
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2704_6da50d197830-4.6.1.ppc64le",
"product_id": "docker-libnetwork-kubic-0.7.0.1+gitr2704_6da50d197830-4.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.ppc64le",
"product": {
"name": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.ppc64le",
"product_id": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.ppc64le",
"product": {
"name": "docker-runc-kubic-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.ppc64le",
"product_id": "docker-runc-kubic-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.0_ce-6.11.2.ppc64le",
"product": {
"name": "docker-test-18.09.0_ce-6.11.2.ppc64le",
"product_id": "docker-test-18.09.0_ce-6.11.2.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.ppc64le",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.ppc64le",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2704_6da50d197830-4.6.1.ppc64le",
"product": {
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2704_6da50d197830-4.6.1.ppc64le",
"product_id": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2704_6da50d197830-4.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.1.2-5.6.1.s390x",
"product": {
"name": "containerd-1.1.2-5.6.1.s390x",
"product_id": "containerd-1.1.2-5.6.1.s390x"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.1.2-5.6.1.s390x",
"product": {
"name": "containerd-ctr-1.1.2-5.6.1.s390x",
"product_id": "containerd-ctr-1.1.2-5.6.1.s390x"
}
},
{
"category": "product_version",
"name": "containerd-kubic-1.1.2-5.6.1.s390x",
"product": {
"name": "containerd-kubic-1.1.2-5.6.1.s390x",
"product_id": "containerd-kubic-1.1.2-5.6.1.s390x"
}
},
{
"category": "product_version",
"name": "containerd-kubic-ctr-1.1.2-5.6.1.s390x",
"product": {
"name": "containerd-kubic-ctr-1.1.2-5.6.1.s390x",
"product_id": "containerd-kubic-ctr-1.1.2-5.6.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-18.09.0_ce-6.11.2.s390x",
"product": {
"name": "docker-18.09.0_ce-6.11.2.s390x",
"product_id": "docker-18.09.0_ce-6.11.2.s390x"
}
},
{
"category": "product_version",
"name": "docker-kubic-18.09.0_ce-6.11.2.s390x",
"product": {
"name": "docker-kubic-18.09.0_ce-6.11.2.s390x",
"product_id": "docker-kubic-18.09.0_ce-6.11.2.s390x"
}
},
{
"category": "product_version",
"name": "docker-kubic-kubeadm-criconfig-18.09.0_ce-6.11.2.s390x",
"product": {
"name": "docker-kubic-kubeadm-criconfig-18.09.0_ce-6.11.2.s390x",
"product_id": "docker-kubic-kubeadm-criconfig-18.09.0_ce-6.11.2.s390x"
}
},
{
"category": "product_version",
"name": "docker-kubic-test-18.09.0_ce-6.11.2.s390x",
"product": {
"name": "docker-kubic-test-18.09.0_ce-6.11.2.s390x",
"product_id": "docker-kubic-test-18.09.0_ce-6.11.2.s390x"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.s390x",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.s390x",
"product_id": "docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2704_6da50d197830-4.6.1.s390x",
"product": {
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2704_6da50d197830-4.6.1.s390x",
"product_id": "docker-libnetwork-kubic-0.7.0.1+gitr2704_6da50d197830-4.6.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.s390x",
"product": {
"name": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.s390x",
"product_id": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.s390x",
"product": {
"name": "docker-runc-kubic-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.s390x",
"product_id": "docker-runc-kubic-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.0_ce-6.11.2.s390x",
"product": {
"name": "docker-test-18.09.0_ce-6.11.2.s390x",
"product_id": "docker-test-18.09.0_ce-6.11.2.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.s390x",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.s390x",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2704_6da50d197830-4.6.1.s390x",
"product": {
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2704_6da50d197830-4.6.1.s390x",
"product_id": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2704_6da50d197830-4.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.1.2-5.6.1.x86_64",
"product": {
"name": "containerd-1.1.2-5.6.1.x86_64",
"product_id": "containerd-1.1.2-5.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.1.2-5.6.1.x86_64",
"product": {
"name": "containerd-ctr-1.1.2-5.6.1.x86_64",
"product_id": "containerd-ctr-1.1.2-5.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "containerd-kubic-1.1.2-5.6.1.x86_64",
"product": {
"name": "containerd-kubic-1.1.2-5.6.1.x86_64",
"product_id": "containerd-kubic-1.1.2-5.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "containerd-kubic-ctr-1.1.2-5.6.1.x86_64",
"product": {
"name": "containerd-kubic-ctr-1.1.2-5.6.1.x86_64",
"product_id": "containerd-kubic-ctr-1.1.2-5.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-18.09.0_ce-6.11.2.x86_64",
"product": {
"name": "docker-18.09.0_ce-6.11.2.x86_64",
"product_id": "docker-18.09.0_ce-6.11.2.x86_64"
}
},
{
"category": "product_version",
"name": "docker-kubic-18.09.0_ce-6.11.2.x86_64",
"product": {
"name": "docker-kubic-18.09.0_ce-6.11.2.x86_64",
"product_id": "docker-kubic-18.09.0_ce-6.11.2.x86_64"
}
},
{
"category": "product_version",
"name": "docker-kubic-kubeadm-criconfig-18.09.0_ce-6.11.2.x86_64",
"product": {
"name": "docker-kubic-kubeadm-criconfig-18.09.0_ce-6.11.2.x86_64",
"product_id": "docker-kubic-kubeadm-criconfig-18.09.0_ce-6.11.2.x86_64"
}
},
{
"category": "product_version",
"name": "docker-kubic-test-18.09.0_ce-6.11.2.x86_64",
"product": {
"name": "docker-kubic-test-18.09.0_ce-6.11.2.x86_64",
"product_id": "docker-kubic-test-18.09.0_ce-6.11.2.x86_64"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.x86_64",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.x86_64",
"product_id": "docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2704_6da50d197830-4.6.1.x86_64",
"product": {
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2704_6da50d197830-4.6.1.x86_64",
"product_id": "docker-libnetwork-kubic-0.7.0.1+gitr2704_6da50d197830-4.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.x86_64",
"product": {
"name": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.x86_64",
"product_id": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.x86_64",
"product": {
"name": "docker-runc-kubic-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.x86_64",
"product_id": "docker-runc-kubic-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.0_ce-6.11.2.x86_64",
"product": {
"name": "docker-test-18.09.0_ce-6.11.2.x86_64",
"product_id": "docker-test-18.09.0_ce-6.11.2.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.x86_64",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.x86_64",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2704_6da50d197830-4.6.1.x86_64",
"product": {
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2704_6da50d197830-4.6.1.x86_64",
"product_id": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2704_6da50d197830-4.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.1.2-5.6.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.6.1.ppc64le"
},
"product_reference": "containerd-1.1.2-5.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.1.2-5.6.1.s390x as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.6.1.s390x"
},
"product_reference": "containerd-1.1.2-5.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.1.2-5.6.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.6.1.x86_64"
},
"product_reference": "containerd-1.1.2-5.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-18.09.0_ce-6.11.2.ppc64le as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-18.09.0_ce-6.11.2.ppc64le"
},
"product_reference": "docker-18.09.0_ce-6.11.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-18.09.0_ce-6.11.2.s390x as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-18.09.0_ce-6.11.2.s390x"
},
"product_reference": "docker-18.09.0_ce-6.11.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-18.09.0_ce-6.11.2.x86_64 as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-18.09.0_ce-6.11.2.x86_64"
},
"product_reference": "docker-18.09.0_ce-6.11.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-18.09.0_ce-6.11.2.noarch as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.0_ce-6.11.2.noarch"
},
"product_reference": "docker-bash-completion-18.09.0_ce-6.11.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.ppc64le"
},
"product_reference": "docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.s390x as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.s390x"
},
"product_reference": "docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.x86_64"
},
"product_reference": "docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.ppc64le"
},
"product_reference": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.s390x as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.s390x"
},
"product_reference": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.x86_64"
},
"product_reference": "docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.6.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.0_ce-6.11.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.0_ce-6.11.2.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.0_ce-6.11.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.0_ce-6.11.2.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.6.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.0_ce-6.11.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.0_ce-6.11.2.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.0_ce-6.11.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.0_ce-6.11.2.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.6.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.0_ce-6.11.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.0_ce-6.11.2.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.0_ce-6.11.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.0_ce-6.11.2.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-07T12:45:30Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.6.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.0_ce-6.11.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.0_ce-6.11.2.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.0_ce-6.11.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.0_ce-6.11.2.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.6.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.0_ce-6.11.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.0_ce-6.11.2.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.0_ce-6.11.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.0_ce-6.11.2.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.6.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.0_ce-6.11.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.0_ce-6.11.2.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.0_ce-6.11.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.0_ce-6.11.2.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-07T12:45:30Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.6.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.0_ce-6.11.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.0_ce-6.11.2.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.0_ce-6.11.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.0_ce-6.11.2.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.6.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.0_ce-6.11.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.0_ce-6.11.2.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.0_ce-6.11.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.0_ce-6.11.2.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.1.2-5.6.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.0_ce-6.11.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.0_ce-6.11.2.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.0_ce-6.11.2.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.0_ce-6.11.2.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2704_6da50d197830-4.6.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-07T12:45:30Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
}
]
}
suse-su-2019:0048-2
Vulnerability from csaf_suse
Published
2019-07-04 12:26
Modified
2019-07-04 12:26
Summary
Security update for helm-mirror
Notes
Title of the patch
Security update for helm-mirror
Description of the patch
This update for helm-mirror to version 0.2.1 fixes the following issues:
Security issues fixed:
- CVE-2018-16873: Fixed a remote command execution (bsc#1118897)
- CVE-2018-16874: Fixed a directory traversal in 'go get' via curly braces in import path (bsc#1118898)
- CVE-2018-16875: Fixed a CPU denial of service (bsc#1118899)
Non-security issue fixed:
- Update to v0.2.1 (bsc#1120762)
- Include helm-mirror into the containers module (bsc#1116182)
Patchnames
SUSE-2019-48,SUSE-SLE-Module-Containers-15-SP1-2019-48
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for helm-mirror",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for helm-mirror to version 0.2.1 fixes the following issues:\n\n\nSecurity issues fixed:\n\n- CVE-2018-16873: Fixed a remote command execution (bsc#1118897)\n- CVE-2018-16874: Fixed a directory traversal in \u0027go get\u0027 via curly braces in import path (bsc#1118898)\n- CVE-2018-16875: Fixed a CPU denial of service (bsc#1118899)\n\nNon-security issue fixed:\n\n- Update to v0.2.1 (bsc#1120762)\n- Include helm-mirror into the containers module (bsc#1116182)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-48,SUSE-SLE-Module-Containers-15-SP1-2019-48",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0048-2.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0048-2",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190048-2/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0048-2",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-July/005660.html"
},
{
"category": "self",
"summary": "SUSE Bug 1116182",
"url": "https://bugzilla.suse.com/1116182"
},
{
"category": "self",
"summary": "SUSE Bug 1118897",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "self",
"summary": "SUSE Bug 1118898",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "self",
"summary": "SUSE Bug 1118899",
"url": "https://bugzilla.suse.com/1118899"
},
{
"category": "self",
"summary": "SUSE Bug 1120762",
"url": "https://bugzilla.suse.com/1120762"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
}
],
"title": "Security update for helm-mirror",
"tracking": {
"current_release_date": "2019-07-04T12:26:14Z",
"generator": {
"date": "2019-07-04T12:26:14Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0048-2",
"initial_release_date": "2019-07-04T12:26:14Z",
"revision_history": [
{
"date": "2019-07-04T12:26:14Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "helm-mirror-0.2.1-1.7.1.aarch64",
"product": {
"name": "helm-mirror-0.2.1-1.7.1.aarch64",
"product_id": "helm-mirror-0.2.1-1.7.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-mirror-0.2.1-1.7.1.i586",
"product": {
"name": "helm-mirror-0.2.1-1.7.1.i586",
"product_id": "helm-mirror-0.2.1-1.7.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-mirror-0.2.1-1.7.1.ppc64le",
"product": {
"name": "helm-mirror-0.2.1-1.7.1.ppc64le",
"product_id": "helm-mirror-0.2.1-1.7.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-mirror-0.2.1-1.7.1.s390x",
"product": {
"name": "helm-mirror-0.2.1-1.7.1.s390x",
"product_id": "helm-mirror-0.2.1-1.7.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-mirror-0.2.1-1.7.1.x86_64",
"product": {
"name": "helm-mirror-0.2.1-1.7.1.x86_64",
"product_id": "helm-mirror-0.2.1-1.7.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-mirror-0.2.1-1.7.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.aarch64"
},
"product_reference": "helm-mirror-0.2.1-1.7.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-mirror-0.2.1-1.7.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.ppc64le"
},
"product_reference": "helm-mirror-0.2.1-1.7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-mirror-0.2.1-1.7.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.s390x"
},
"product_reference": "helm-mirror-0.2.1-1.7.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-mirror-0.2.1-1.7.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.x86_64"
},
"product_reference": "helm-mirror-0.2.1-1.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-04T12:26:14Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-04T12:26:14Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:helm-mirror-0.2.1-1.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-07-04T12:26:14Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
}
]
}
suse-su-2021:1458-1
Vulnerability from csaf_suse
Published
2021-04-30 10:58
Modified
2021-04-30 10:58
Summary
Security update for containerd, docker, runc
Notes
Title of the patch
Security update for containerd, docker, runc
Description of the patch
This update for containerd, docker, runc fixes the following issues:
- Docker was updated to 20.10.6-ce
* Switch version to use -ce suffix rather than _ce to avoid confusing other
tools (bsc#1182476).
* CVE-2021-21284: Fixed a potential privilege escalation when the root user in
the remapped namespace has access to the host filesystem (bsc#1181732)
* CVE-2021-21285: Fixed an issue where pulling a malformed Docker image manifest
crashes the dockerd daemon (bsc#1181730).
- runc was updated to v1.0.0~rc93 (bsc#1182451 and bsc#1184962).
* Use the upstream runc package (bsc#1181641, bsc#1181677, bsc#1175821).
* Fixed /dev/null is not available (bsc#1168481).
* Fixed an issue where podman hangs when spawned by salt-minion process (bsc#1149954).
* CVE-2019-19921: Fixed a race condition with shared mounts (bsc#1160452).
* CVE-2019-16884: Fixed an LSM bypass via malicious Docker image that mount
over a /proc directory (bsc#1152308).
* CVE-2019-5736: Fixed potential write attacks to the host runc binary (bsc#1121967).
* Fixed an issue where after a kernel-update docker doesn't run (bsc#1131314 bsc#1131553)
* Ensure that we always include the version information in runc (bsc#1053532).
- Switch to Go 1.13 for build.
* CVE-2018-16873: Fixed a potential remote code execution (bsc#1118897).
* CVE-2018-16874: Fixed a directory traversal in 'go get' via curly braces
in import paths (bsc#1118898).
* CVE-2018-16875: Fixed a CPU denial of service (bsc#1118899).
* Fixed an issue with building containers (bsc#1095817).
- containerd was updated to v1.4.4
* CVE-2021-21334: Fixed a potential information leak through environment variables (bsc#1183397).
* Handle a requirement from docker (bsc#1181594).
* Install the containerd-shim* binaries and stop creating (bsc#1183024).
* update version to the one required by docker (bsc#1034053)
- Use -buildmode=pie for tests and binary build (bsc#1048046, bsc#1051429)
- Cleanup seccomp builds similar (bsc#1028638).
