Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-22038 (GCVE-0-2024-22038)
Vulnerability from cvelistv5
Published
2024-11-28 09:38
Modified
2024-11-28 12:15
Severity ?
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
6.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N
6.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Summary
Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SUSE | openSUSE Factory |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22038",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-28T12:09:30.908633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-28T12:15:16.693Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "obs-scm-bridge",
"product": "openSUSE Factory",
"vendor": "SUSE",
"versions": [
{
"lessThan": "0.5.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthias Gerstner of SUSE"
}
],
"datePublic": "2024-11-14T10:32:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service.\u003cbr\u003e"
}
],
"value": "Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-28T09:38:03.449Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22038"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "DoS attacks, information leaks etc. with crafted Git repositories in obs-scm-bridge",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2024-22038",
"datePublished": "2024-11-28T09:38:03.449Z",
"dateReserved": "2024-01-04T12:38:34.026Z",
"dateUpdated": "2024-11-28T12:15:16.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-22038\",\"sourceIdentifier\":\"meissner@suse.de\",\"published\":\"2024-11-28T10:15:07.567\",\"lastModified\":\"2024-11-28T10:15:07.567\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service.\"},{\"lang\":\"es\",\"value\":\"Varios problemas en obs-scm-bridge permiten a atacantes que crean repositorios git especialmente manipulados filtrar informaci\u00f3n o provocar una denegaci\u00f3n de servicio.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"meissner@suse.de\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"ACTIVE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"meissner@suse.de\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.5}]},\"weaknesses\":[{\"source\":\"meissner@suse.de\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-59\"}]}],\"references\":[{\"url\":\"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22038\",\"source\":\"meissner@suse.de\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-22038\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-28T12:09:30.908633Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-28T12:09:33.307Z\"}}], \"cna\": {\"title\": \"DoS attacks, information leaks etc. with crafted Git repositories in obs-scm-bridge\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Matthias Gerstner of SUSE\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.3, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 6.8, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"ACTIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"SUSE\", \"product\": \"openSUSE Factory\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"0.5.2\", \"versionType\": \"semver\"}], \"packageName\": \"obs-scm-bridge\", \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2024-11-14T10:32:00.000Z\", \"references\": [{\"url\": \"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22038\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service.\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-59\", \"description\": \"CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"404e59f5-483d-4b8a-8e7a-e67604dd8afb\", \"shortName\": \"suse\", \"dateUpdated\": \"2024-11-28T09:38:03.449Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-22038\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-28T12:15:16.693Z\", \"dateReserved\": \"2024-01-04T12:38:34.026Z\", \"assignerOrgId\": \"404e59f5-483d-4b8a-8e7a-e67604dd8afb\", \"datePublished\": \"2024-11-28T09:38:03.449Z\", \"assignerShortName\": \"suse\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
gsd-2024-22038
Vulnerability from gsd
Modified
2024-01-05 06:02
Details
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-22038"
],
"id": "GSD-2024-22038",
"modified": "2024-01-05T06:02:20.498546Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2024-22038",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
}
}
fkie_cve-2024-22038
Vulnerability from fkie_nvd
Published
2024-11-28 10:15
Modified
2024-11-28 10:15
Severity ?
Summary
Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service."
},
{
"lang": "es",
"value": "Varios problemas en obs-scm-bridge permiten a atacantes que crean repositorios git especialmente manipulados filtrar informaci\u00f3n o provocar una denegaci\u00f3n de servicio."
}
],
"id": "CVE-2024-22038",
"lastModified": "2024-11-28T10:15:07.567",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.5,
"source": "meissner@suse.de",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "meissner@suse.de",
"type": "Secondary"
}
]
},
"published": "2024-11-28T10:15:07.567",
"references": [
{
"source": "meissner@suse.de",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22038"
}
],
"sourceIdentifier": "meissner@suse.de",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "meissner@suse.de",
"type": "Primary"
}
]
}
suse-su-2025:0857-1
Vulnerability from csaf_suse
Published
2025-03-13 17:58
Modified
2025-03-13 17:58
Summary
Security update for build
Notes
Title of the patch
Security update for build
Description of the patch
This update for build fixes the following issues:
- CVE-2024-22038: Fixed DoS attacks, information leaks with crafted Git repositories (bnc#1230469)
Other fixes:
- Fixed behaviour when using '--shell' aka 'osc shell' option
in a VM build. Startup is faster and permissions stay intact
now.