- Update to handle the docker-runc removal, and drop the -kubic flavour (bsc#1181677, bsc#1181749)
Patchnames
SUSE-2021-1458,SUSE-SLE-Module-Containers-12-2021-1458
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for containerd, docker, runc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for containerd, docker, runc fixes the following issues:\n\n- Docker was updated to 20.10.6-ce\n * Switch version to use -ce suffix rather than _ce to avoid confusing other\n tools (bsc#1182476).\n * CVE-2021-21284: Fixed a potential privilege escalation when the root user in \n the remapped namespace has access to the host filesystem (bsc#1181732)\n * CVE-2021-21285: Fixed an issue where pulling a malformed Docker image manifest \n crashes the dockerd daemon (bsc#1181730). \n\n- runc was updated to v1.0.0~rc93 (bsc#1182451 and bsc#1184962).\n * Use the upstream runc package (bsc#1181641, bsc#1181677, bsc#1175821).\n * Fixed /dev/null is not available (bsc#1168481).\n * Fixed an issue where podman hangs when spawned by salt-minion process (bsc#1149954).\n * CVE-2019-19921: Fixed a race condition with shared mounts (bsc#1160452).\n * CVE-2019-16884: Fixed an LSM bypass via malicious Docker image that mount \n over a /proc directory (bsc#1152308).\n * CVE-2019-5736: Fixed potential write attacks to the host runc binary (bsc#1121967).\n * Fixed an issue where after a kernel-update docker doesn\u0027t run (bsc#1131314 bsc#1131553)\n * Ensure that we always include the version information in runc (bsc#1053532).\n \n- Switch to Go 1.13 for build.\n * CVE-2018-16873: Fixed a potential remote code execution (bsc#1118897).\n * CVE-2018-16874: Fixed a directory traversal in \u0027go get\u0027 via curly braces \n in import paths (bsc#1118898).\n * CVE-2018-16875: Fixed a CPU denial of service (bsc#1118899).\n * Fixed an issue with building containers (bsc#1095817).\n\n- containerd was updated to v1.4.4\n * CVE-2021-21334: Fixed a potential information leak through environment variables (bsc#1183397).\n * Handle a requirement from docker (bsc#1181594).\n * Install the containerd-shim* binaries and stop creating (bsc#1183024).\n * update version to the one required by docker (bsc#1034053)\n\n- Use -buildmode=pie for tests and binary build (bsc#1048046, bsc#1051429)\n- Cleanup seccomp builds similar (bsc#1028638).\n- Update to handle the docker-runc removal, and drop the -kubic flavour (bsc#1181677, bsc#1181749)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-1458,SUSE-SLE-Module-Containers-12-2021-1458",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_1458-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:1458-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20211458-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:1458-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-April/008717.html"
},
{
"category": "self",
"summary": "SUSE Bug 1028638",
"url": "https://bugzilla.suse.com/1028638"
},
{
"category": "self",
"summary": "SUSE Bug 1034053",
"url": "https://bugzilla.suse.com/1034053"
},
{
"category": "self",
"summary": "SUSE Bug 1048046",
"url": "https://bugzilla.suse.com/1048046"
},
{
"category": "self",
"summary": "SUSE Bug 1051429",
"url": "https://bugzilla.suse.com/1051429"
},
{
"category": "self",
"summary": "SUSE Bug 1053532",
"url": "https://bugzilla.suse.com/1053532"
},
{
"category": "self",
"summary": "SUSE Bug 1095817",
"url": "https://bugzilla.suse.com/1095817"
},
{
"category": "self",
"summary": "SUSE Bug 1118897",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "self",
"summary": "SUSE Bug 1118898",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "self",
"summary": "SUSE Bug 1118899",
"url": "https://bugzilla.suse.com/1118899"
},
{
"category": "self",
"summary": "SUSE Bug 1121967",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "self",
"summary": "SUSE Bug 1131314",
"url": "https://bugzilla.suse.com/1131314"
},
{
"category": "self",
"summary": "SUSE Bug 1131553",
"url": "https://bugzilla.suse.com/1131553"
},
{
"category": "self",
"summary": "SUSE Bug 1149954",
"url": "https://bugzilla.suse.com/1149954"
},
{
"category": "self",
"summary": "SUSE Bug 1152308",
"url": "https://bugzilla.suse.com/1152308"
},
{
"category": "self",
"summary": "SUSE Bug 1160452",
"url": "https://bugzilla.suse.com/1160452"
},
{
"category": "self",
"summary": "SUSE Bug 1168481",
"url": "https://bugzilla.suse.com/1168481"
},
{
"category": "self",
"summary": "SUSE Bug 1175081",
"url": "https://bugzilla.suse.com/1175081"
},
{
"category": "self",
"summary": "SUSE Bug 1175821",
"url": "https://bugzilla.suse.com/1175821"
},
{
"category": "self",
"summary": "SUSE Bug 1181594",
"url": "https://bugzilla.suse.com/1181594"
},
{
"category": "self",
"summary": "SUSE Bug 1181641",
"url": "https://bugzilla.suse.com/1181641"
},
{
"category": "self",
"summary": "SUSE Bug 1181677",
"url": "https://bugzilla.suse.com/1181677"
},
{
"category": "self",
"summary": "SUSE Bug 1181730",
"url": "https://bugzilla.suse.com/1181730"
},
{
"category": "self",
"summary": "SUSE Bug 1181732",
"url": "https://bugzilla.suse.com/1181732"
},
{
"category": "self",
"summary": "SUSE Bug 1181749",
"url": "https://bugzilla.suse.com/1181749"
},
{
"category": "self",
"summary": "SUSE Bug 1182451",
"url": "https://bugzilla.suse.com/1182451"
},
{
"category": "self",
"summary": "SUSE Bug 1182476",
"url": "https://bugzilla.suse.com/1182476"
},
{
"category": "self",
"summary": "SUSE Bug 1182947",
"url": "https://bugzilla.suse.com/1182947"
},
{
"category": "self",
"summary": "SUSE Bug 1183024",
"url": "https://bugzilla.suse.com/1183024"
},
{
"category": "self",
"summary": "SUSE Bug 1183397",
"url": "https://bugzilla.suse.com/1183397"
},
{
"category": "self",
"summary": "SUSE Bug 1183855",
"url": "https://bugzilla.suse.com/1183855"
},
{
"category": "self",
"summary": "SUSE Bug 1184768",
"url": "https://bugzilla.suse.com/1184768"
},
{
"category": "self",
"summary": "SUSE Bug 1184962",
"url": "https://bugzilla.suse.com/1184962"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16884 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19921 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19921/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5736 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21284 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21285 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21285/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-21334 page",
"url": "https://www.suse.com/security/cve/CVE-2021-21334/"
}
],
"title": "Security update for containerd, docker, runc",
"tracking": {
"current_release_date": "2021-04-30T10:58:51Z",
"generator": {
"date": "2021-04-30T10:58:51Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:1458-1",
"initial_release_date": "2021-04-30T10:58:51Z",
"revision_history": [
{
"date": "2021-04-30T10:58:51Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.4.4-16.38.1.aarch64",
"product": {
"name": "containerd-1.4.4-16.38.1.aarch64",
"product_id": "containerd-1.4.4-16.38.1.aarch64"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.4.4-16.38.1.aarch64",
"product": {
"name": "containerd-ctr-1.4.4-16.38.1.aarch64",
"product_id": "containerd-ctr-1.4.4-16.38.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-20.10.6_ce-98.66.1.aarch64",
"product": {
"name": "docker-20.10.6_ce-98.66.1.aarch64",
"product_id": "docker-20.10.6_ce-98.66.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-kubic-20.10.6_ce-98.66.1.aarch64",
"product": {
"name": "docker-kubic-20.10.6_ce-98.66.1.aarch64",
"product_id": "docker-kubic-20.10.6_ce-98.66.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-kubic-kubeadm-criconfig-20.10.6_ce-98.66.1.aarch64",
"product": {
"name": "docker-kubic-kubeadm-criconfig-20.10.6_ce-98.66.1.aarch64",
"product_id": "docker-kubic-kubeadm-criconfig-20.10.6_ce-98.66.1.aarch64"
}
},
{
"category": "product_version",
"name": "runc-1.0.0~rc93-16.8.1.aarch64",
"product": {
"name": "runc-1.0.0~rc93-16.8.1.aarch64",
"product_id": "runc-1.0.0~rc93-16.8.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.4.4-16.38.1.i586",
"product": {
"name": "containerd-1.4.4-16.38.1.i586",
"product_id": "containerd-1.4.4-16.38.1.i586"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.4.4-16.38.1.i586",
"product": {
"name": "containerd-ctr-1.4.4-16.38.1.i586",
"product_id": "containerd-ctr-1.4.4-16.38.1.i586"
}
},
{
"category": "product_version",
"name": "docker-20.10.6_ce-98.66.1.i586",
"product": {
"name": "docker-20.10.6_ce-98.66.1.i586",
"product_id": "docker-20.10.6_ce-98.66.1.i586"
}
},
{
"category": "product_version",
"name": "runc-1.0.0~rc93-16.8.1.i586",
"product": {
"name": "runc-1.0.0~rc93-16.8.1.i586",
"product_id": "runc-1.0.0~rc93-16.8.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-bash-completion-20.10.6_ce-98.66.1.noarch",
"product": {
"name": "docker-bash-completion-20.10.6_ce-98.66.1.noarch",
"product_id": "docker-bash-completion-20.10.6_ce-98.66.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-fish-completion-20.10.6_ce-98.66.1.noarch",
"product": {
"name": "docker-fish-completion-20.10.6_ce-98.66.1.noarch",
"product_id": "docker-fish-completion-20.10.6_ce-98.66.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-kubic-bash-completion-20.10.6_ce-98.66.1.noarch",
"product": {
"name": "docker-kubic-bash-completion-20.10.6_ce-98.66.1.noarch",
"product_id": "docker-kubic-bash-completion-20.10.6_ce-98.66.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-kubic-fish-completion-20.10.6_ce-98.66.1.noarch",
"product": {
"name": "docker-kubic-fish-completion-20.10.6_ce-98.66.1.noarch",
"product_id": "docker-kubic-fish-completion-20.10.6_ce-98.66.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-kubic-zsh-completion-20.10.6_ce-98.66.1.noarch",
"product": {
"name": "docker-kubic-zsh-completion-20.10.6_ce-98.66.1.noarch",
"product_id": "docker-kubic-zsh-completion-20.10.6_ce-98.66.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-20.10.6_ce-98.66.1.noarch",
"product": {
"name": "docker-zsh-completion-20.10.6_ce-98.66.1.noarch",
"product_id": "docker-zsh-completion-20.10.6_ce-98.66.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.4.4-16.38.1.ppc64le",
"product": {
"name": "containerd-1.4.4-16.38.1.ppc64le",
"product_id": "containerd-1.4.4-16.38.1.ppc64le"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.4.4-16.38.1.ppc64le",
"product": {
"name": "containerd-ctr-1.4.4-16.38.1.ppc64le",
"product_id": "containerd-ctr-1.4.4-16.38.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-20.10.6_ce-98.66.1.ppc64le",
"product": {
"name": "docker-20.10.6_ce-98.66.1.ppc64le",
"product_id": "docker-20.10.6_ce-98.66.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-kubic-20.10.6_ce-98.66.1.ppc64le",
"product": {
"name": "docker-kubic-20.10.6_ce-98.66.1.ppc64le",
"product_id": "docker-kubic-20.10.6_ce-98.66.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-kubic-kubeadm-criconfig-20.10.6_ce-98.66.1.ppc64le",
"product": {
"name": "docker-kubic-kubeadm-criconfig-20.10.6_ce-98.66.1.ppc64le",
"product_id": "docker-kubic-kubeadm-criconfig-20.10.6_ce-98.66.1.ppc64le"
}
},
{
"category": "product_version",
"name": "runc-1.0.0~rc93-16.8.1.ppc64le",
"product": {
"name": "runc-1.0.0~rc93-16.8.1.ppc64le",
"product_id": "runc-1.0.0~rc93-16.8.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.4.4-16.38.1.s390x",
"product": {
"name": "containerd-1.4.4-16.38.1.s390x",
"product_id": "containerd-1.4.4-16.38.1.s390x"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.4.4-16.38.1.s390x",
"product": {
"name": "containerd-ctr-1.4.4-16.38.1.s390x",
"product_id": "containerd-ctr-1.4.4-16.38.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-20.10.6_ce-98.66.1.s390x",
"product": {
"name": "docker-20.10.6_ce-98.66.1.s390x",
"product_id": "docker-20.10.6_ce-98.66.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-kubic-20.10.6_ce-98.66.1.s390x",
"product": {
"name": "docker-kubic-20.10.6_ce-98.66.1.s390x",
"product_id": "docker-kubic-20.10.6_ce-98.66.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-kubic-kubeadm-criconfig-20.10.6_ce-98.66.1.s390x",
"product": {
"name": "docker-kubic-kubeadm-criconfig-20.10.6_ce-98.66.1.s390x",
"product_id": "docker-kubic-kubeadm-criconfig-20.10.6_ce-98.66.1.s390x"
}
},
{
"category": "product_version",
"name": "runc-1.0.0~rc93-16.8.1.s390x",
"product": {
"name": "runc-1.0.0~rc93-16.8.1.s390x",
"product_id": "runc-1.0.0~rc93-16.8.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.4.4-16.38.1.x86_64",
"product": {
"name": "containerd-1.4.4-16.38.1.x86_64",
"product_id": "containerd-1.4.4-16.38.1.x86_64"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.4.4-16.38.1.x86_64",
"product": {
"name": "containerd-ctr-1.4.4-16.38.1.x86_64",
"product_id": "containerd-ctr-1.4.4-16.38.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-20.10.6_ce-98.66.1.x86_64",
"product": {
"name": "docker-20.10.6_ce-98.66.1.x86_64",
"product_id": "docker-20.10.6_ce-98.66.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-kubic-20.10.6_ce-98.66.1.x86_64",
"product": {
"name": "docker-kubic-20.10.6_ce-98.66.1.x86_64",
"product_id": "docker-kubic-20.10.6_ce-98.66.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-kubic-kubeadm-criconfig-20.10.6_ce-98.66.1.x86_64",
"product": {
"name": "docker-kubic-kubeadm-criconfig-20.10.6_ce-98.66.1.x86_64",
"product_id": "docker-kubic-kubeadm-criconfig-20.10.6_ce-98.66.1.x86_64"
}
},
{
"category": "product_version",
"name": "runc-1.0.0~rc93-16.8.1.x86_64",
"product": {
"name": "runc-1.0.0~rc93-16.8.1.x86_64",
"product_id": "runc-1.0.0~rc93-16.8.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 12",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.4.4-16.38.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.ppc64le"
},
"product_reference": "containerd-1.4.4-16.38.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.4.4-16.38.1.s390x as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.s390x"
},
"product_reference": "containerd-1.4.4-16.38.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.4.4-16.38.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.x86_64"
},
"product_reference": "containerd-1.4.4-16.38.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-20.10.6_ce-98.66.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.ppc64le"
},
"product_reference": "docker-20.10.6_ce-98.66.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-20.10.6_ce-98.66.1.s390x as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.s390x"
},
"product_reference": "docker-20.10.6_ce-98.66.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-20.10.6_ce-98.66.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.x86_64"
},
"product_reference": "docker-20.10.6_ce-98.66.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.0~rc93-16.8.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.ppc64le"
},
"product_reference": "runc-1.0.0~rc93-16.8.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.0~rc93-16.8.1.s390x as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.s390x"
},
"product_reference": "runc-1.0.0~rc93-16.8.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "runc-1.0.0~rc93-16.8.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.x86_64"
},
"product_reference": "runc-1.0.0~rc93-16.8.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-30T10:58:51Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-30T10:58:51Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-30T10:58:51Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
},
{
"cve": "CVE-2019-16884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16884"
}
],
"notes": [
{
"category": "general",
"text": "runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16884",
"url": "https://www.suse.com/security/cve/CVE-2019-16884"
},
{
"category": "external",
"summary": "SUSE Bug 1152308 for CVE-2019-16884",
"url": "https://bugzilla.suse.com/1152308"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-30T10:58:51Z",
"details": "moderate"
}
],
"title": "CVE-2019-16884"
},
{
"cve": "CVE-2019-19921",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19921"
}
],
"notes": [
{
"category": "general",
"text": "runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19921",
"url": "https://www.suse.com/security/cve/CVE-2019-19921"
},
{
"category": "external",
"summary": "SUSE Bug 1160452 for CVE-2019-19921",
"url": "https://bugzilla.suse.com/1160452"
},
{
"category": "external",
"summary": "SUSE Bug 1208962 for CVE-2019-19921",
"url": "https://bugzilla.suse.com/1208962"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-30T10:58:51Z",
"details": "important"
}
],
"title": "CVE-2019-19921"
},
{
"cve": "CVE-2019-5736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5736"
}
],
"notes": [
{
"category": "general",
"text": "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5736",
"url": "https://www.suse.com/security/cve/CVE-2019-5736"
},
{
"category": "external",
"summary": "SUSE Bug 1121967 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "external",
"summary": "SUSE Bug 1122185 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1122185"
},
{
"category": "external",
"summary": "SUSE Bug 1173421 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1173421"
},
{
"category": "external",
"summary": "SUSE Bug 1218894 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1218894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-30T10:58:51Z",
"details": "moderate"
}
],
"title": "CVE-2019-5736"
},
{
"cve": "CVE-2021-21284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21284"
}
],
"notes": [
{
"category": "general",
"text": "In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using \"--userns-remap\", if the root user in the remapped namespace has access to the host filesystem they can modify files under \"/var/lib/docker/\u003cremapping\u003e\" that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21284",
"url": "https://www.suse.com/security/cve/CVE-2021-21284"
},
{
"category": "external",
"summary": "SUSE Bug 1181732 for CVE-2021-21284",
"url": "https://bugzilla.suse.com/1181732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-30T10:58:51Z",
"details": "low"
}
],
"title": "CVE-2021-21284"
},
{
"cve": "CVE-2021-21285",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21285"
}
],
"notes": [
{
"category": "general",
"text": "In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21285",
"url": "https://www.suse.com/security/cve/CVE-2021-21285"
},
{
"category": "external",
"summary": "SUSE Bug 1181730 for CVE-2021-21285",
"url": "https://bugzilla.suse.com/1181730"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-30T10:58:51Z",
"details": "moderate"
}
],
"title": "CVE-2021-21285"
},
{
"cve": "CVE-2021-21334",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-21334"
}
],
"notes": [
{
"category": "general",
"text": "In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd\u0027s CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd\u0027s CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-21334",
"url": "https://www.suse.com/security/cve/CVE-2021-21334"
},
{
"category": "external",
"summary": "SUSE Bug 1183397 for CVE-2021-21334",
"url": "https://bugzilla.suse.com/1183397"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.4.4-16.38.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-20.10.6_ce-98.66.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:runc-1.0.0~rc93-16.8.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-04-30T10:58:51Z",
"details": "moderate"
}
],
"title": "CVE-2021-21334"
}
]
}
suse-su-2019:1264-1
Vulnerability from csaf_suse
Published
2019-05-16 07:50
Modified
2019-05-16 07:50
Summary
Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork
Notes
Title of the patch
Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork
Description of the patch
This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues:
Security issues fixed:
- CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013).
- CVE-2018-16873: go security release, fixing cmd/go remote command execution (bsc#1118897).
- CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898).
- CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899).
Other changes and bug fixes:
- Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, boo#1134068).
- Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, boo#1134068).
- Update to Docker 18.09.6-ce see upstream changelog in the packaged
- Move daemon.json file to /etc/docker directory (bsc#1114832).
- docker-test: Improvements to test packaging (bsc#1128746).
- Update to go1.11.9 (released 2019/04/11)
- Fix go build failures (bsc#1121397).
- Update to golang-github-docker-libnetwork version git.872f0a83c98add6cae255c8859e29532febc0039 which is required for Docker v18.09.6-ce.
- Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209).
Patchnames
SUSE-2019-1264,SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1264,SUSE-SLE-Module-Containers-12-2019-1264
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013).\n- CVE-2018-16873: go security release, fixing cmd/go remote command execution (bsc#1118897).\n- CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898).\n- CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899).\n\nOther changes and bug fixes:\n\n- Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, boo#1134068).\n- Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, boo#1134068).\n- Update to Docker 18.09.6-ce see upstream changelog in the packaged\n- Move daemon.json file to /etc/docker directory (bsc#1114832).\n- docker-test: Improvements to test packaging (bsc#1128746).\n- Update to go1.11.9 (released 2019/04/11)\n- Fix go build failures (bsc#1121397).\n- Update to golang-github-docker-libnetwork version git.872f0a83c98add6cae255c8859e29532febc0039 which is required for Docker v18.09.6-ce.\n- Revert golang(API) removal since it turns out this breaks \u003e= requires in certain cases (bsc#1114209).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-1264,SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-1264,SUSE-SLE-Module-Containers-12-2019-1264",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_1264-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:1264-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191264-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:1264-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-May/005468.html"
},
{
"category": "self",
"summary": "SUSE Bug 1114209",
"url": "https://bugzilla.suse.com/1114209"
},
{
"category": "self",
"summary": "SUSE Bug 1114832",
"url": "https://bugzilla.suse.com/1114832"
},
{
"category": "self",
"summary": "SUSE Bug 1118897",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "self",
"summary": "SUSE Bug 1118898",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "self",
"summary": "SUSE Bug 1118899",
"url": "https://bugzilla.suse.com/1118899"
},
{
"category": "self",
"summary": "SUSE Bug 1121397",
"url": "https://bugzilla.suse.com/1121397"
},
{
"category": "self",
"summary": "SUSE Bug 1123013",
"url": "https://bugzilla.suse.com/1123013"
},
{
"category": "self",
"summary": "SUSE Bug 1128376",
"url": "https://bugzilla.suse.com/1128376"
},
{
"category": "self",
"summary": "SUSE Bug 1128746",
"url": "https://bugzilla.suse.com/1128746"
},
{
"category": "self",
"summary": "SUSE Bug 1134068",
"url": "https://bugzilla.suse.com/1134068"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6486 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6486/"
}
],
"title": "Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork",
"tracking": {
"current_release_date": "2019-05-16T07:50:31Z",
"generator": {
"date": "2019-05-16T07:50:31Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:1264-1",
"initial_release_date": "2019-05-16T07:50:31Z",
"revision_history": [
{
"date": "2019-05-16T07:50:31Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.2.5-16.17.2.aarch64",
"product": {
"name": "containerd-1.2.5-16.17.2.aarch64",
"product_id": "containerd-1.2.5-16.17.2.aarch64"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.2.5-16.17.2.aarch64",
"product": {
"name": "containerd-ctr-1.2.5-16.17.2.aarch64",
"product_id": "containerd-ctr-1.2.5-16.17.2.aarch64"
}
},
{
"category": "product_version",
"name": "containerd-kubic-1.2.5-16.17.2.aarch64",
"product": {
"name": "containerd-kubic-1.2.5-16.17.2.aarch64",
"product_id": "containerd-kubic-1.2.5-16.17.2.aarch64"
}
},
{
"category": "product_version",
"name": "containerd-kubic-ctr-1.2.5-16.17.2.aarch64",
"product": {
"name": "containerd-kubic-ctr-1.2.5-16.17.2.aarch64",
"product_id": "containerd-kubic-ctr-1.2.5-16.17.2.aarch64"
}
},
{
"category": "product_version",
"name": "docker-18.09.6_ce-98.37.1.aarch64",
"product": {
"name": "docker-18.09.6_ce-98.37.1.aarch64",
"product_id": "docker-18.09.6_ce-98.37.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-kubic-18.09.6_ce-98.37.1.aarch64",
"product": {
"name": "docker-kubic-18.09.6_ce-98.37.1.aarch64",
"product_id": "docker-kubic-18.09.6_ce-98.37.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-kubic-kubeadm-criconfig-18.09.6_ce-98.37.1.aarch64",
"product": {
"name": "docker-kubic-kubeadm-criconfig-18.09.6_ce-98.37.1.aarch64",
"product_id": "docker-kubic-kubeadm-criconfig-18.09.6_ce-98.37.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-kubic-test-18.09.6_ce-98.37.1.aarch64",
"product": {
"name": "docker-kubic-test-18.09.6_ce-98.37.1.aarch64",
"product_id": "docker-kubic-test-18.09.6_ce-98.37.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.aarch64",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.aarch64",
"product_id": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-19.1.aarch64",
"product": {
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-19.1.aarch64",
"product_id": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-19.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.aarch64",
"product": {
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.aarch64",
"product_id": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.aarch64",
"product": {
"name": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.aarch64",
"product_id": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.6_ce-98.37.1.aarch64",
"product": {
"name": "docker-test-18.09.6_ce-98.37.1.aarch64",
"product_id": "docker-test-18.09.6_ce-98.37.1.aarch64"
}
},
{
"category": "product_version",
"name": "go-1.12-34.24.1.aarch64",
"product": {
"name": "go-1.12-34.24.1.aarch64",
"product_id": "go-1.12-34.24.1.aarch64"
}
},
{
"category": "product_version",
"name": "go-doc-1.12-34.24.1.aarch64",
"product": {
"name": "go-doc-1.12-34.24.1.aarch64",
"product_id": "go-doc-1.12-34.24.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.11-1.11.9-1.9.1.aarch64",
"product": {
"name": "go1.11-1.11.9-1.9.1.aarch64",
"product_id": "go1.11-1.11.9-1.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.11-doc-1.11.9-1.9.1.aarch64",
"product": {
"name": "go1.11-doc-1.11.9-1.9.1.aarch64",
"product_id": "go1.11-doc-1.11.9-1.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.12-1.12.4-1.3.1.aarch64",
"product": {
"name": "go1.12-1.12.4-1.3.1.aarch64",
"product_id": "go1.12-1.12.4-1.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.12-doc-1.12.4-1.3.1.aarch64",
"product": {
"name": "go1.12-doc-1.12.4-1.3.1.aarch64",
"product_id": "go1.12-doc-1.12.4-1.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.aarch64",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.aarch64",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-19.1.aarch64",
"product": {
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-19.1.aarch64",
"product_id": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-19.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.2.5-16.17.2.i586",
"product": {
"name": "containerd-1.2.5-16.17.2.i586",
"product_id": "containerd-1.2.5-16.17.2.i586"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.2.5-16.17.2.i586",
"product": {
"name": "containerd-ctr-1.2.5-16.17.2.i586",
"product_id": "containerd-ctr-1.2.5-16.17.2.i586"
}
},
{
"category": "product_version",
"name": "containerd-kubic-1.2.5-16.17.2.i586",
"product": {
"name": "containerd-kubic-1.2.5-16.17.2.i586",
"product_id": "containerd-kubic-1.2.5-16.17.2.i586"
}
},
{
"category": "product_version",
"name": "containerd-kubic-ctr-1.2.5-16.17.2.i586",
"product": {
"name": "containerd-kubic-ctr-1.2.5-16.17.2.i586",
"product_id": "containerd-kubic-ctr-1.2.5-16.17.2.i586"
}
},
{
"category": "product_version",
"name": "docker-18.09.6_ce-98.37.1.i586",
"product": {
"name": "docker-18.09.6_ce-98.37.1.i586",
"product_id": "docker-18.09.6_ce-98.37.1.i586"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.i586",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.i586",
"product_id": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.i586"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-19.1.i586",
"product": {
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-19.1.i586",
"product_id": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-19.1.i586"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.i586",
"product": {
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.i586",
"product_id": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.i586"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.i586",
"product": {
"name": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.i586",
"product_id": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.i586"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.6_ce-98.37.1.i586",
"product": {
"name": "docker-test-18.09.6_ce-98.37.1.i586",
"product_id": "docker-test-18.09.6_ce-98.37.1.i586"
}
},
{
"category": "product_version",
"name": "go-1.12-34.24.1.i586",
"product": {
"name": "go-1.12-34.24.1.i586",
"product_id": "go-1.12-34.24.1.i586"
}
},
{
"category": "product_version",
"name": "go-doc-1.12-34.24.1.i586",
"product": {
"name": "go-doc-1.12-34.24.1.i586",
"product_id": "go-doc-1.12-34.24.1.i586"
}
},
{
"category": "product_version",
"name": "go1.11-1.11.9-1.9.1.i586",
"product": {
"name": "go1.11-1.11.9-1.9.1.i586",
"product_id": "go1.11-1.11.9-1.9.1.i586"
}
},
{
"category": "product_version",
"name": "go1.11-doc-1.11.9-1.9.1.i586",
"product": {
"name": "go1.11-doc-1.11.9-1.9.1.i586",
"product_id": "go1.11-doc-1.11.9-1.9.1.i586"
}
},
{
"category": "product_version",
"name": "go1.12-1.12.4-1.3.1.i586",
"product": {
"name": "go1.12-1.12.4-1.3.1.i586",
"product_id": "go1.12-1.12.4-1.3.1.i586"
}
},
{
"category": "product_version",
"name": "go1.12-doc-1.12.4-1.3.1.i586",
"product": {
"name": "go1.12-doc-1.12.4-1.3.1.i586",
"product_id": "go1.12-doc-1.12.4-1.3.1.i586"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.i586",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.i586",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.i586"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-19.1.i586",
"product": {
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-19.1.i586",
"product_id": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-19.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-kubic-test-1.2.5-16.17.2.noarch",
"product": {
"name": "containerd-kubic-test-1.2.5-16.17.2.noarch",
"product_id": "containerd-kubic-test-1.2.5-16.17.2.noarch"
}
},
{
"category": "product_version",
"name": "containerd-test-1.2.5-16.17.2.noarch",
"product": {
"name": "containerd-test-1.2.5-16.17.2.noarch",
"product_id": "containerd-test-1.2.5-16.17.2.noarch"
}
},
{
"category": "product_version",
"name": "docker-bash-completion-18.09.6_ce-98.37.1.noarch",
"product": {
"name": "docker-bash-completion-18.09.6_ce-98.37.1.noarch",
"product_id": "docker-bash-completion-18.09.6_ce-98.37.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-kubic-bash-completion-18.09.6_ce-98.37.1.noarch",
"product": {
"name": "docker-kubic-bash-completion-18.09.6_ce-98.37.1.noarch",
"product_id": "docker-kubic-bash-completion-18.09.6_ce-98.37.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-kubic-zsh-completion-18.09.6_ce-98.37.1.noarch",
"product": {
"name": "docker-kubic-zsh-completion-18.09.6_ce-98.37.1.noarch",
"product_id": "docker-kubic-zsh-completion-18.09.6_ce-98.37.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-test-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.noarch",
"product": {
"name": "docker-runc-kubic-test-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.noarch",
"product_id": "docker-runc-kubic-test-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.noarch",
"product": {
"name": "docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.noarch",
"product_id": "docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-18.09.6_ce-98.37.1.noarch",
"product": {
"name": "docker-zsh-completion-18.09.6_ce-98.37.1.noarch",
"product_id": "docker-zsh-completion-18.09.6_ce-98.37.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.2.5-16.17.2.ppc64le",
"product": {
"name": "containerd-1.2.5-16.17.2.ppc64le",
"product_id": "containerd-1.2.5-16.17.2.ppc64le"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.2.5-16.17.2.ppc64le",
"product": {
"name": "containerd-ctr-1.2.5-16.17.2.ppc64le",
"product_id": "containerd-ctr-1.2.5-16.17.2.ppc64le"
}
},
{
"category": "product_version",
"name": "containerd-kubic-1.2.5-16.17.2.ppc64le",
"product": {
"name": "containerd-kubic-1.2.5-16.17.2.ppc64le",
"product_id": "containerd-kubic-1.2.5-16.17.2.ppc64le"
}
},
{
"category": "product_version",
"name": "containerd-kubic-ctr-1.2.5-16.17.2.ppc64le",
"product": {
"name": "containerd-kubic-ctr-1.2.5-16.17.2.ppc64le",
"product_id": "containerd-kubic-ctr-1.2.5-16.17.2.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-18.09.6_ce-98.37.1.ppc64le",
"product": {
"name": "docker-18.09.6_ce-98.37.1.ppc64le",
"product_id": "docker-18.09.6_ce-98.37.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-kubic-18.09.6_ce-98.37.1.ppc64le",
"product": {
"name": "docker-kubic-18.09.6_ce-98.37.1.ppc64le",
"product_id": "docker-kubic-18.09.6_ce-98.37.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-kubic-kubeadm-criconfig-18.09.6_ce-98.37.1.ppc64le",
"product": {
"name": "docker-kubic-kubeadm-criconfig-18.09.6_ce-98.37.1.ppc64le",
"product_id": "docker-kubic-kubeadm-criconfig-18.09.6_ce-98.37.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-kubic-test-18.09.6_ce-98.37.1.ppc64le",
"product": {
"name": "docker-kubic-test-18.09.6_ce-98.37.1.ppc64le",
"product_id": "docker-kubic-test-18.09.6_ce-98.37.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.ppc64le",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.ppc64le",
"product_id": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-19.1.ppc64le",
"product": {
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-19.1.ppc64le",
"product_id": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-19.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.ppc64le",
"product": {
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.ppc64le",
"product_id": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.ppc64le",
"product": {
"name": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.ppc64le",
"product_id": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.6_ce-98.37.1.ppc64le",
"product": {
"name": "docker-test-18.09.6_ce-98.37.1.ppc64le",
"product_id": "docker-test-18.09.6_ce-98.37.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go-1.12-34.24.1.ppc64le",
"product": {
"name": "go-1.12-34.24.1.ppc64le",
"product_id": "go-1.12-34.24.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go-doc-1.12-34.24.1.ppc64le",
"product": {
"name": "go-doc-1.12-34.24.1.ppc64le",
"product_id": "go-doc-1.12-34.24.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.11-1.11.9-1.9.1.ppc64le",
"product": {
"name": "go1.11-1.11.9-1.9.1.ppc64le",
"product_id": "go1.11-1.11.9-1.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.11-doc-1.11.9-1.9.1.ppc64le",
"product": {
"name": "go1.11-doc-1.11.9-1.9.1.ppc64le",
"product_id": "go1.11-doc-1.11.9-1.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.12-1.12.4-1.3.1.ppc64le",
"product": {
"name": "go1.12-1.12.4-1.3.1.ppc64le",
"product_id": "go1.12-1.12.4-1.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.12-doc-1.12.4-1.3.1.ppc64le",
"product": {
"name": "go1.12-doc-1.12.4-1.3.1.ppc64le",
"product_id": "go1.12-doc-1.12.4-1.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.ppc64le",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.ppc64le",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-19.1.ppc64le",
"product": {
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-19.1.ppc64le",
"product_id": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-19.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.2.5-16.17.2.s390x",
"product": {
"name": "containerd-1.2.5-16.17.2.s390x",
"product_id": "containerd-1.2.5-16.17.2.s390x"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.2.5-16.17.2.s390x",
"product": {
"name": "containerd-ctr-1.2.5-16.17.2.s390x",
"product_id": "containerd-ctr-1.2.5-16.17.2.s390x"
}
},
{
"category": "product_version",
"name": "containerd-kubic-1.2.5-16.17.2.s390x",
"product": {
"name": "containerd-kubic-1.2.5-16.17.2.s390x",
"product_id": "containerd-kubic-1.2.5-16.17.2.s390x"
}
},
{
"category": "product_version",
"name": "containerd-kubic-ctr-1.2.5-16.17.2.s390x",
"product": {
"name": "containerd-kubic-ctr-1.2.5-16.17.2.s390x",
"product_id": "containerd-kubic-ctr-1.2.5-16.17.2.s390x"
}
},
{
"category": "product_version",
"name": "docker-18.09.6_ce-98.37.1.s390x",
"product": {
"name": "docker-18.09.6_ce-98.37.1.s390x",
"product_id": "docker-18.09.6_ce-98.37.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-kubic-18.09.6_ce-98.37.1.s390x",
"product": {
"name": "docker-kubic-18.09.6_ce-98.37.1.s390x",
"product_id": "docker-kubic-18.09.6_ce-98.37.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-kubic-kubeadm-criconfig-18.09.6_ce-98.37.1.s390x",
"product": {
"name": "docker-kubic-kubeadm-criconfig-18.09.6_ce-98.37.1.s390x",
"product_id": "docker-kubic-kubeadm-criconfig-18.09.6_ce-98.37.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-kubic-test-18.09.6_ce-98.37.1.s390x",
"product": {
"name": "docker-kubic-test-18.09.6_ce-98.37.1.s390x",
"product_id": "docker-kubic-test-18.09.6_ce-98.37.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.s390x",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.s390x",
"product_id": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-19.1.s390x",
"product": {
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-19.1.s390x",
"product_id": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-19.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.s390x",
"product": {
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.s390x",
"product_id": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.s390x",
"product": {
"name": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.s390x",
"product_id": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.6_ce-98.37.1.s390x",
"product": {
"name": "docker-test-18.09.6_ce-98.37.1.s390x",
"product_id": "docker-test-18.09.6_ce-98.37.1.s390x"
}
},
{
"category": "product_version",
"name": "go-1.12-34.24.1.s390x",
"product": {
"name": "go-1.12-34.24.1.s390x",
"product_id": "go-1.12-34.24.1.s390x"
}
},
{
"category": "product_version",
"name": "go-doc-1.12-34.24.1.s390x",
"product": {
"name": "go-doc-1.12-34.24.1.s390x",
"product_id": "go-doc-1.12-34.24.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.11-1.11.9-1.9.1.s390x",
"product": {
"name": "go1.11-1.11.9-1.9.1.s390x",
"product_id": "go1.11-1.11.9-1.9.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.11-doc-1.11.9-1.9.1.s390x",
"product": {
"name": "go1.11-doc-1.11.9-1.9.1.s390x",
"product_id": "go1.11-doc-1.11.9-1.9.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.12-1.12.4-1.3.1.s390x",
"product": {
"name": "go1.12-1.12.4-1.3.1.s390x",
"product_id": "go1.12-1.12.4-1.3.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.12-doc-1.12.4-1.3.1.s390x",
"product": {
"name": "go1.12-doc-1.12.4-1.3.1.s390x",
"product_id": "go1.12-doc-1.12.4-1.3.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.s390x",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.s390x",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-19.1.s390x",
"product": {
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-19.1.s390x",
"product_id": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-19.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.2.5-16.17.2.x86_64",
"product": {
"name": "containerd-1.2.5-16.17.2.x86_64",
"product_id": "containerd-1.2.5-16.17.2.x86_64"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.2.5-16.17.2.x86_64",
"product": {
"name": "containerd-ctr-1.2.5-16.17.2.x86_64",
"product_id": "containerd-ctr-1.2.5-16.17.2.x86_64"
}
},
{
"category": "product_version",
"name": "containerd-kubic-1.2.5-16.17.2.x86_64",
"product": {
"name": "containerd-kubic-1.2.5-16.17.2.x86_64",
"product_id": "containerd-kubic-1.2.5-16.17.2.x86_64"
}
},
{
"category": "product_version",
"name": "containerd-kubic-ctr-1.2.5-16.17.2.x86_64",
"product": {
"name": "containerd-kubic-ctr-1.2.5-16.17.2.x86_64",
"product_id": "containerd-kubic-ctr-1.2.5-16.17.2.x86_64"
}
},
{
"category": "product_version",
"name": "docker-18.09.6_ce-98.37.1.x86_64",
"product": {
"name": "docker-18.09.6_ce-98.37.1.x86_64",
"product_id": "docker-18.09.6_ce-98.37.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-kubic-18.09.6_ce-98.37.1.x86_64",
"product": {
"name": "docker-kubic-18.09.6_ce-98.37.1.x86_64",
"product_id": "docker-kubic-18.09.6_ce-98.37.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-kubic-kubeadm-criconfig-18.09.6_ce-98.37.1.x86_64",
"product": {
"name": "docker-kubic-kubeadm-criconfig-18.09.6_ce-98.37.1.x86_64",
"product_id": "docker-kubic-kubeadm-criconfig-18.09.6_ce-98.37.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-kubic-test-18.09.6_ce-98.37.1.x86_64",
"product": {
"name": "docker-kubic-test-18.09.6_ce-98.37.1.x86_64",
"product_id": "docker-kubic-test-18.09.6_ce-98.37.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.x86_64",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.x86_64",
"product_id": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-19.1.x86_64",
"product": {
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-19.1.x86_64",
"product_id": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-19.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.x86_64",
"product": {
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.x86_64",
"product_id": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.x86_64",
"product": {
"name": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.x86_64",
"product_id": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.6_ce-98.37.1.x86_64",
"product": {
"name": "docker-test-18.09.6_ce-98.37.1.x86_64",
"product_id": "docker-test-18.09.6_ce-98.37.1.x86_64"
}
},
{
"category": "product_version",
"name": "go-1.12-34.24.1.x86_64",
"product": {
"name": "go-1.12-34.24.1.x86_64",
"product_id": "go-1.12-34.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "go-doc-1.12-34.24.1.x86_64",
"product": {
"name": "go-doc-1.12-34.24.1.x86_64",
"product_id": "go-doc-1.12-34.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "go-race-1.12-34.24.1.x86_64",
"product": {
"name": "go-race-1.12-34.24.1.x86_64",
"product_id": "go-race-1.12-34.24.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.11-1.11.9-1.9.1.x86_64",
"product": {
"name": "go1.11-1.11.9-1.9.1.x86_64",
"product_id": "go1.11-1.11.9-1.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.11-doc-1.11.9-1.9.1.x86_64",
"product": {
"name": "go1.11-doc-1.11.9-1.9.1.x86_64",
"product_id": "go1.11-doc-1.11.9-1.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.11-race-1.11.9-1.9.1.x86_64",
"product": {
"name": "go1.11-race-1.11.9-1.9.1.x86_64",
"product_id": "go1.11-race-1.11.9-1.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-1.12.4-1.3.1.x86_64",
"product": {
"name": "go1.12-1.12.4-1.3.1.x86_64",
"product_id": "go1.12-1.12.4-1.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-doc-1.12.4-1.3.1.x86_64",
"product": {
"name": "go1.12-doc-1.12.4-1.3.1.x86_64",
"product_id": "go1.12-doc-1.12.4-1.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-race-1.12.4-1.3.1.x86_64",
"product": {
"name": "go1.12-race-1.12.4-1.3.1.x86_64",
"product_id": "go1.12-race-1.12.4-1.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.x86_64",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.x86_64",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-19.1.x86_64",
"product": {
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-19.1.x86_64",
"product_id": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-19.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 12",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.2.5-16.17.2.ppc64le as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.ppc64le"
},
"product_reference": "containerd-1.2.5-16.17.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.2.5-16.17.2.s390x as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.s390x"
},
"product_reference": "containerd-1.2.5-16.17.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.2.5-16.17.2.x86_64 as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.x86_64"
},
"product_reference": "containerd-1.2.5-16.17.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-18.09.6_ce-98.37.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.ppc64le"
},
"product_reference": "docker-18.09.6_ce-98.37.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-18.09.6_ce-98.37.1.s390x as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.s390x"
},
"product_reference": "docker-18.09.6_ce-98.37.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-18.09.6_ce-98.37.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.x86_64"
},
"product_reference": "docker-18.09.6_ce-98.37.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.ppc64le"
},
"product_reference": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.s390x as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.s390x"
},
"product_reference": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.x86_64"
},
"product_reference": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.ppc64le"
},