- fixes for POSIX compatibility for obs-docker-support adn
mkbaselibs
- Add support for apk in docker/podman builds
- Add support for 'wget' in Docker images
- Fix debian support for Dockerfile builds
- Fix preinstallimages in containers
- mkosi: add back system-packages used by build-recipe directly
- pbuild: parse the Release files for debian repos
- mkosi: drop most systemd/build-packages deps and use obs_scm
directory as source if present
- improve source copy handling
- Introduce --repos-directory and --containers-directory options
- productcompose: support of building against a baseiso
- preinstallimage: avoid inclusion of build script generated files
- preserve timestamps on sources copy-in for kiwi and productcompose
- alpine package support updates
- tumbleweed config update
- debian: Support installation of foreign architecture packages
(required for armv7l setups)
- Parse unknown timezones as UTC
- Apk (Alpine Linux) format support added
- Implement default value in parameter expansion
- Also support supplements that use & as 'and'
- Add workaround for skopeo's argument parser
- add cap-htm=off on power9
- Fixed usage of chown calls
- Remove leading `go` from `purl` locators
- container related:
* Implement support for the new <containers> element in kiwi recipes
* Fixes for SBOM and dependencies of multi stage container builds
* obs-docker-support: enable dnf and yum substitutions
- Arch Linux:
* fix file path for Arch repo
* exclude unsupported arch
* Use root as download user
- build-vm-qemu: force sv48 satp mode on riscv64
- mkosi:
* Create .sha256 files after mkosi builds
* Always pass --image-version to mkosi
- General improvements and bugfixes (mkosi, pbuild, appimage/livebuild,
obs work detection, documention, SBOM)
- Support slsa v1 in unpack_slsa_provenance
- generate_sbom: do not clobber spdx supplier
- Harden export_debian_orig_from_git (bsc#1230469)
- SBOM generation:
- Adding golang introspection support
- Adding rust binary introspection support
- Keep track of unknwon licenses and add a 'hasExtractedLicensingInfos'
section
- Also normalize licenses for cyclonedx
- Make generate_sbom errors fatal
- general improvements
- Fix noprep building not working because the buildir is removed
- kiwi image: also detect a debian build if /var/lib/dpkg/status is present
- Do not use the Encode module to convert a code point to utf8
- Fix personality syscall number for riscv
- add more required recommendations for KVM builds
- set PACKAGER field in build-recipe-arch
- fix writing _modulemd.yaml
- pbuild: support --release and --baselibs option
- container:
- copy base container information from the annotation into the
containerinfo
- track base containers over multiple stages
- always put the base container last in the dependencies
- providing fileprovides in createdirdeps tool
- Introduce buildflag nochecks
- productcompose: support __all__ option
- config update: tumbleweed using preinstallexpand
- minor improvements
- tumbleweed build config update
- support the %load macro
- improve container filename generation (docker)
- fix hanging curl calls during build (docker)
- productcompose: fix milestone query
- tumbleweed build config update
- 15.6 build config fixes
- sourcerpm & sourcedep handling fixes
- productcompose:
- Fix milestone handling
- Support bcntsynctag
- Adding debian support to generate_sbom
- Add syscall for personality switch on loongarch64 kernel
- vm-build: ext3 & ext4: fix disk space allocation
- mkosi format updates, not fully working yet
- pbuild exception fixes
- Fixes for current fedora and centos distros
- Don't copy original dsc sources if OBS-DCH-RELEASE set
- Unbreak parsing of sources/patches
- Support ForceMultiVersion in the dockerfile parser
- Support %bcond of rpm 4.17.1
- Add a hack for systemd 255.3, creating an empty /etc/os-release
if missing after preinstall.
- docker: Fix HEAD request in dummyhttpserver
- pbuild: Make docker-nobasepackages expand flag the default
- rpm: Support a couple of builtin rpm macros
- rpm: Implement argument expansion for define/with/bcond...
- Fix multiline macro handling
- Accept -N parameter of %autosetup
- documentation updates
- various code cleanup and speedup work.