"product_reference": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.s390x as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.s390x"
},
"product_reference": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.x86_64"
},
"product_reference": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-05-16T07:50:31Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-05-16T07:50:31Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-05-16T07:50:31Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
},
{
"cve": "CVE-2019-6486",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6486"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6486",
"url": "https://www.suse.com/security/cve/CVE-2019-6486"
},
{
"category": "external",
"summary": "SUSE Bug 1123013 for CVE-2019-6486",
"url": "https://bugzilla.suse.com/1123013"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.s390x",
"SUSE Linux Enterprise Module for Containers 12:containerd-1.2.5-16.17.2.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-18.09.6_ce-98.37.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-19.1.x86_64",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.s390x",
"SUSE Linux Enterprise Module for Containers 12:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-1.23.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-05-16T07:50:31Z",
"details": "low"
}
],
"title": "CVE-2019-6486"
}
]
}
suse-su-2024:3656-1
Vulnerability from csaf_suse
Published
2024-10-16 11:33
Modified
2024-10-16 11:33
Summary
Security update for etcd
Notes
Title of the patch
Security update for etcd
Description of the patch
This update for etcd fixes the following issues:
Update to version 3.5.12:
Security fixes:
- CVE-2018-16873: Fixed remote command execution in cmd/go (bsc#1118897)
- CVE-2018-16874: Fixed directory traversal in cmd/go (bsc#1118898)
- CVE-2018-16875: Fixed CPU denial of service in crypto/x509 (bsc#1118899)
- CVE-2018-16886: Fixed improper authentication issue when RBAC and client-cert-auth is enabled (bsc#1121850)
- CVE-2020-15106: Fixed panic in decodeRecord method (bsc#1174951)
- CVE-2020-15112: Fixed improper checks in entry index (bsc#1174951)
- CVE-2021-28235: Fixed information discosure via debug function (bsc#1210138)
- CVE-2022-41723: Fixed quadratic complexity in HPACK decoding in net/http (bsc#1208270, bsc#1208297)
- CVE-2023-29406: Fixed insufficient sanitization of Host header in go net/http (bsc#1213229)
- CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (bsc#1217070)
- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (aka Terrapin Attack) in crypto/ssh (bsc#1217950, bsc#1218150)
Other changes:
- Added hardening to systemd service(s) (bsc#1181400)
- Fixed static /tmp file issue (bsc#1199031)
- Fixed systemd service not starting (bsc#1183703)
Full changelog:
https://github.com/etcd-io/etcd/compare/v3.3.1...v3.5.12
Patchnames
SUSE-2024-3656,openSUSE-SLE-15.5-2024-3656,openSUSE-SLE-15.6-2024-3656
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for etcd",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for etcd fixes the following issues:\n\nUpdate to version 3.5.12:\n\nSecurity fixes:\n\n- CVE-2018-16873: Fixed remote command execution in cmd/go (bsc#1118897)\n- CVE-2018-16874: Fixed directory traversal in cmd/go (bsc#1118898)\n- CVE-2018-16875: Fixed CPU denial of service in crypto/x509 (bsc#1118899)\n- CVE-2018-16886: Fixed improper authentication issue when RBAC and client-cert-auth is enabled (bsc#1121850)\n- CVE-2020-15106: Fixed panic in decodeRecord method (bsc#1174951)\n- CVE-2020-15112: Fixed improper checks in entry index (bsc#1174951)\n- CVE-2021-28235: Fixed information discosure via debug function (bsc#1210138)\n- CVE-2022-41723: Fixed quadratic complexity in HPACK decoding in net/http (bsc#1208270, bsc#1208297)\n- CVE-2023-29406: Fixed insufficient sanitization of Host header in go net/http (bsc#1213229)\n- CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (bsc#1217070)\n- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (aka Terrapin Attack) in crypto/ssh (bsc#1217950, bsc#1218150)\n\nOther changes:\n\n- Added hardening to systemd service(s) (bsc#1181400)\n- Fixed static /tmp file issue (bsc#1199031)\n- Fixed systemd service not starting (bsc#1183703)\n\nFull changelog:\n\nhttps://github.com/etcd-io/etcd/compare/v3.3.1...v3.5.12\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-3656,openSUSE-SLE-15.5-2024-3656,openSUSE-SLE-15.6-2024-3656",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_3656-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:3656-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243656-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:3656-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-October/037265.html"
},
{
"category": "self",
"summary": "SUSE Bug 1095184",
"url": "https://bugzilla.suse.com/1095184"
},
{
"category": "self",
"summary": "SUSE Bug 1118897",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "self",
"summary": "SUSE Bug 1118898",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "self",
"summary": "SUSE Bug 1118899",
"url": "https://bugzilla.suse.com/1118899"
},
{
"category": "self",
"summary": "SUSE Bug 1121850",
"url": "https://bugzilla.suse.com/1121850"
},
{
"category": "self",
"summary": "SUSE Bug 1174951",
"url": "https://bugzilla.suse.com/1174951"
},
{
"category": "self",
"summary": "SUSE Bug 1181400",
"url": "https://bugzilla.suse.com/1181400"
},
{
"category": "self",
"summary": "SUSE Bug 1183703",
"url": "https://bugzilla.suse.com/1183703"
},
{
"category": "self",
"summary": "SUSE Bug 1199031",
"url": "https://bugzilla.suse.com/1199031"
},
{
"category": "self",
"summary": "SUSE Bug 1208270",
"url": "https://bugzilla.suse.com/1208270"
},
{
"category": "self",
"summary": "SUSE Bug 1208297",
"url": "https://bugzilla.suse.com/1208297"
},
{
"category": "self",
"summary": "SUSE Bug 1210138",
"url": "https://bugzilla.suse.com/1210138"
},
{
"category": "self",
"summary": "SUSE Bug 1213229",
"url": "https://bugzilla.suse.com/1213229"
},
{
"category": "self",
"summary": "SUSE Bug 1217070",
"url": "https://bugzilla.suse.com/1217070"
},
{
"category": "self",
"summary": "SUSE Bug 1217950",
"url": "https://bugzilla.suse.com/1217950"
},
{
"category": "self",
"summary": "SUSE Bug 1218150",
"url": "https://bugzilla.suse.com/1218150"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16886 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15106 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15106/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15112 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15112/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-28235 page",
"url": "https://www.suse.com/security/cve/CVE-2021-28235/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-41723 page",
"url": "https://www.suse.com/security/cve/CVE-2022-41723/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-29406 page",
"url": "https://www.suse.com/security/cve/CVE-2023-29406/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-47108 page",
"url": "https://www.suse.com/security/cve/CVE-2023-47108/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-48795 page",
"url": "https://www.suse.com/security/cve/CVE-2023-48795/"
}
],
"title": "Security update for etcd",
"tracking": {
"current_release_date": "2024-10-16T11:33:42Z",
"generator": {
"date": "2024-10-16T11:33:42Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:3656-1",
"initial_release_date": "2024-10-16T11:33:42Z",
"revision_history": [
{
"date": "2024-10-16T11:33:42Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "etcd-3.5.12-150000.7.6.1.aarch64",
"product": {
"name": "etcd-3.5.12-150000.7.6.1.aarch64",
"product_id": "etcd-3.5.12-150000.7.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "etcdctl-3.5.12-150000.7.6.1.aarch64",
"product": {
"name": "etcdctl-3.5.12-150000.7.6.1.aarch64",
"product_id": "etcdctl-3.5.12-150000.7.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "etcdutl-3.5.12-150000.7.6.1.aarch64",
"product": {
"name": "etcdutl-3.5.12-150000.7.6.1.aarch64",
"product_id": "etcdutl-3.5.12-150000.7.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-3.5.12-150000.7.6.1.ppc64le",
"product": {
"name": "etcd-3.5.12-150000.7.6.1.ppc64le",
"product_id": "etcd-3.5.12-150000.7.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "etcdctl-3.5.12-150000.7.6.1.ppc64le",
"product": {
"name": "etcdctl-3.5.12-150000.7.6.1.ppc64le",
"product_id": "etcdctl-3.5.12-150000.7.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "etcdutl-3.5.12-150000.7.6.1.ppc64le",
"product": {
"name": "etcdutl-3.5.12-150000.7.6.1.ppc64le",
"product_id": "etcdutl-3.5.12-150000.7.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-3.5.12-150000.7.6.1.s390x",
"product": {
"name": "etcd-3.5.12-150000.7.6.1.s390x",
"product_id": "etcd-3.5.12-150000.7.6.1.s390x"
}
},
{
"category": "product_version",
"name": "etcdctl-3.5.12-150000.7.6.1.s390x",
"product": {
"name": "etcdctl-3.5.12-150000.7.6.1.s390x",
"product_id": "etcdctl-3.5.12-150000.7.6.1.s390x"
}
},
{
"category": "product_version",
"name": "etcdutl-3.5.12-150000.7.6.1.s390x",
"product": {
"name": "etcdutl-3.5.12-150000.7.6.1.s390x",
"product_id": "etcdutl-3.5.12-150000.7.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "etcd-3.5.12-150000.7.6.1.x86_64",
"product": {
"name": "etcd-3.5.12-150000.7.6.1.x86_64",
"product_id": "etcd-3.5.12-150000.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "etcdctl-3.5.12-150000.7.6.1.x86_64",
"product": {
"name": "etcdctl-3.5.12-150000.7.6.1.x86_64",
"product_id": "etcdctl-3.5.12-150000.7.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "etcdutl-3.5.12-150000.7.6.1.x86_64",
"product": {
"name": "etcdutl-3.5.12-150000.7.6.1.x86_64",
"product_id": "etcdutl-3.5.12-150000.7.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-3.5.12-150000.7.6.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64"
},
"product_reference": "etcd-3.5.12-150000.7.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-3.5.12-150000.7.6.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le"
},
"product_reference": "etcd-3.5.12-150000.7.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-3.5.12-150000.7.6.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x"
},
"product_reference": "etcd-3.5.12-150000.7.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-3.5.12-150000.7.6.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64"
},
"product_reference": "etcd-3.5.12-150000.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcdctl-3.5.12-150000.7.6.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64"
},
"product_reference": "etcdctl-3.5.12-150000.7.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcdctl-3.5.12-150000.7.6.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le"
},
"product_reference": "etcdctl-3.5.12-150000.7.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcdctl-3.5.12-150000.7.6.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x"
},
"product_reference": "etcdctl-3.5.12-150000.7.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcdctl-3.5.12-150000.7.6.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64"
},
"product_reference": "etcdctl-3.5.12-150000.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-3.5.12-150000.7.6.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64"
},
"product_reference": "etcd-3.5.12-150000.7.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-3.5.12-150000.7.6.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le"
},
"product_reference": "etcd-3.5.12-150000.7.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-3.5.12-150000.7.6.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x"
},
"product_reference": "etcd-3.5.12-150000.7.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcd-3.5.12-150000.7.6.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64"
},
"product_reference": "etcd-3.5.12-150000.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcdctl-3.5.12-150000.7.6.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64"
},
"product_reference": "etcdctl-3.5.12-150000.7.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcdctl-3.5.12-150000.7.6.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le"
},
"product_reference": "etcdctl-3.5.12-150000.7.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcdctl-3.5.12-150000.7.6.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x"
},
"product_reference": "etcdctl-3.5.12-150000.7.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "etcdctl-3.5.12-150000.7.6.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
},
"product_reference": "etcdctl-3.5.12-150000.7.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-16T11:33:42Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-16T11:33:42Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-16T11:33:42Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
},
{
"cve": "CVE-2018-16886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16886"
}
],
"notes": [
{
"category": "general",
"text": "etcd versions 3.2.x before 3.2.26 and 3.3.x before 3.3.11 are vulnerable to an improper authentication issue when role-based access control (RBAC) is used and client-cert-auth is enabled. If an etcd client server TLS certificate contains a Common Name (CN) which matches a valid RBAC username, a remote attacker may authenticate as that user with any valid (trusted) client certificate in a REST API request to the gRPC-gateway.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16886",
"url": "https://www.suse.com/security/cve/CVE-2018-16886"
},
{
"category": "external",
"summary": "SUSE Bug 1121850 for CVE-2018-16886",
"url": "https://bugzilla.suse.com/1121850"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-16T11:33:42Z",
"details": "moderate"
}
],
"title": "CVE-2018-16886"
},
{
"cve": "CVE-2020-15106",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15106"
}
],
"notes": [
{
"category": "general",
"text": "In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a WAL file and no additional validation is done on this data. Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the expense of any RAFT participant trying to decode the WAL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15106",
"url": "https://www.suse.com/security/cve/CVE-2020-15106"
},
{
"category": "external",
"summary": "SUSE Bug 1174951 for CVE-2020-15106",
"url": "https://bugzilla.suse.com/1174951"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-16T11:33:42Z",
"details": "moderate"
}
],
"title": "CVE-2020-15106"
},
{
"cve": "CVE-2020-15112",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15112"
}
],
"notes": [
{
"category": "general",
"text": "In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when reading the entry.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15112",
"url": "https://www.suse.com/security/cve/CVE-2020-15112"
},
{
"category": "external",
"summary": "SUSE Bug 1174951 for CVE-2020-15112",
"url": "https://bugzilla.suse.com/1174951"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-16T11:33:42Z",
"details": "moderate"
}
],
"title": "CVE-2020-15112"
},
{
"cve": "CVE-2021-28235",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-28235"
}
],
"notes": [
{
"category": "general",
"text": "Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-28235",
"url": "https://www.suse.com/security/cve/CVE-2021-28235"
},
{
"category": "external",
"summary": "SUSE Bug 1210138 for CVE-2021-28235",
"url": "https://bugzilla.suse.com/1210138"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-16T11:33:42Z",
"details": "important"
}
],
"title": "CVE-2021-28235"
},
{
"cve": "CVE-2022-41723",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-41723"
}
],
"notes": [
{
"category": "general",
"text": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-41723",
"url": "https://www.suse.com/security/cve/CVE-2022-41723"
},
{
"category": "external",
"summary": "SUSE Bug 1208270 for CVE-2022-41723",
"url": "https://bugzilla.suse.com/1208270"
},
{
"category": "external",
"summary": "SUSE Bug 1215588 for CVE-2022-41723",
"url": "https://bugzilla.suse.com/1215588"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-16T11:33:42Z",
"details": "important"
}
],
"title": "CVE-2022-41723"
},
{
"cve": "CVE-2023-29406",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-29406"
}
],
"notes": [
{
"category": "general",
"text": "The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-29406",
"url": "https://www.suse.com/security/cve/CVE-2023-29406"
},
{
"category": "external",
"summary": "SUSE Bug 1213229 for CVE-2023-29406",
"url": "https://bugzilla.suse.com/1213229"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-16T11:33:42Z",
"details": "moderate"
}
],
"title": "CVE-2023-29406"
},
{
"cve": "CVE-2023-47108",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-47108"
}
],
"notes": [
{
"category": "general",
"text": "OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server\u0027s potential memory exhaustion when many malicious requests are sent. An attacker can easily flood the peer address and port for requests. Version 0.46.0 contains a fix for this issue. As a workaround to stop being affected, a view removing the attributes can be used. The other possibility is to disable grpc metrics instrumentation by passing `otelgrpc.WithMeterProvider` option with `noop.NewMeterProvider`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-47108",
"url": "https://www.suse.com/security/cve/CVE-2023-47108"
},
{
"category": "external",
"summary": "SUSE Bug 1217070 for CVE-2023-47108",
"url": "https://bugzilla.suse.com/1217070"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-16T11:33:42Z",
"details": "important"
}
],
"title": "CVE-2023-47108"
},
{
"cve": "CVE-2023-48795",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-48795"
}
],
"notes": [
{
"category": "general",
"text": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-48795",
"url": "https://www.suse.com/security/cve/CVE-2023-48795"
},
{
"category": "external",
"summary": "SUSE Bug 1217950 for CVE-2023-48795",
"url": "https://bugzilla.suse.com/1217950"
},
{
"category": "external",
"summary": "SUSE Bug 1218708 for CVE-2023-48795",
"url": "https://bugzilla.suse.com/1218708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.5:etcdctl-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcd-3.5.12-150000.7.6.1.x86_64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.aarch64",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.ppc64le",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.s390x",
"openSUSE Leap 15.6:etcdctl-3.5.12-150000.7.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-10-16T11:33:42Z",
"details": "important"
}
],
"title": "CVE-2023-48795"
}
]
}
suse-su-2019:0048-1
Vulnerability from csaf_suse
Published
2019-01-09 16:24
Modified
2019-01-09 16:24
Summary
Security update for helm-mirror
Notes
Title of the patch
Security update for helm-mirror
Description of the patch
This update for helm-mirror to version 0.2.1 fixes the following issues:
Security issues fixed:
- CVE-2018-16873: Fixed a remote command execution (bsc#1118897)
- CVE-2018-16874: Fixed a directory traversal in 'go get' via curly braces in import path (bsc#1118898)
- CVE-2018-16875: Fixed a CPU denial of service (bsc#1118899)
Non-security issue fixed:
- Update to v0.2.1 (bsc#1120762)
- Include helm-mirror into the containers module (bsc#1116182)
Patchnames
SUSE-2019-48,SUSE-SLE-Module-Containers-15-2019-48
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for helm-mirror",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for helm-mirror to version 0.2.1 fixes the following issues:\n\n\nSecurity issues fixed:\n\n- CVE-2018-16873: Fixed a remote command execution (bsc#1118897)\n- CVE-2018-16874: Fixed a directory traversal in \u0027go get\u0027 via curly braces in import path (bsc#1118898)\n- CVE-2018-16875: Fixed a CPU denial of service (bsc#1118899)\n\nNon-security issue fixed:\n\n- Update to v0.2.1 (bsc#1120762)\n- Include helm-mirror into the containers module (bsc#1116182)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-48,SUSE-SLE-Module-Containers-15-2019-48",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0048-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0048-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190048-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0048-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-January/005022.html"
},
{
"category": "self",
"summary": "SUSE Bug 1116182",
"url": "https://bugzilla.suse.com/1116182"
},
{
"category": "self",
"summary": "SUSE Bug 1118897",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "self",
"summary": "SUSE Bug 1118898",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "self",
"summary": "SUSE Bug 1118899",
"url": "https://bugzilla.suse.com/1118899"
},
{
"category": "self",
"summary": "SUSE Bug 1120762",
"url": "https://bugzilla.suse.com/1120762"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
}
],
"title": "Security update for helm-mirror",
"tracking": {
"current_release_date": "2019-01-09T16:24:57Z",
"generator": {
"date": "2019-01-09T16:24:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0048-1",
"initial_release_date": "2019-01-09T16:24:57Z",
"revision_history": [
{
"date": "2019-01-09T16:24:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "helm-mirror-0.2.1-1.7.1.aarch64",
"product": {
"name": "helm-mirror-0.2.1-1.7.1.aarch64",
"product_id": "helm-mirror-0.2.1-1.7.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-mirror-0.2.1-1.7.1.i586",
"product": {
"name": "helm-mirror-0.2.1-1.7.1.i586",
"product_id": "helm-mirror-0.2.1-1.7.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-mirror-0.2.1-1.7.1.ppc64le",
"product": {
"name": "helm-mirror-0.2.1-1.7.1.ppc64le",
"product_id": "helm-mirror-0.2.1-1.7.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-mirror-0.2.1-1.7.1.s390x",
"product": {
"name": "helm-mirror-0.2.1-1.7.1.s390x",
"product_id": "helm-mirror-0.2.1-1.7.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "helm-mirror-0.2.1-1.7.1.x86_64",
"product": {
"name": "helm-mirror-0.2.1-1.7.1.x86_64",
"product_id": "helm-mirror-0.2.1-1.7.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-mirror-0.2.1-1.7.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:helm-mirror-0.2.1-1.7.1.ppc64le"
},
"product_reference": "helm-mirror-0.2.1-1.7.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-mirror-0.2.1-1.7.1.s390x as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:helm-mirror-0.2.1-1.7.1.s390x"
},
"product_reference": "helm-mirror-0.2.1-1.7.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "helm-mirror-0.2.1-1.7.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:helm-mirror-0.2.1-1.7.1.x86_64"
},
"product_reference": "helm-mirror-0.2.1-1.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15:helm-mirror-0.2.1-1.7.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:helm-mirror-0.2.1-1.7.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:helm-mirror-0.2.1-1.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15:helm-mirror-0.2.1-1.7.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:helm-mirror-0.2.1-1.7.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:helm-mirror-0.2.1-1.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15:helm-mirror-0.2.1-1.7.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:helm-mirror-0.2.1-1.7.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:helm-mirror-0.2.1-1.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-01-09T16:24:57Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15:helm-mirror-0.2.1-1.7.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:helm-mirror-0.2.1-1.7.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:helm-mirror-0.2.1-1.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15:helm-mirror-0.2.1-1.7.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:helm-mirror-0.2.1-1.7.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:helm-mirror-0.2.1-1.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15:helm-mirror-0.2.1-1.7.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:helm-mirror-0.2.1-1.7.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:helm-mirror-0.2.1-1.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-01-09T16:24:57Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15:helm-mirror-0.2.1-1.7.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:helm-mirror-0.2.1-1.7.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:helm-mirror-0.2.1-1.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15:helm-mirror-0.2.1-1.7.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:helm-mirror-0.2.1-1.7.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:helm-mirror-0.2.1-1.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15:helm-mirror-0.2.1-1.7.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:helm-mirror-0.2.1-1.7.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:helm-mirror-0.2.1-1.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-01-09T16:24:57Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
}
]
}
suse-su-2019:0495-1
Vulnerability from csaf_suse
Published
2019-02-26 15:42
Modified
2019-02-26 15:42
Summary
Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc
Notes
Title of the patch
Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc
Description of the patch
This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues:
Security issues fixed:
- CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899).
- CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898).
- CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897).
- CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container
breakout (bsc#1121967).
Other changes and fixes:
- Update shell completion to use Group: System/Shells.
- Add daemon.json file with rotation logs configuration (bsc#1114832)
- Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84.
See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md.
- Update go requirements to >= go1.10
- Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429).
- Remove the usage of 'cp -r' to reduce noise in the build logs.
Patchnames
SUSE-2019-495,SUSE-SLE-Module-Containers-15-2019-495,SUSE-SLE-Module-Development-Tools-OBS-15-2019-495
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc fixes the following issues:\n\nSecurity issues fixed: \n\n- CVE-2018-16875: Fixed a CPU Denial of Service (bsc#1118899).\n- CVE-2018-16874: Fixed a vulnerabity in go get command which could allow directory traversal in GOPATH mode (bsc#1118898).\n- CVE-2018-16873: Fixed a vulnerability in go get command which could allow remote code execution when executed with -u in GOPATH mode (bsc#1118897).\n- CVE-2019-5736: Effectively copying /proc/self/exe during re-exec to avoid write attacks to the host runc binary, which could lead to a container\n breakout (bsc#1121967).\n\nOther changes and fixes: \n\n- Update shell completion to use Group: System/Shells.\n- Add daemon.json file with rotation logs configuration (bsc#1114832)\n- Update to Docker 18.09.1-ce (bsc#1124308) and to to runc 96ec2177ae84.\n See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md.\n- Update go requirements to \u003e= go1.10 \n- Use -buildmode=pie for tests and binary build (bsc#1048046 and bsc#1051429).\n- Remove the usage of \u0027cp -r\u0027 to reduce noise in the build logs.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-495,SUSE-SLE-Module-Containers-15-2019-495,SUSE-SLE-Module-Development-Tools-OBS-15-2019-495",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0495-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0495-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190495-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0495-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-February/005155.html"
},
{
"category": "self",
"summary": "SUSE Bug 1048046",
"url": "https://bugzilla.suse.com/1048046"
},
{
"category": "self",
"summary": "SUSE Bug 1051429",
"url": "https://bugzilla.suse.com/1051429"
},
{
"category": "self",
"summary": "SUSE Bug 1114832",
"url": "https://bugzilla.suse.com/1114832"
},
{
"category": "self",
"summary": "SUSE Bug 1118897",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "self",
"summary": "SUSE Bug 1118898",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "self",
"summary": "SUSE Bug 1118899",
"url": "https://bugzilla.suse.com/1118899"
},
{
"category": "self",
"summary": "SUSE Bug 1121967",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "self",
"summary": "SUSE Bug 1124308",
"url": "https://bugzilla.suse.com/1124308"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5736 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5736/"
}
],
"title": "Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork, runc",
"tracking": {
"current_release_date": "2019-02-26T15:42:38Z",
"generator": {
"date": "2019-02-26T15:42:38Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0495-1",
"initial_release_date": "2019-02-26T15:42:38Z",
"revision_history": [
{
"date": "2019-02-26T15:42:38Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.2.2-5.9.1.aarch64",
"product": {
"name": "containerd-1.2.2-5.9.1.aarch64",
"product_id": "containerd-1.2.2-5.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.2.2-5.9.1.aarch64",
"product": {
"name": "containerd-ctr-1.2.2-5.9.1.aarch64",
"product_id": "containerd-ctr-1.2.2-5.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "containerd-kubic-1.2.2-5.9.1.aarch64",
"product": {
"name": "containerd-kubic-1.2.2-5.9.1.aarch64",
"product_id": "containerd-kubic-1.2.2-5.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "containerd-kubic-ctr-1.2.2-5.9.1.aarch64",
"product": {
"name": "containerd-kubic-ctr-1.2.2-5.9.1.aarch64",
"product_id": "containerd-kubic-ctr-1.2.2-5.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-18.09.1_ce-6.14.1.aarch64",
"product": {
"name": "docker-18.09.1_ce-6.14.1.aarch64",
"product_id": "docker-18.09.1_ce-6.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-kubic-18.09.1_ce-6.14.1.aarch64",
"product": {
"name": "docker-kubic-18.09.1_ce-6.14.1.aarch64",
"product_id": "docker-kubic-18.09.1_ce-6.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-kubic-kubeadm-criconfig-18.09.1_ce-6.14.1.aarch64",
"product": {
"name": "docker-kubic-kubeadm-criconfig-18.09.1_ce-6.14.1.aarch64",
"product_id": "docker-kubic-kubeadm-criconfig-18.09.1_ce-6.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-kubic-test-18.09.1_ce-6.14.1.aarch64",
"product": {
"name": "docker-kubic-test-18.09.1_ce-6.14.1.aarch64",
"product_id": "docker-kubic-test-18.09.1_ce-6.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.aarch64",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.aarch64",
"product_id": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.aarch64",
"product": {
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.aarch64",
"product_id": "docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.aarch64",
"product": {
"name": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.aarch64",
"product_id": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.aarch64",
"product": {
"name": "docker-runc-kubic-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.aarch64",
"product_id": "docker-runc-kubic-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.1_ce-6.14.1.aarch64",
"product": {
"name": "docker-test-18.09.1_ce-6.14.1.aarch64",
"product_id": "docker-test-18.09.1_ce-6.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.aarch64",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.aarch64",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.aarch64",
"product": {
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.aarch64",
"product_id": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "runc-1.0.0~rc6-1.3.1.aarch64",
"product": {
"name": "runc-1.0.0~rc6-1.3.1.aarch64",
"product_id": "runc-1.0.0~rc6-1.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.2.2-5.9.1.i586",
"product": {
"name": "containerd-1.2.2-5.9.1.i586",
"product_id": "containerd-1.2.2-5.9.1.i586"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.2.2-5.9.1.i586",
"product": {
"name": "containerd-ctr-1.2.2-5.9.1.i586",
"product_id": "containerd-ctr-1.2.2-5.9.1.i586"
}
},
{
"category": "product_version",
"name": "containerd-kubic-1.2.2-5.9.1.i586",
"product": {
"name": "containerd-kubic-1.2.2-5.9.1.i586",
"product_id": "containerd-kubic-1.2.2-5.9.1.i586"
}
},
{
"category": "product_version",
"name": "containerd-kubic-ctr-1.2.2-5.9.1.i586",
"product": {
"name": "containerd-kubic-ctr-1.2.2-5.9.1.i586",
"product_id": "containerd-kubic-ctr-1.2.2-5.9.1.i586"
}
},
{
"category": "product_version",
"name": "docker-18.09.1_ce-6.14.1.i586",
"product": {
"name": "docker-18.09.1_ce-6.14.1.i586",
"product_id": "docker-18.09.1_ce-6.14.1.i586"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.i586",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.i586",
"product_id": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.i586"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.i586",
"product": {
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.i586",
"product_id": "docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.i586"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.i586",
"product": {
"name": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.i586",
"product_id": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.i586"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.i586",
"product": {
"name": "docker-runc-kubic-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.i586",
"product_id": "docker-runc-kubic-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.i586"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.1_ce-6.14.1.i586",
"product": {
"name": "docker-test-18.09.1_ce-6.14.1.i586",
"product_id": "docker-test-18.09.1_ce-6.14.1.i586"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.i586",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.i586",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.i586"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.i586",
"product": {
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.i586",
"product_id": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.i586"
}
},
{
"category": "product_version",
"name": "runc-1.0.0~rc6-1.3.1.i586",
"product": {
"name": "runc-1.0.0~rc6-1.3.1.i586",
"product_id": "runc-1.0.0~rc6-1.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-kubic-test-1.2.2-5.9.1.noarch",
"product": {
"name": "containerd-kubic-test-1.2.2-5.9.1.noarch",
"product_id": "containerd-kubic-test-1.2.2-5.9.1.noarch"
}
},
{
"category": "product_version",
"name": "containerd-test-1.2.2-5.9.1.noarch",
"product": {
"name": "containerd-test-1.2.2-5.9.1.noarch",
"product_id": "containerd-test-1.2.2-5.9.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-bash-completion-18.09.1_ce-6.14.1.noarch",
"product": {
"name": "docker-bash-completion-18.09.1_ce-6.14.1.noarch",
"product_id": "docker-bash-completion-18.09.1_ce-6.14.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-kubic-bash-completion-18.09.1_ce-6.14.1.noarch",
"product": {
"name": "docker-kubic-bash-completion-18.09.1_ce-6.14.1.noarch",
"product_id": "docker-kubic-bash-completion-18.09.1_ce-6.14.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-kubic-zsh-completion-18.09.1_ce-6.14.1.noarch",
"product": {
"name": "docker-kubic-zsh-completion-18.09.1_ce-6.14.1.noarch",
"product_id": "docker-kubic-zsh-completion-18.09.1_ce-6.14.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-test-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.noarch",
"product": {
"name": "docker-runc-kubic-test-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.noarch",
"product_id": "docker-runc-kubic-test-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.noarch",
"product": {
"name": "docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.noarch",
"product_id": "docker-runc-test-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-18.09.1_ce-6.14.1.noarch",
"product": {
"name": "docker-zsh-completion-18.09.1_ce-6.14.1.noarch",
"product_id": "docker-zsh-completion-18.09.1_ce-6.14.1.noarch"
}
},
{
"category": "product_version",
"name": "runc-test-1.0.0~rc6-1.3.1.noarch",
"product": {
"name": "runc-test-1.0.0~rc6-1.3.1.noarch",
"product_id": "runc-test-1.0.0~rc6-1.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.2.2-5.9.1.ppc64le",
"product": {
"name": "containerd-1.2.2-5.9.1.ppc64le",
"product_id": "containerd-1.2.2-5.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.2.2-5.9.1.ppc64le",
"product": {
"name": "containerd-ctr-1.2.2-5.9.1.ppc64le",
"product_id": "containerd-ctr-1.2.2-5.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "containerd-kubic-1.2.2-5.9.1.ppc64le",
"product": {
"name": "containerd-kubic-1.2.2-5.9.1.ppc64le",
"product_id": "containerd-kubic-1.2.2-5.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "containerd-kubic-ctr-1.2.2-5.9.1.ppc64le",
"product": {
"name": "containerd-kubic-ctr-1.2.2-5.9.1.ppc64le",
"product_id": "containerd-kubic-ctr-1.2.2-5.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-18.09.1_ce-6.14.1.ppc64le",
"product": {
"name": "docker-18.09.1_ce-6.14.1.ppc64le",
"product_id": "docker-18.09.1_ce-6.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-kubic-18.09.1_ce-6.14.1.ppc64le",
"product": {
"name": "docker-kubic-18.09.1_ce-6.14.1.ppc64le",
"product_id": "docker-kubic-18.09.1_ce-6.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-kubic-kubeadm-criconfig-18.09.1_ce-6.14.1.ppc64le",
"product": {
"name": "docker-kubic-kubeadm-criconfig-18.09.1_ce-6.14.1.ppc64le",
"product_id": "docker-kubic-kubeadm-criconfig-18.09.1_ce-6.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-kubic-test-18.09.1_ce-6.14.1.ppc64le",
"product": {
"name": "docker-kubic-test-18.09.1_ce-6.14.1.ppc64le",
"product_id": "docker-kubic-test-18.09.1_ce-6.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.ppc64le",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.ppc64le",
"product_id": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.ppc64le",
"product": {
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.ppc64le",
"product_id": "docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.ppc64le",
"product": {
"name": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.ppc64le",
"product_id": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.ppc64le",
"product": {
"name": "docker-runc-kubic-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.ppc64le",
"product_id": "docker-runc-kubic-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.1_ce-6.14.1.ppc64le",
"product": {
"name": "docker-test-18.09.1_ce-6.14.1.ppc64le",
"product_id": "docker-test-18.09.1_ce-6.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.ppc64le",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.ppc64le",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.ppc64le",
"product": {
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.ppc64le",
"product_id": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "runc-1.0.0~rc6-1.3.1.ppc64le",
"product": {
"name": "runc-1.0.0~rc6-1.3.1.ppc64le",
"product_id": "runc-1.0.0~rc6-1.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.2.2-5.9.1.s390x",
"product": {
"name": "containerd-1.2.2-5.9.1.s390x",
"product_id": "containerd-1.2.2-5.9.1.s390x"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.2.2-5.9.1.s390x",
"product": {
"name": "containerd-ctr-1.2.2-5.9.1.s390x",
"product_id": "containerd-ctr-1.2.2-5.9.1.s390x"
}
},
{
"category": "product_version",
"name": "containerd-kubic-1.2.2-5.9.1.s390x",
"product": {
"name": "containerd-kubic-1.2.2-5.9.1.s390x",
"product_id": "containerd-kubic-1.2.2-5.9.1.s390x"
}
},
{
"category": "product_version",
"name": "containerd-kubic-ctr-1.2.2-5.9.1.s390x",
"product": {
"name": "containerd-kubic-ctr-1.2.2-5.9.1.s390x",
"product_id": "containerd-kubic-ctr-1.2.2-5.9.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-18.09.1_ce-6.14.1.s390x",
"product": {
"name": "docker-18.09.1_ce-6.14.1.s390x",
"product_id": "docker-18.09.1_ce-6.14.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-kubic-18.09.1_ce-6.14.1.s390x",
"product": {
"name": "docker-kubic-18.09.1_ce-6.14.1.s390x",
"product_id": "docker-kubic-18.09.1_ce-6.14.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-kubic-kubeadm-criconfig-18.09.1_ce-6.14.1.s390x",
"product": {
"name": "docker-kubic-kubeadm-criconfig-18.09.1_ce-6.14.1.s390x",
"product_id": "docker-kubic-kubeadm-criconfig-18.09.1_ce-6.14.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-kubic-test-18.09.1_ce-6.14.1.s390x",
"product": {
"name": "docker-kubic-test-18.09.1_ce-6.14.1.s390x",
"product_id": "docker-kubic-test-18.09.1_ce-6.14.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.s390x",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.s390x",
"product_id": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.s390x",
"product": {
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.s390x",
"product_id": "docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.s390x",
"product": {
"name": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.s390x",
"product_id": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.s390x",
"product": {
"name": "docker-runc-kubic-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.s390x",
"product_id": "docker-runc-kubic-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.1_ce-6.14.1.s390x",
"product": {
"name": "docker-test-18.09.1_ce-6.14.1.s390x",
"product_id": "docker-test-18.09.1_ce-6.14.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.s390x",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.s390x",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.s390x",
"product": {
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.s390x",
"product_id": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.s390x"
}
},
{
"category": "product_version",
"name": "runc-1.0.0~rc6-1.3.1.s390x",
"product": {
"name": "runc-1.0.0~rc6-1.3.1.s390x",
"product_id": "runc-1.0.0~rc6-1.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.2.2-5.9.1.x86_64",
"product": {
"name": "containerd-1.2.2-5.9.1.x86_64",
"product_id": "containerd-1.2.2-5.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.2.2-5.9.1.x86_64",
"product": {
"name": "containerd-ctr-1.2.2-5.9.1.x86_64",
"product_id": "containerd-ctr-1.2.2-5.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "containerd-kubic-1.2.2-5.9.1.x86_64",
"product": {
"name": "containerd-kubic-1.2.2-5.9.1.x86_64",
"product_id": "containerd-kubic-1.2.2-5.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "containerd-kubic-ctr-1.2.2-5.9.1.x86_64",
"product": {
"name": "containerd-kubic-ctr-1.2.2-5.9.1.x86_64",
"product_id": "containerd-kubic-ctr-1.2.2-5.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-18.09.1_ce-6.14.1.x86_64",
"product": {
"name": "docker-18.09.1_ce-6.14.1.x86_64",
"product_id": "docker-18.09.1_ce-6.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-kubic-18.09.1_ce-6.14.1.x86_64",
"product": {
"name": "docker-kubic-18.09.1_ce-6.14.1.x86_64",
"product_id": "docker-kubic-18.09.1_ce-6.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-kubic-kubeadm-criconfig-18.09.1_ce-6.14.1.x86_64",
"product": {
"name": "docker-kubic-kubeadm-criconfig-18.09.1_ce-6.14.1.x86_64",
"product_id": "docker-kubic-kubeadm-criconfig-18.09.1_ce-6.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-kubic-test-18.09.1_ce-6.14.1.x86_64",
"product": {
"name": "docker-kubic-test-18.09.1_ce-6.14.1.x86_64",
"product_id": "docker-kubic-test-18.09.1_ce-6.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.x86_64",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.x86_64",
"product_id": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.x86_64",
"product": {
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.x86_64",
"product_id": "docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.x86_64",
"product": {
"name": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.x86_64",
"product_id": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.x86_64",
"product": {
"name": "docker-runc-kubic-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.x86_64",
"product_id": "docker-runc-kubic-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.1_ce-6.14.1.x86_64",
"product": {
"name": "docker-test-18.09.1_ce-6.14.1.x86_64",
"product_id": "docker-test-18.09.1_ce-6.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.x86_64",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.x86_64",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.x86_64",
"product": {
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.x86_64",
"product_id": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "runc-1.0.0~rc6-1.3.1.x86_64",
"product": {
"name": "runc-1.0.0~rc6-1.3.1.x86_64",
"product_id": "runc-1.0.0~rc6-1.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.2.2-5.9.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.ppc64le"
},
"product_reference": "containerd-1.2.2-5.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.2.2-5.9.1.s390x as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.s390x"
},
"product_reference": "containerd-1.2.2-5.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.2.2-5.9.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.x86_64"
},
"product_reference": "containerd-1.2.2-5.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-18.09.1_ce-6.14.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.ppc64le"
},
"product_reference": "docker-18.09.1_ce-6.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-18.09.1_ce-6.14.1.s390x as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.s390x"
},
"product_reference": "docker-18.09.1_ce-6.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-18.09.1_ce-6.14.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.x86_64"
},
"product_reference": "docker-18.09.1_ce-6.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-18.09.1_ce-6.14.1.noarch as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.1_ce-6.14.1.noarch"
},
"product_reference": "docker-bash-completion-18.09.1_ce-6.14.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.ppc64le"
},
"product_reference": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.s390x as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.s390x"
},
"product_reference": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.x86_64"
},
"product_reference": "docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.ppc64le"
},
"product_reference": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.s390x as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.s390x"
},
"product_reference": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.x86_64"
},
"product_reference": "docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.1_ce-6.14.1.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.1_ce-6.14.1.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.1_ce-6.14.1.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T15:42:38Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.1_ce-6.14.1.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.1_ce-6.14.1.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.1_ce-6.14.1.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T15:42:38Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.1_ce-6.14.1.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.1_ce-6.14.1.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.1_ce-6.14.1.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T15:42:38Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
},
{
"cve": "CVE-2019-5736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5736"
}
],
"notes": [
{
"category": "general",
"text": "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.1_ce-6.14.1.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5736",
"url": "https://www.suse.com/security/cve/CVE-2019-5736"
},
{
"category": "external",
"summary": "SUSE Bug 1121967 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "external",
"summary": "SUSE Bug 1122185 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1122185"
},
{
"category": "external",
"summary": "SUSE Bug 1173421 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1173421"
},
{
"category": "external",
"summary": "SUSE Bug 1218894 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1218894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.1_ce-6.14.1.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.2-5.9.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.1_ce-6.14.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.1_ce-6.14.1.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-4.9.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-6.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-26T15:42:38Z",
"details": "moderate"
}
],
"title": "CVE-2019-5736"
}
]
}
suse-su-2019:1234-1
Vulnerability from csaf_suse
Published
2019-05-14 16:31
Modified
2019-05-14 16:31
Summary
Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork
Notes
Title of the patch
Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork
Description of the patch
This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues:
Security issues fixed:
- CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967).
- CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013).
- CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897).
- CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898).
- CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899).
Other changes and bug fixes:
- Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068).
- Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068).
- Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068).
- docker-test: Improvements to test packaging (bsc#1128746).
- Move daemon.json file to /etc/docker directory (bsc#1114832).
- Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209).
- Fix go build failures (bsc#1121397).
Patchnames
SUSE-2019-1234,SUSE-SLE-Module-Containers-15-2019-1234,SUSE-SLE-Module-Development-Tools-OBS-15-2019-1234
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967).\n- CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013).\n- CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897).\n- CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898).\n- CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899).\n\nOther changes and bug fixes:\n\n- Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068).\n- Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068).\n- Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068).\n- docker-test: Improvements to test packaging (bsc#1128746).\n- Move daemon.json file to /etc/docker directory (bsc#1114832).\n- Revert golang(API) removal since it turns out this breaks \u003e= requires in certain cases (bsc#1114209).\n- Fix go build failures (bsc#1121397).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-1234,SUSE-SLE-Module-Containers-15-2019-1234,SUSE-SLE-Module-Development-Tools-OBS-15-2019-1234",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_1234-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:1234-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191234-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:1234-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-May/005452.html"
},
{
"category": "self",
"summary": "SUSE Bug 1114209",
"url": "https://bugzilla.suse.com/1114209"
},
{
"category": "self",
"summary": "SUSE Bug 1114832",
"url": "https://bugzilla.suse.com/1114832"
},
{
"category": "self",
"summary": "SUSE Bug 1118897",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "self",
"summary": "SUSE Bug 1118898",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "self",
"summary": "SUSE Bug 1118899",
"url": "https://bugzilla.suse.com/1118899"
},
{
"category": "self",
"summary": "SUSE Bug 1121397",
"url": "https://bugzilla.suse.com/1121397"
},
{
"category": "self",
"summary": "SUSE Bug 1121967",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "self",
"summary": "SUSE Bug 1123013",
"url": "https://bugzilla.suse.com/1123013"
},
{
"category": "self",
"summary": "SUSE Bug 1128376",
"url": "https://bugzilla.suse.com/1128376"
},
{
"category": "self",
"summary": "SUSE Bug 1128746",
"url": "https://bugzilla.suse.com/1128746"
},
{
"category": "self",
"summary": "SUSE Bug 1134068",
"url": "https://bugzilla.suse.com/1134068"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5736 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6486 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6486/"
}
],
"title": "Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork",
"tracking": {
"current_release_date": "2019-05-14T16:31:56Z",
"generator": {
"date": "2019-05-14T16:31:56Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:1234-1",
"initial_release_date": "2019-05-14T16:31:56Z",
"revision_history": [
{
"date": "2019-05-14T16:31:56Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.2.5-5.13.1.aarch64",
"product": {
"name": "containerd-1.2.5-5.13.1.aarch64",
"product_id": "containerd-1.2.5-5.13.1.aarch64"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.2.5-5.13.1.aarch64",
"product": {
"name": "containerd-ctr-1.2.5-5.13.1.aarch64",
"product_id": "containerd-ctr-1.2.5-5.13.1.aarch64"
}
},
{
"category": "product_version",
"name": "containerd-kubic-1.2.5-5.13.1.aarch64",
"product": {
"name": "containerd-kubic-1.2.5-5.13.1.aarch64",
"product_id": "containerd-kubic-1.2.5-5.13.1.aarch64"
}
},
{
"category": "product_version",
"name": "containerd-kubic-ctr-1.2.5-5.13.1.aarch64",
"product": {
"name": "containerd-kubic-ctr-1.2.5-5.13.1.aarch64",
"product_id": "containerd-kubic-ctr-1.2.5-5.13.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-18.09.6_ce-6.17.1.aarch64",
"product": {
"name": "docker-18.09.6_ce-6.17.1.aarch64",
"product_id": "docker-18.09.6_ce-6.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-kubic-18.09.6_ce-6.17.1.aarch64",
"product": {
"name": "docker-kubic-18.09.6_ce-6.17.1.aarch64",
"product_id": "docker-kubic-18.09.6_ce-6.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-kubic-kubeadm-criconfig-18.09.6_ce-6.17.1.aarch64",
"product": {
"name": "docker-kubic-kubeadm-criconfig-18.09.6_ce-6.17.1.aarch64",
"product_id": "docker-kubic-kubeadm-criconfig-18.09.6_ce-6.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-kubic-test-18.09.6_ce-6.17.1.aarch64",
"product": {
"name": "docker-kubic-test-18.09.6_ce-6.17.1.aarch64",
"product_id": "docker-kubic-test-18.09.6_ce-6.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64",
"product_id": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64",
"product": {
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64",
"product_id": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.aarch64",
"product": {
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.aarch64",
"product_id": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.aarch64",
"product": {
"name": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.aarch64",
"product_id": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.6_ce-6.17.1.aarch64",
"product": {
"name": "docker-test-18.09.6_ce-6.17.1.aarch64",
"product_id": "docker-test-18.09.6_ce-6.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "go-1.12-3.10.1.aarch64",
"product": {
"name": "go-1.12-3.10.1.aarch64",
"product_id": "go-1.12-3.10.1.aarch64"
}
},
{
"category": "product_version",
"name": "go-doc-1.12-3.10.1.aarch64",
"product": {
"name": "go-doc-1.12-3.10.1.aarch64",
"product_id": "go-doc-1.12-3.10.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.11-1.11.9-1.12.1.aarch64",
"product": {
"name": "go1.11-1.11.9-1.12.1.aarch64",
"product_id": "go1.11-1.11.9-1.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.11-doc-1.11.9-1.12.1.aarch64",
"product": {
"name": "go1.11-doc-1.11.9-1.12.1.aarch64",
"product_id": "go1.11-doc-1.11.9-1.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.12-1.12.4-1.9.1.aarch64",
"product": {
"name": "go1.12-1.12.4-1.9.1.aarch64",
"product_id": "go1.12-1.12.4-1.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.12-doc-1.12.4-1.9.1.aarch64",
"product": {
"name": "go1.12-doc-1.12.4-1.9.1.aarch64",
"product_id": "go1.12-doc-1.12.4-1.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64",
"product": {
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64",
"product_id": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.2.5-5.13.1.i586",
"product": {
"name": "containerd-1.2.5-5.13.1.i586",
"product_id": "containerd-1.2.5-5.13.1.i586"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.2.5-5.13.1.i586",
"product": {
"name": "containerd-ctr-1.2.5-5.13.1.i586",
"product_id": "containerd-ctr-1.2.5-5.13.1.i586"
}
},
{
"category": "product_version",
"name": "containerd-kubic-1.2.5-5.13.1.i586",
"product": {
"name": "containerd-kubic-1.2.5-5.13.1.i586",
"product_id": "containerd-kubic-1.2.5-5.13.1.i586"
}
},
{
"category": "product_version",
"name": "containerd-kubic-ctr-1.2.5-5.13.1.i586",
"product": {
"name": "containerd-kubic-ctr-1.2.5-5.13.1.i586",
"product_id": "containerd-kubic-ctr-1.2.5-5.13.1.i586"
}
},
{
"category": "product_version",
"name": "docker-18.09.6_ce-6.17.1.i586",
"product": {
"name": "docker-18.09.6_ce-6.17.1.i586",
"product_id": "docker-18.09.6_ce-6.17.1.i586"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.i586",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.i586",
"product_id": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.i586"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.i586",
"product": {
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.i586",
"product_id": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.i586"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.i586",
"product": {
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.i586",
"product_id": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.i586"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.i586",
"product": {
"name": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.i586",
"product_id": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.i586"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.6_ce-6.17.1.i586",
"product": {
"name": "docker-test-18.09.6_ce-6.17.1.i586",
"product_id": "docker-test-18.09.6_ce-6.17.1.i586"
}
},
{
"category": "product_version",
"name": "go-1.12-3.10.1.i586",
"product": {
"name": "go-1.12-3.10.1.i586",
"product_id": "go-1.12-3.10.1.i586"
}
},
{
"category": "product_version",
"name": "go-doc-1.12-3.10.1.i586",
"product": {
"name": "go-doc-1.12-3.10.1.i586",
"product_id": "go-doc-1.12-3.10.1.i586"
}
},
{
"category": "product_version",
"name": "go1.11-1.11.9-1.12.1.i586",
"product": {
"name": "go1.11-1.11.9-1.12.1.i586",
"product_id": "go1.11-1.11.9-1.12.1.i586"
}
},
{
"category": "product_version",
"name": "go1.11-doc-1.11.9-1.12.1.i586",
"product": {
"name": "go1.11-doc-1.11.9-1.12.1.i586",
"product_id": "go1.11-doc-1.11.9-1.12.1.i586"
}
},
{
"category": "product_version",
"name": "go1.12-1.12.4-1.9.1.i586",
"product": {
"name": "go1.12-1.12.4-1.9.1.i586",
"product_id": "go1.12-1.12.4-1.9.1.i586"
}
},
{
"category": "product_version",
"name": "go1.12-doc-1.12.4-1.9.1.i586",
"product": {
"name": "go1.12-doc-1.12.4-1.9.1.i586",
"product_id": "go1.12-doc-1.12.4-1.9.1.i586"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.i586",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.i586",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.i586"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.i586",
"product": {
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.i586",
"product_id": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-kubic-test-1.2.5-5.13.1.noarch",
"product": {
"name": "containerd-kubic-test-1.2.5-5.13.1.noarch",
"product_id": "containerd-kubic-test-1.2.5-5.13.1.noarch"
}
},
{
"category": "product_version",
"name": "containerd-test-1.2.5-5.13.1.noarch",
"product": {
"name": "containerd-test-1.2.5-5.13.1.noarch",
"product_id": "containerd-test-1.2.5-5.13.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"product": {
"name": "docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"product_id": "docker-bash-completion-18.09.6_ce-6.17.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-kubic-bash-completion-18.09.6_ce-6.17.1.noarch",
"product": {
"name": "docker-kubic-bash-completion-18.09.6_ce-6.17.1.noarch",
"product_id": "docker-kubic-bash-completion-18.09.6_ce-6.17.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-kubic-zsh-completion-18.09.6_ce-6.17.1.noarch",
"product": {
"name": "docker-kubic-zsh-completion-18.09.6_ce-6.17.1.noarch",
"product_id": "docker-kubic-zsh-completion-18.09.6_ce-6.17.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-test-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.noarch",
"product": {
"name": "docker-runc-kubic-test-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.noarch",
"product_id": "docker-runc-kubic-test-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.noarch",
"product": {
"name": "docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.noarch",
"product_id": "docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-18.09.6_ce-6.17.1.noarch",
"product": {
"name": "docker-zsh-completion-18.09.6_ce-6.17.1.noarch",
"product_id": "docker-zsh-completion-18.09.6_ce-6.17.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.2.5-5.13.1.ppc64le",
"product": {
"name": "containerd-1.2.5-5.13.1.ppc64le",
"product_id": "containerd-1.2.5-5.13.1.ppc64le"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.2.5-5.13.1.ppc64le",
"product": {
"name": "containerd-ctr-1.2.5-5.13.1.ppc64le",
"product_id": "containerd-ctr-1.2.5-5.13.1.ppc64le"
}
},
{
"category": "product_version",
"name": "containerd-kubic-1.2.5-5.13.1.ppc64le",
"product": {
"name": "containerd-kubic-1.2.5-5.13.1.ppc64le",
"product_id": "containerd-kubic-1.2.5-5.13.1.ppc64le"
}
},
{
"category": "product_version",
"name": "containerd-kubic-ctr-1.2.5-5.13.1.ppc64le",
"product": {
"name": "containerd-kubic-ctr-1.2.5-5.13.1.ppc64le",
"product_id": "containerd-kubic-ctr-1.2.5-5.13.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-18.09.6_ce-6.17.1.ppc64le",
"product": {
"name": "docker-18.09.6_ce-6.17.1.ppc64le",
"product_id": "docker-18.09.6_ce-6.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-kubic-18.09.6_ce-6.17.1.ppc64le",
"product": {
"name": "docker-kubic-18.09.6_ce-6.17.1.ppc64le",
"product_id": "docker-kubic-18.09.6_ce-6.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-kubic-kubeadm-criconfig-18.09.6_ce-6.17.1.ppc64le",
"product": {
"name": "docker-kubic-kubeadm-criconfig-18.09.6_ce-6.17.1.ppc64le",
"product_id": "docker-kubic-kubeadm-criconfig-18.09.6_ce-6.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-kubic-test-18.09.6_ce-6.17.1.ppc64le",
"product": {
"name": "docker-kubic-test-18.09.6_ce-6.17.1.ppc64le",
"product_id": "docker-kubic-test-18.09.6_ce-6.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"product_id": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"product": {
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"product_id": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"product": {
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"product_id": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"product": {
"name": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"product_id": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.6_ce-6.17.1.ppc64le",
"product": {
"name": "docker-test-18.09.6_ce-6.17.1.ppc64le",
"product_id": "docker-test-18.09.6_ce-6.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go-1.12-3.10.1.ppc64le",
"product": {
"name": "go-1.12-3.10.1.ppc64le",
"product_id": "go-1.12-3.10.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go-doc-1.12-3.10.1.ppc64le",
"product": {
"name": "go-doc-1.12-3.10.1.ppc64le",
"product_id": "go-doc-1.12-3.10.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.11-1.11.9-1.12.1.ppc64le",
"product": {
"name": "go1.11-1.11.9-1.12.1.ppc64le",
"product_id": "go1.11-1.11.9-1.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.11-doc-1.11.9-1.12.1.ppc64le",
"product": {
"name": "go1.11-doc-1.11.9-1.12.1.ppc64le",
"product_id": "go1.11-doc-1.11.9-1.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.12-1.12.4-1.9.1.ppc64le",
"product": {
"name": "go1.12-1.12.4-1.9.1.ppc64le",
"product_id": "go1.12-1.12.4-1.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.12-doc-1.12.4-1.9.1.ppc64le",
"product": {
"name": "go1.12-doc-1.12.4-1.9.1.ppc64le",
"product_id": "go1.12-doc-1.12.4-1.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"product": {
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"product_id": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.2.5-5.13.1.s390x",
"product": {
"name": "containerd-1.2.5-5.13.1.s390x",
"product_id": "containerd-1.2.5-5.13.1.s390x"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.2.5-5.13.1.s390x",
"product": {
"name": "containerd-ctr-1.2.5-5.13.1.s390x",
"product_id": "containerd-ctr-1.2.5-5.13.1.s390x"
}
},
{
"category": "product_version",
"name": "containerd-kubic-1.2.5-5.13.1.s390x",
"product": {
"name": "containerd-kubic-1.2.5-5.13.1.s390x",
"product_id": "containerd-kubic-1.2.5-5.13.1.s390x"
}
},
{
"category": "product_version",
"name": "containerd-kubic-ctr-1.2.5-5.13.1.s390x",
"product": {
"name": "containerd-kubic-ctr-1.2.5-5.13.1.s390x",
"product_id": "containerd-kubic-ctr-1.2.5-5.13.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-18.09.6_ce-6.17.1.s390x",
"product": {
"name": "docker-18.09.6_ce-6.17.1.s390x",
"product_id": "docker-18.09.6_ce-6.17.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-kubic-18.09.6_ce-6.17.1.s390x",
"product": {
"name": "docker-kubic-18.09.6_ce-6.17.1.s390x",
"product_id": "docker-kubic-18.09.6_ce-6.17.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-kubic-kubeadm-criconfig-18.09.6_ce-6.17.1.s390x",
"product": {
"name": "docker-kubic-kubeadm-criconfig-18.09.6_ce-6.17.1.s390x",
"product_id": "docker-kubic-kubeadm-criconfig-18.09.6_ce-6.17.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-kubic-test-18.09.6_ce-6.17.1.s390x",
"product": {
"name": "docker-kubic-test-18.09.6_ce-6.17.1.s390x",
"product_id": "docker-kubic-test-18.09.6_ce-6.17.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"product_id": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"product": {
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"product_id": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"product": {
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"product_id": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"product": {
"name": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"product_id": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.6_ce-6.17.1.s390x",
"product": {
"name": "docker-test-18.09.6_ce-6.17.1.s390x",
"product_id": "docker-test-18.09.6_ce-6.17.1.s390x"
}
},
{
"category": "product_version",
"name": "go-1.12-3.10.1.s390x",
"product": {
"name": "go-1.12-3.10.1.s390x",
"product_id": "go-1.12-3.10.1.s390x"
}
},
{
"category": "product_version",
"name": "go-doc-1.12-3.10.1.s390x",
"product": {
"name": "go-doc-1.12-3.10.1.s390x",
"product_id": "go-doc-1.12-3.10.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.11-1.11.9-1.12.1.s390x",
"product": {
"name": "go1.11-1.11.9-1.12.1.s390x",
"product_id": "go1.11-1.11.9-1.12.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.11-doc-1.11.9-1.12.1.s390x",
"product": {
"name": "go1.11-doc-1.11.9-1.12.1.s390x",
"product_id": "go1.11-doc-1.11.9-1.12.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.12-1.12.4-1.9.1.s390x",
"product": {
"name": "go1.12-1.12.4-1.9.1.s390x",
"product_id": "go1.12-1.12.4-1.9.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.12-doc-1.12.4-1.9.1.s390x",
"product": {
"name": "go1.12-doc-1.12.4-1.9.1.s390x",
"product_id": "go1.12-doc-1.12.4-1.9.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"product": {
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"product_id": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.2.5-5.13.1.x86_64",
"product": {
"name": "containerd-1.2.5-5.13.1.x86_64",
"product_id": "containerd-1.2.5-5.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.2.5-5.13.1.x86_64",
"product": {
"name": "containerd-ctr-1.2.5-5.13.1.x86_64",
"product_id": "containerd-ctr-1.2.5-5.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "containerd-kubic-1.2.5-5.13.1.x86_64",
"product": {
"name": "containerd-kubic-1.2.5-5.13.1.x86_64",
"product_id": "containerd-kubic-1.2.5-5.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "containerd-kubic-ctr-1.2.5-5.13.1.x86_64",
"product": {
"name": "containerd-kubic-ctr-1.2.5-5.13.1.x86_64",
"product_id": "containerd-kubic-ctr-1.2.5-5.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-18.09.6_ce-6.17.1.x86_64",
"product": {
"name": "docker-18.09.6_ce-6.17.1.x86_64",
"product_id": "docker-18.09.6_ce-6.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-kubic-18.09.6_ce-6.17.1.x86_64",
"product": {
"name": "docker-kubic-18.09.6_ce-6.17.1.x86_64",
"product_id": "docker-kubic-18.09.6_ce-6.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-kubic-kubeadm-criconfig-18.09.6_ce-6.17.1.x86_64",
"product": {
"name": "docker-kubic-kubeadm-criconfig-18.09.6_ce-6.17.1.x86_64",
"product_id": "docker-kubic-kubeadm-criconfig-18.09.6_ce-6.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-kubic-test-18.09.6_ce-6.17.1.x86_64",
"product": {
"name": "docker-kubic-test-18.09.6_ce-6.17.1.x86_64",
"product_id": "docker-kubic-test-18.09.6_ce-6.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"product_id": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"product": {
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"product_id": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64",
"product": {
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64",
"product_id": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64",
"product": {
"name": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64",
"product_id": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.6_ce-6.17.1.x86_64",
"product": {
"name": "docker-test-18.09.6_ce-6.17.1.x86_64",
"product_id": "docker-test-18.09.6_ce-6.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "go-1.12-3.10.1.x86_64",
"product": {
"name": "go-1.12-3.10.1.x86_64",
"product_id": "go-1.12-3.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "go-doc-1.12-3.10.1.x86_64",
"product": {
"name": "go-doc-1.12-3.10.1.x86_64",
"product_id": "go-doc-1.12-3.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "go-race-1.12-3.10.1.x86_64",
"product": {
"name": "go-race-1.12-3.10.1.x86_64",
"product_id": "go-race-1.12-3.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.11-1.11.9-1.12.1.x86_64",
"product": {
"name": "go1.11-1.11.9-1.12.1.x86_64",
"product_id": "go1.11-1.11.9-1.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.11-doc-1.11.9-1.12.1.x86_64",
"product": {
"name": "go1.11-doc-1.11.9-1.12.1.x86_64",
"product_id": "go1.11-doc-1.11.9-1.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.11-race-1.11.9-1.12.1.x86_64",
"product": {
"name": "go1.11-race-1.11.9-1.12.1.x86_64",
"product_id": "go1.11-race-1.11.9-1.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-1.12.4-1.9.1.x86_64",
"product": {
"name": "go1.12-1.12.4-1.9.1.x86_64",
"product_id": "go1.12-1.12.4-1.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-doc-1.12.4-1.9.1.x86_64",
"product": {
"name": "go1.12-doc-1.12.4-1.9.1.x86_64",
"product_id": "go1.12-doc-1.12.4-1.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-race-1.12.4-1.9.1.x86_64",
"product": {
"name": "go1.12-race-1.12.4-1.9.1.x86_64",
"product_id": "go1.12-race-1.12.4-1.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"product": {
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"product_id": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.2.5-5.13.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.ppc64le"
},
"product_reference": "containerd-1.2.5-5.13.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.2.5-5.13.1.s390x as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.s390x"
},
"product_reference": "containerd-1.2.5-5.13.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.2.5-5.13.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.x86_64"
},
"product_reference": "containerd-1.2.5-5.13.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-18.09.6_ce-6.17.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.ppc64le"
},
"product_reference": "docker-18.09.6_ce-6.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-18.09.6_ce-6.17.1.s390x as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.s390x"
},
"product_reference": "docker-18.09.6_ce-6.17.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-18.09.6_ce-6.17.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.x86_64"
},
"product_reference": "docker-18.09.6_ce-6.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-18.09.6_ce-6.17.1.noarch as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.6_ce-6.17.1.noarch"
},
"product_reference": "docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le"
},
"product_reference": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x"
},
"product_reference": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64"
},
"product_reference": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le"
},
"product_reference": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x"
},
"product_reference": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15",
"product_id": "SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
},
"product_reference": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-05-14T16:31:56Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-05-14T16:31:56Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-05-14T16:31:56Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
},
{
"cve": "CVE-2019-5736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5736"
}
],
"notes": [
{
"category": "general",
"text": "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5736",
"url": "https://www.suse.com/security/cve/CVE-2019-5736"
},
{
"category": "external",
"summary": "SUSE Bug 1121967 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "external",
"summary": "SUSE Bug 1122185 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1122185"
},
{
"category": "external",
"summary": "SUSE Bug 1173421 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1173421"
},
{
"category": "external",
"summary": "SUSE Bug 1218894 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1218894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-05-14T16:31:56Z",
"details": "moderate"
}
],
"title": "CVE-2019-5736"
},
{
"cve": "CVE-2019-6486",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6486"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6486",
"url": "https://www.suse.com/security/cve/CVE-2019-6486"
},
{
"category": "external",
"summary": "SUSE Bug 1123013 for CVE-2019-6486",
"url": "https://bugzilla.suse.com/1123013"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:containerd-1.2.5-5.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-18.09.6_ce-6.17.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 15:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-05-14T16:31:56Z",
"details": "low"
}
],
"title": "CVE-2019-6486"
}
]
}
suse-su-2019:1234-2
Vulnerability from csaf_suse
Published
2019-06-13 13:28
Modified
2019-06-13 13:28
Summary
Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork
Notes
Title of the patch
Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork
Description of the patch
This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues:
Security issues fixed:
- CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967).
- CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013).
- CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897).
- CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898).
- CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899).
Other changes and bug fixes:
- Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068).
- Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068).
- Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068).
- docker-test: Improvements to test packaging (bsc#1128746).
- Move daemon.json file to /etc/docker directory (bsc#1114832).
- Revert golang(API) removal since it turns out this breaks >= requires in certain cases (bsc#1114209).
- Fix go build failures (bsc#1121397).
Patchnames
SUSE-2019-1234,SUSE-SLE-Module-Containers-15-SP1-2019-1234,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1234
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-5736: containerd: Fixing container breakout vulnerability (bsc#1121967).\n- CVE-2019-6486: go security release, fixing crypto/elliptic CPU DoS vulnerability affecting P-521 and P-384 (bsc#1123013).\n- CVE-2018-16873: go secuirty release, fixing cmd/go remote command execution (bsc#1118897).\n- CVE-2018-16874: go security release, fixing cmd/go directory traversal (bsc#1118898).\n- CVE-2018-16875: go security release, fixing crypto/x509 CPU denial of service (bsc#1118899).\n\nOther changes and bug fixes:\n\n- Update to containerd v1.2.5, which is required for v18.09.5-ce (bsc#1128376, bsc#1134068).\n- Update to runc 2b18fe1d885e, which is required for Docker v18.09.5-ce (bsc#1128376, bsc#1134068).\n- Update to Docker 18.09.5-ce see upstream changelog in the packaged (bsc#1128376, bsc#1134068).\n- docker-test: Improvements to test packaging (bsc#1128746).\n- Move daemon.json file to /etc/docker directory (bsc#1114832).\n- Revert golang(API) removal since it turns out this breaks \u003e= requires in certain cases (bsc#1114209).\n- Fix go build failures (bsc#1121397).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-1234,SUSE-SLE-Module-Containers-15-SP1-2019-1234,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-1234",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_1234-2.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:1234-2",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20191234-2/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:1234-2",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-June/005557.html"
},
{
"category": "self",
"summary": "SUSE Bug 1114209",
"url": "https://bugzilla.suse.com/1114209"
},
{
"category": "self",
"summary": "SUSE Bug 1114832",
"url": "https://bugzilla.suse.com/1114832"
},
{
"category": "self",
"summary": "SUSE Bug 1118897",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "self",
"summary": "SUSE Bug 1118898",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "self",
"summary": "SUSE Bug 1118899",
"url": "https://bugzilla.suse.com/1118899"
},
{
"category": "self",
"summary": "SUSE Bug 1121397",
"url": "https://bugzilla.suse.com/1121397"
},
{
"category": "self",
"summary": "SUSE Bug 1121967",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "self",
"summary": "SUSE Bug 1123013",
"url": "https://bugzilla.suse.com/1123013"
},
{
"category": "self",
"summary": "SUSE Bug 1128376",
"url": "https://bugzilla.suse.com/1128376"
},
{
"category": "self",
"summary": "SUSE Bug 1128746",
"url": "https://bugzilla.suse.com/1128746"
},
{
"category": "self",
"summary": "SUSE Bug 1134068",
"url": "https://bugzilla.suse.com/1134068"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16873 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16873/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16874 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16875 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16875/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5736 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6486 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6486/"
}
],
"title": "Security update for containerd, docker, docker-runc, go, go1.11, go1.12, golang-github-docker-libnetwork",
"tracking": {
"current_release_date": "2019-06-13T13:28:57Z",
"generator": {
"date": "2019-06-13T13:28:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:1234-2",
"initial_release_date": "2019-06-13T13:28:57Z",
"revision_history": [
{
"date": "2019-06-13T13:28:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.2.5-5.13.1.aarch64",
"product": {
"name": "containerd-1.2.5-5.13.1.aarch64",
"product_id": "containerd-1.2.5-5.13.1.aarch64"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.2.5-5.13.1.aarch64",
"product": {
"name": "containerd-ctr-1.2.5-5.13.1.aarch64",
"product_id": "containerd-ctr-1.2.5-5.13.1.aarch64"
}
},
{
"category": "product_version",
"name": "containerd-kubic-1.2.5-5.13.1.aarch64",
"product": {
"name": "containerd-kubic-1.2.5-5.13.1.aarch64",
"product_id": "containerd-kubic-1.2.5-5.13.1.aarch64"
}
},
{
"category": "product_version",
"name": "containerd-kubic-ctr-1.2.5-5.13.1.aarch64",
"product": {
"name": "containerd-kubic-ctr-1.2.5-5.13.1.aarch64",
"product_id": "containerd-kubic-ctr-1.2.5-5.13.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-18.09.6_ce-6.17.1.aarch64",
"product": {
"name": "docker-18.09.6_ce-6.17.1.aarch64",
"product_id": "docker-18.09.6_ce-6.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-kubic-18.09.6_ce-6.17.1.aarch64",
"product": {
"name": "docker-kubic-18.09.6_ce-6.17.1.aarch64",
"product_id": "docker-kubic-18.09.6_ce-6.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-kubic-kubeadm-criconfig-18.09.6_ce-6.17.1.aarch64",
"product": {
"name": "docker-kubic-kubeadm-criconfig-18.09.6_ce-6.17.1.aarch64",
"product_id": "docker-kubic-kubeadm-criconfig-18.09.6_ce-6.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-kubic-test-18.09.6_ce-6.17.1.aarch64",
"product": {
"name": "docker-kubic-test-18.09.6_ce-6.17.1.aarch64",
"product_id": "docker-kubic-test-18.09.6_ce-6.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64",
"product_id": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64",
"product": {
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64",
"product_id": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.aarch64",
"product": {
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.aarch64",
"product_id": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.aarch64",
"product": {
"name": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.aarch64",
"product_id": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.6_ce-6.17.1.aarch64",
"product": {
"name": "docker-test-18.09.6_ce-6.17.1.aarch64",
"product_id": "docker-test-18.09.6_ce-6.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "go-1.12-3.10.1.aarch64",
"product": {
"name": "go-1.12-3.10.1.aarch64",
"product_id": "go-1.12-3.10.1.aarch64"
}
},
{
"category": "product_version",
"name": "go-doc-1.12-3.10.1.aarch64",
"product": {
"name": "go-doc-1.12-3.10.1.aarch64",
"product_id": "go-doc-1.12-3.10.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.11-1.11.9-1.12.1.aarch64",
"product": {
"name": "go1.11-1.11.9-1.12.1.aarch64",
"product_id": "go1.11-1.11.9-1.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.11-doc-1.11.9-1.12.1.aarch64",
"product": {
"name": "go1.11-doc-1.11.9-1.12.1.aarch64",
"product_id": "go1.11-doc-1.11.9-1.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.12-1.12.4-1.9.1.aarch64",
"product": {
"name": "go1.12-1.12.4-1.9.1.aarch64",
"product_id": "go1.12-1.12.4-1.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.12-doc-1.12.4-1.9.1.aarch64",
"product": {
"name": "go1.12-doc-1.12.4-1.9.1.aarch64",
"product_id": "go1.12-doc-1.12.4-1.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64",
"product": {
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64",
"product_id": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.2.5-5.13.1.i586",
"product": {
"name": "containerd-1.2.5-5.13.1.i586",
"product_id": "containerd-1.2.5-5.13.1.i586"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.2.5-5.13.1.i586",
"product": {
"name": "containerd-ctr-1.2.5-5.13.1.i586",
"product_id": "containerd-ctr-1.2.5-5.13.1.i586"
}
},
{
"category": "product_version",
"name": "containerd-kubic-1.2.5-5.13.1.i586",
"product": {
"name": "containerd-kubic-1.2.5-5.13.1.i586",
"product_id": "containerd-kubic-1.2.5-5.13.1.i586"
}
},
{
"category": "product_version",
"name": "containerd-kubic-ctr-1.2.5-5.13.1.i586",
"product": {
"name": "containerd-kubic-ctr-1.2.5-5.13.1.i586",
"product_id": "containerd-kubic-ctr-1.2.5-5.13.1.i586"
}
},
{
"category": "product_version",
"name": "docker-18.09.6_ce-6.17.1.i586",
"product": {
"name": "docker-18.09.6_ce-6.17.1.i586",
"product_id": "docker-18.09.6_ce-6.17.1.i586"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.i586",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.i586",
"product_id": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.i586"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.i586",
"product": {
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.i586",
"product_id": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.i586"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.i586",
"product": {
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.i586",
"product_id": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.i586"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.i586",
"product": {
"name": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.i586",
"product_id": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.i586"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.6_ce-6.17.1.i586",
"product": {
"name": "docker-test-18.09.6_ce-6.17.1.i586",
"product_id": "docker-test-18.09.6_ce-6.17.1.i586"
}
},
{
"category": "product_version",
"name": "go-1.12-3.10.1.i586",
"product": {
"name": "go-1.12-3.10.1.i586",
"product_id": "go-1.12-3.10.1.i586"
}
},
{
"category": "product_version",
"name": "go-doc-1.12-3.10.1.i586",
"product": {
"name": "go-doc-1.12-3.10.1.i586",
"product_id": "go-doc-1.12-3.10.1.i586"
}
},
{
"category": "product_version",
"name": "go1.11-1.11.9-1.12.1.i586",
"product": {
"name": "go1.11-1.11.9-1.12.1.i586",
"product_id": "go1.11-1.11.9-1.12.1.i586"
}
},
{
"category": "product_version",
"name": "go1.11-doc-1.11.9-1.12.1.i586",
"product": {
"name": "go1.11-doc-1.11.9-1.12.1.i586",
"product_id": "go1.11-doc-1.11.9-1.12.1.i586"
}
},
{
"category": "product_version",
"name": "go1.12-1.12.4-1.9.1.i586",
"product": {
"name": "go1.12-1.12.4-1.9.1.i586",
"product_id": "go1.12-1.12.4-1.9.1.i586"
}
},
{
"category": "product_version",
"name": "go1.12-doc-1.12.4-1.9.1.i586",
"product": {
"name": "go1.12-doc-1.12.4-1.9.1.i586",
"product_id": "go1.12-doc-1.12.4-1.9.1.i586"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.i586",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.i586",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.i586"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.i586",
"product": {
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.i586",
"product_id": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-kubic-test-1.2.5-5.13.1.noarch",
"product": {
"name": "containerd-kubic-test-1.2.5-5.13.1.noarch",
"product_id": "containerd-kubic-test-1.2.5-5.13.1.noarch"
}
},
{
"category": "product_version",
"name": "containerd-test-1.2.5-5.13.1.noarch",
"product": {
"name": "containerd-test-1.2.5-5.13.1.noarch",
"product_id": "containerd-test-1.2.5-5.13.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"product": {
"name": "docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"product_id": "docker-bash-completion-18.09.6_ce-6.17.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-kubic-bash-completion-18.09.6_ce-6.17.1.noarch",
"product": {
"name": "docker-kubic-bash-completion-18.09.6_ce-6.17.1.noarch",
"product_id": "docker-kubic-bash-completion-18.09.6_ce-6.17.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-kubic-zsh-completion-18.09.6_ce-6.17.1.noarch",
"product": {
"name": "docker-kubic-zsh-completion-18.09.6_ce-6.17.1.noarch",
"product_id": "docker-kubic-zsh-completion-18.09.6_ce-6.17.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-test-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.noarch",
"product": {
"name": "docker-runc-kubic-test-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.noarch",
"product_id": "docker-runc-kubic-test-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.noarch",
"product": {
"name": "docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.noarch",
"product_id": "docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-18.09.6_ce-6.17.1.noarch",
"product": {
"name": "docker-zsh-completion-18.09.6_ce-6.17.1.noarch",
"product_id": "docker-zsh-completion-18.09.6_ce-6.17.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.2.5-5.13.1.ppc64le",
"product": {
"name": "containerd-1.2.5-5.13.1.ppc64le",
"product_id": "containerd-1.2.5-5.13.1.ppc64le"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.2.5-5.13.1.ppc64le",
"product": {
"name": "containerd-ctr-1.2.5-5.13.1.ppc64le",
"product_id": "containerd-ctr-1.2.5-5.13.1.ppc64le"
}
},
{
"category": "product_version",
"name": "containerd-kubic-1.2.5-5.13.1.ppc64le",
"product": {
"name": "containerd-kubic-1.2.5-5.13.1.ppc64le",
"product_id": "containerd-kubic-1.2.5-5.13.1.ppc64le"
}
},
{
"category": "product_version",
"name": "containerd-kubic-ctr-1.2.5-5.13.1.ppc64le",
"product": {
"name": "containerd-kubic-ctr-1.2.5-5.13.1.ppc64le",
"product_id": "containerd-kubic-ctr-1.2.5-5.13.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-18.09.6_ce-6.17.1.ppc64le",
"product": {
"name": "docker-18.09.6_ce-6.17.1.ppc64le",
"product_id": "docker-18.09.6_ce-6.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-kubic-18.09.6_ce-6.17.1.ppc64le",
"product": {
"name": "docker-kubic-18.09.6_ce-6.17.1.ppc64le",
"product_id": "docker-kubic-18.09.6_ce-6.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-kubic-kubeadm-criconfig-18.09.6_ce-6.17.1.ppc64le",
"product": {
"name": "docker-kubic-kubeadm-criconfig-18.09.6_ce-6.17.1.ppc64le",
"product_id": "docker-kubic-kubeadm-criconfig-18.09.6_ce-6.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-kubic-test-18.09.6_ce-6.17.1.ppc64le",
"product": {
"name": "docker-kubic-test-18.09.6_ce-6.17.1.ppc64le",
"product_id": "docker-kubic-test-18.09.6_ce-6.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"product_id": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"product": {
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"product_id": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"product": {
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"product_id": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"product": {
"name": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"product_id": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.6_ce-6.17.1.ppc64le",
"product": {
"name": "docker-test-18.09.6_ce-6.17.1.ppc64le",
"product_id": "docker-test-18.09.6_ce-6.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go-1.12-3.10.1.ppc64le",
"product": {
"name": "go-1.12-3.10.1.ppc64le",
"product_id": "go-1.12-3.10.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go-doc-1.12-3.10.1.ppc64le",
"product": {
"name": "go-doc-1.12-3.10.1.ppc64le",
"product_id": "go-doc-1.12-3.10.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.11-1.11.9-1.12.1.ppc64le",
"product": {
"name": "go1.11-1.11.9-1.12.1.ppc64le",
"product_id": "go1.11-1.11.9-1.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.11-doc-1.11.9-1.12.1.ppc64le",
"product": {
"name": "go1.11-doc-1.11.9-1.12.1.ppc64le",
"product_id": "go1.11-doc-1.11.9-1.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.12-1.12.4-1.9.1.ppc64le",
"product": {
"name": "go1.12-1.12.4-1.9.1.ppc64le",
"product_id": "go1.12-1.12.4-1.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.12-doc-1.12.4-1.9.1.ppc64le",
"product": {
"name": "go1.12-doc-1.12.4-1.9.1.ppc64le",
"product_id": "go1.12-doc-1.12.4-1.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"product": {
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"product_id": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.2.5-5.13.1.s390x",
"product": {
"name": "containerd-1.2.5-5.13.1.s390x",
"product_id": "containerd-1.2.5-5.13.1.s390x"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.2.5-5.13.1.s390x",
"product": {
"name": "containerd-ctr-1.2.5-5.13.1.s390x",
"product_id": "containerd-ctr-1.2.5-5.13.1.s390x"
}
},
{
"category": "product_version",
"name": "containerd-kubic-1.2.5-5.13.1.s390x",
"product": {
"name": "containerd-kubic-1.2.5-5.13.1.s390x",
"product_id": "containerd-kubic-1.2.5-5.13.1.s390x"
}
},
{
"category": "product_version",
"name": "containerd-kubic-ctr-1.2.5-5.13.1.s390x",
"product": {
"name": "containerd-kubic-ctr-1.2.5-5.13.1.s390x",
"product_id": "containerd-kubic-ctr-1.2.5-5.13.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-18.09.6_ce-6.17.1.s390x",
"product": {
"name": "docker-18.09.6_ce-6.17.1.s390x",
"product_id": "docker-18.09.6_ce-6.17.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-kubic-18.09.6_ce-6.17.1.s390x",
"product": {
"name": "docker-kubic-18.09.6_ce-6.17.1.s390x",
"product_id": "docker-kubic-18.09.6_ce-6.17.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-kubic-kubeadm-criconfig-18.09.6_ce-6.17.1.s390x",
"product": {
"name": "docker-kubic-kubeadm-criconfig-18.09.6_ce-6.17.1.s390x",
"product_id": "docker-kubic-kubeadm-criconfig-18.09.6_ce-6.17.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-kubic-test-18.09.6_ce-6.17.1.s390x",
"product": {
"name": "docker-kubic-test-18.09.6_ce-6.17.1.s390x",
"product_id": "docker-kubic-test-18.09.6_ce-6.17.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"product_id": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"product": {
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"product_id": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"product": {
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"product_id": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"product": {
"name": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"product_id": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.6_ce-6.17.1.s390x",
"product": {
"name": "docker-test-18.09.6_ce-6.17.1.s390x",
"product_id": "docker-test-18.09.6_ce-6.17.1.s390x"
}
},
{
"category": "product_version",
"name": "go-1.12-3.10.1.s390x",
"product": {
"name": "go-1.12-3.10.1.s390x",
"product_id": "go-1.12-3.10.1.s390x"
}
},
{
"category": "product_version",
"name": "go-doc-1.12-3.10.1.s390x",
"product": {
"name": "go-doc-1.12-3.10.1.s390x",
"product_id": "go-doc-1.12-3.10.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.11-1.11.9-1.12.1.s390x",
"product": {
"name": "go1.11-1.11.9-1.12.1.s390x",
"product_id": "go1.11-1.11.9-1.12.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.11-doc-1.11.9-1.12.1.s390x",
"product": {
"name": "go1.11-doc-1.11.9-1.12.1.s390x",
"product_id": "go1.11-doc-1.11.9-1.12.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.12-1.12.4-1.9.1.s390x",
"product": {
"name": "go1.12-1.12.4-1.9.1.s390x",
"product_id": "go1.12-1.12.4-1.9.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.12-doc-1.12.4-1.9.1.s390x",
"product": {
"name": "go1.12-doc-1.12.4-1.9.1.s390x",
"product_id": "go1.12-doc-1.12.4-1.9.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"product": {
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"product_id": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "containerd-1.2.5-5.13.1.x86_64",
"product": {
"name": "containerd-1.2.5-5.13.1.x86_64",
"product_id": "containerd-1.2.5-5.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "containerd-ctr-1.2.5-5.13.1.x86_64",
"product": {
"name": "containerd-ctr-1.2.5-5.13.1.x86_64",
"product_id": "containerd-ctr-1.2.5-5.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "containerd-kubic-1.2.5-5.13.1.x86_64",
"product": {
"name": "containerd-kubic-1.2.5-5.13.1.x86_64",
"product_id": "containerd-kubic-1.2.5-5.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "containerd-kubic-ctr-1.2.5-5.13.1.x86_64",
"product": {
"name": "containerd-kubic-ctr-1.2.5-5.13.1.x86_64",
"product_id": "containerd-kubic-ctr-1.2.5-5.13.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-18.09.6_ce-6.17.1.x86_64",
"product": {
"name": "docker-18.09.6_ce-6.17.1.x86_64",
"product_id": "docker-18.09.6_ce-6.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-kubic-18.09.6_ce-6.17.1.x86_64",
"product": {
"name": "docker-kubic-18.09.6_ce-6.17.1.x86_64",
"product_id": "docker-kubic-18.09.6_ce-6.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-kubic-kubeadm-criconfig-18.09.6_ce-6.17.1.x86_64",
"product": {
"name": "docker-kubic-kubeadm-criconfig-18.09.6_ce-6.17.1.x86_64",
"product_id": "docker-kubic-kubeadm-criconfig-18.09.6_ce-6.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-kubic-test-18.09.6_ce-6.17.1.x86_64",
"product": {
"name": "docker-kubic-test-18.09.6_ce-6.17.1.x86_64",
"product_id": "docker-kubic-test-18.09.6_ce-6.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"product": {
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"product_id": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"product": {
"name": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"product_id": "docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64",
"product": {
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64",
"product_id": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64",
"product": {
"name": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64",
"product_id": "docker-runc-kubic-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-test-18.09.6_ce-6.17.1.x86_64",
"product": {
"name": "docker-test-18.09.6_ce-6.17.1.x86_64",
"product_id": "docker-test-18.09.6_ce-6.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "go-1.12-3.10.1.x86_64",
"product": {
"name": "go-1.12-3.10.1.x86_64",
"product_id": "go-1.12-3.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "go-doc-1.12-3.10.1.x86_64",
"product": {
"name": "go-doc-1.12-3.10.1.x86_64",
"product_id": "go-doc-1.12-3.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "go-race-1.12-3.10.1.x86_64",
"product": {
"name": "go-race-1.12-3.10.1.x86_64",
"product_id": "go-race-1.12-3.10.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.11-1.11.9-1.12.1.x86_64",
"product": {
"name": "go1.11-1.11.9-1.12.1.x86_64",
"product_id": "go1.11-1.11.9-1.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.11-doc-1.11.9-1.12.1.x86_64",
"product": {
"name": "go1.11-doc-1.11.9-1.12.1.x86_64",
"product_id": "go1.11-doc-1.11.9-1.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.11-race-1.11.9-1.12.1.x86_64",
"product": {
"name": "go1.11-race-1.11.9-1.12.1.x86_64",
"product_id": "go1.11-race-1.11.9-1.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-1.12.4-1.9.1.x86_64",
"product": {
"name": "go1.12-1.12.4-1.9.1.x86_64",
"product_id": "go1.12-1.12.4-1.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-doc-1.12.4-1.9.1.x86_64",
"product": {
"name": "go1.12-doc-1.12.4-1.9.1.x86_64",
"product_id": "go1.12-doc-1.12.4-1.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.12-race-1.12.4-1.9.1.x86_64",
"product": {
"name": "go1.12-race-1.12.4-1.9.1.x86_64",
"product_id": "go1.12-race-1.12.4-1.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"product": {
"name": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"product_id": "golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"product": {
"name": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"product_id": "golang-github-docker-libnetwork-kubic-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:15:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.2.5-5.13.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.aarch64"
},
"product_reference": "containerd-1.2.5-5.13.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.2.5-5.13.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.ppc64le"
},
"product_reference": "containerd-1.2.5-5.13.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.2.5-5.13.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.s390x"
},
"product_reference": "containerd-1.2.5-5.13.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "containerd-1.2.5-5.13.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.x86_64"
},
"product_reference": "containerd-1.2.5-5.13.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-18.09.6_ce-6.17.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.aarch64"
},
"product_reference": "docker-18.09.6_ce-6.17.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-18.09.6_ce-6.17.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.ppc64le"
},
"product_reference": "docker-18.09.6_ce-6.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-18.09.6_ce-6.17.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.s390x"
},
"product_reference": "docker-18.09.6_ce-6.17.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-18.09.6_ce-6.17.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.x86_64"
},
"product_reference": "docker-18.09.6_ce-6.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-18.09.6_ce-6.17.1.noarch as component of SUSE Linux Enterprise Module for Containers 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP1:docker-bash-completion-18.09.6_ce-6.17.1.noarch"
},
"product_reference": "docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64"
},
"product_reference": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le"
},
"product_reference": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x"
},
"product_reference": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64"
},
"product_reference": "docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.aarch64 as component of SUSE Linux Enterprise Module for Containers 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.aarch64"
},
"product_reference": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le as component of SUSE Linux Enterprise Module for Containers 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le"
},
"product_reference": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x as component of SUSE Linux Enterprise Module for Containers 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x"
},
"product_reference": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
},
"product_reference": "docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-16873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16873"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). Using custom domains, it\u0027s possible to arrange things so that a Git repository is cloned to a folder named \".git\" by using a vanity import path that ends with \"/.git\". If the Git repository root contains a \"HEAD\" file, a \"config\" file, an \"objects\" directory, a \"refs\" directory, with some work to ensure the proper ordering of operations, \"go get -u\" can be tricked into considering the parent directory as a repository root, and running Git commands on it. That will use the \"config\" file in the original Git repository root for its configuration, and if that config file contains malicious commands, they will execute on the system running \"go get -u\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16873",
"url": "https://www.suse.com/security/cve/CVE-2018-16873"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16873",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-13T13:28:57Z",
"details": "important"
}
],
"title": "CVE-2018-16873"
},
{
"cve": "CVE-2018-16874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16874"
}
],
"notes": [
{
"category": "general",
"text": "In Go before 1.10.6 and 1.11.x before 1.11.3, the \"go get\" command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both \u0027{\u0027 and \u0027}\u0027 characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16874",
"url": "https://www.suse.com/security/cve/CVE-2018-16874"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16874",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-13T13:28:57Z",
"details": "moderate"
}
],
"title": "CVE-2018-16874"
},
{
"cve": "CVE-2018-16875",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16875"
}
],
"notes": [
{
"category": "general",
"text": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16875",
"url": "https://www.suse.com/security/cve/CVE-2018-16875"
},
{
"category": "external",
"summary": "SUSE Bug 1118897 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118897"
},
{
"category": "external",
"summary": "SUSE Bug 1118898 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118898"
},
{
"category": "external",
"summary": "SUSE Bug 1118899 for CVE-2018-16875",
"url": "https://bugzilla.suse.com/1118899"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-13T13:28:57Z",
"details": "moderate"
}
],
"title": "CVE-2018-16875"
},
{
"cve": "CVE-2019-5736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5736"
}
],
"notes": [
{
"category": "general",
"text": "runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary (and consequently obtain host root access) by leveraging the ability to execute a command as root within one of these types of containers: (1) a new container with an attacker-controlled image, or (2) an existing container, to which the attacker previously had write access, that can be attached with docker exec. This occurs because of file-descriptor mishandling, related to /proc/self/exe.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5736",
"url": "https://www.suse.com/security/cve/CVE-2019-5736"
},
{
"category": "external",
"summary": "SUSE Bug 1121967 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1121967"
},
{
"category": "external",
"summary": "SUSE Bug 1122185 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1122185"
},
{
"category": "external",
"summary": "SUSE Bug 1173421 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1173421"
},
{
"category": "external",
"summary": "SUSE Bug 1218894 for CVE-2019-5736",
"url": "https://bugzilla.suse.com/1218894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-13T13:28:57Z",
"details": "moderate"
}
],
"title": "CVE-2019-5736"
},
{
"cve": "CVE-2019-6486",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6486"
}
],
"notes": [
{
"category": "general",
"text": "Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6486",
"url": "https://www.suse.com/security/cve/CVE-2019-6486"
},
{
"category": "external",
"summary": "SUSE Bug 1123013 for CVE-2019-6486",
"url": "https://bugzilla.suse.com/1123013"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:containerd-1.2.5-5.13.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-18.09.6_ce-6.17.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-bash-completion-18.09.6_ce-6.17.1.noarch",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12.1.x86_64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.aarch64",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.ppc64le",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.s390x",
"SUSE Linux Enterprise Module for Containers 15 SP1:docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-06-13T13:28:57Z",
"details": "low"
}
],
"title": "CVE-2019-6486"
}
]
}
gsd-2018-16875
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-16875",
"description": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"id": "GSD-2018-16875",
"references": [
"https://www.suse.com/security/cve/CVE-2018-16875.html",
"https://advisories.mageia.org/CVE-2018-16875.html",
"https://security.archlinux.org/CVE-2018-16875",
"https://alas.aws.amazon.com/cve/html/CVE-2018-16875.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-16875"
],
"details": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"id": "GSD-2018-16875",
"modified": "2023-12-13T01:22:26.383207Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-16875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "golang",
"version": {
"version_data": [
{
"version_value": "1.10.6"
},
{
"version_value": "1.11.3"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106230",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106230"
},
{
"name": "GLSA-201812-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201812-09"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16875",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16875"
},
{
"name": "https://groups.google.com/forum/?pli=1#!topic/golang-announce/Kw31K8G7Fi0",
"refsource": "MISC",
"url": "https://groups.google.com/forum/?pli=1#!topic/golang-announce/Kw31K8G7Fi0"
},
{
"name": "openSUSE-SU-2019:1079",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html"
},
{
"name": "openSUSE-SU-2019:1444",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html"
},
{
"name": "openSUSE-SU-2019:1499",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html"
},
{
"name": "openSUSE-SU-2019:1506",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html"
},
{
"name": "openSUSE-SU-2019:1703",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00010.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.11.3",
"versionStartIncluding": "1.11.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.10.6",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-16875"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/forum/?pli=1#!topic/golang-announce/Kw31K8G7Fi0",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://groups.google.com/forum/?pli=1#!topic/golang-announce/Kw31K8G7Fi0"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16875",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16875"
},
{
"name": "106230",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106230"
},
{
"name": "GLSA-201812-09",
"refsource": "GENTOO",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201812-09"
},
{
"name": "openSUSE-SU-2019:1079",
"refsource": "SUSE",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html"
},
{
"name": "openSUSE-SU-2019:1444",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html"
},
{
"name": "openSUSE-SU-2019:1499",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html"
},
{
"name": "openSUSE-SU-2019:1506",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html"
},
{
"name": "openSUSE-SU-2019:1703",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00010.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2019-06-03T18:29Z",
"publishedDate": "2018-12-14T14:29Z"
}
}
}
fkie_cve-2018-16875
Vulnerability from fkie_nvd
Published
2018-12-14 14:29
Modified
2024-11-21 03:53
Severity ?
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html | Third Party Advisory | |
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00010.html | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/106230 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16875 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://groups.google.com/forum/?pli=1#%21topic/golang-announce/Kw31K8G7Fi0 | ||
| secalert@redhat.com | https://security.gentoo.org/glsa/201812-09 | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00010.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106230 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16875 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/forum/?pli=1#%21topic/golang-announce/Kw31K8G7Fi0 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201812-09 | Mitigation, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"matchCriteriaId": "49A979C3-1002-477D-9874-FD5E0D1681D4",
"versionEndExcluding": "1.10.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F67C474-BD21-4A3E-9F35-3D36BB6F09F4",
"versionEndExcluding": "1.11.3",
"versionStartIncluding": "1.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected."
},
{
"lang": "es",
"value": "El paquete crypto/x509 de Go, en versiones anteriores a la 1.10.6 y versiones 1.11.x anteriores a la 1.11.3,no limita la cantidad de trabajo realizado para cada verificaci\u00f3n de cadenas, lo que podr\u00eda permitir que los atacantes manipulen entradas patol\u00f3gicas que conducen a la denegaci\u00f3n de servicio (DoS) de la CPU. Los servidores TLS de Go que aceptan certificados de clientes y clientes TLS se han visto afectados."
}
],
"id": "CVE-2018-16875",
"lastModified": "2024-11-21T03:53:30.297",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-14T14:29:00.523",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00010.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106230"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16875"
},
{
"source": "secalert@redhat.com",
"url": "https://groups.google.com/forum/?pli=1#%21topic/golang-announce/Kw31K8G7Fi0"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201812-09"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://groups.google.com/forum/?pli=1#%21topic/golang-announce/Kw31K8G7Fi0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201812-09"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
ghsa-8gx8-4ch8-vgp8
Vulnerability from github
Published
2022-05-14 00:59
Modified
2022-05-14 00:59
Severity ?
VLAI Severity ?
Details
The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.
{
"affected": [],
"aliases": [
"CVE-2018-16875"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-14T14:29:00Z",
"severity": "HIGH"
},
"details": "The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a CPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected.",
"id": "GHSA-8gx8-4ch8-vgp8",
"modified": "2022-05-14T00:59:31Z",
"published": "2022-05-14T00:59:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16875"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16875"
},
{
"type": "WEB",
"url": "https://groups.google.com/forum/?pli=1#!topic/golang-announce/Kw31K8G7Fi0"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201812-09"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00010.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106230"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…