- ProductCompose: multiple improvements
- Add buildflags:define_specfile support
- Fix copy-in of git subdirectory sources
- pbuild: Speed up XML parsing
- pubild: product compose support
- generate_sbom: add help option
- podman: enforce runtime=runc
- Implement direct conflicts from the distro config
- changelog2spec: fix time zone handling
- Do not unmount /proc/sys/fs/binfmt_misc before runnint the check scripts
- spec file cleanup
- documentation updates
- productcompose:
- support schema 0.1
- support milestones
- Leap 15.6 config
- SLE 15 SP6 config
- productcompose: follow incompatible flavor syntax change
- pbuild: support for zstd
- fixed handling for cmdline parameters via kernel packages
- productcompose:
* BREAKING: support new schema
* adapt flavor architecture parsing
- productcompose:
* support filtered package lists
* support default architecture listing
* fix copy in binaries in VM builds^
- obsproduct build type got renamed to productcompose
- Support zstd compressed rpm-md meta data (bsc#1217269)
- Added Debian 12 configuration
- First ObsProduct build format support
- fix SLE 15 SP5 build configuration
- Improve user agent handling for obs repositories
- Docker:
- Support flavor specific build descriptions via Dockerfile.$flavor
- support 'PlusRecommended' hint to also provide recommended packages
- use the name/version as filename if both are known
- Produce docker format containers by default
- pbuild: Support for signature authentification of OBS resources
- Fix wiping build root for --vm-type podman
- Put BUILD_RELEASE and BUILD_CHANGELOG_TIMESTAMP in the /.buildenv
- build-vm-kvm: use -cpu host on riscv64
- small fixes and cleanups
- Added parser for BcntSyncTag in sources
- pbuild:
* fix dependency expansion for build types other than spec
* Reworked cycle handling code
* add --extra-packs option
* add debugflags option
- Pass-through --buildtool-opt
- Parse Patch and Source lines more accurately
- fix tunefs functionality
- minor bugfixes
- --vm-type=podman added (supports also root-less builds)
- Also support build constraints in the Dockerfile
- minor fixes
- Add SUSE ALP build config
- BREAKING: Record errors when parsing the project config
former behaviour was undefined
- container: Support compression format configuration option
- Don't setup ccache with --no-init
- improved loongarch64 support
- sbom: SPDX supplier tag added
- kiwi: support different versions per profile
- preinstallimage: fail when recompression fails
- Add support for recommends and supplements dependencies
- Support the 'keepfilerequires' expand flag
- add '--buildtool-opt=OPTIONS' to pass options to the used build tool
- distro config updates
* ArchLinux
* Tumbleweed
- documentation updates
- openSUSE Tumbleweed: sync config and move to suse_version 1699.
- universal post-build hook, just place a file in /usr/lib/build/post_build.d/
- mkbaselibs/hwcaps, fix pattern name once again (x86_64_v3)
- KiwiProduct: add --use-newest-package hint if the option is set
- Dockerfile support:
* export multibuild flavor as argument
* allow parameters in FROM .. scratch lines
* include OS name in build result if != linux
- Workaround directory->symlink usrmerge problems for cross arch sysroot
- multiple fixes for SBOM support
- KIWI VM image SBOM support added
Patchnames
SUSE-2025-857,SUSE-SLE-Module-Development-Tools-15-SP6-2025-857,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-857,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-857,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-857,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-857,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-857,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-857,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-857,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-857,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-857,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-857,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-857,SUSE-Storage-7.1-2025-857,openSUSE-SLE-15.6-2025-857
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for build",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for build fixes the following issues:\n- CVE-2024-22038: Fixed DoS attacks, information leaks with crafted Git repositories (bnc#1230469) \n\nOther fixes:\n- Fixed behaviour when using \u0027--shell\u0027 aka \u0027osc shell\u0027 option\n in a VM build. Startup is faster and permissions stay intact\n now.\n\n- fixes for POSIX compatibility for obs-docker-support adn\n mkbaselibs\n- Add support for apk in docker/podman builds\n- Add support for \u0027wget\u0027 in Docker images\n- Fix debian support for Dockerfile builds\n- Fix preinstallimages in containers\n- mkosi: add back system-packages used by build-recipe directly\n- pbuild: parse the Release files for debian repos\n\n- mkosi: drop most systemd/build-packages deps and use obs_scm\n directory as source if present\n- improve source copy handling\n- Introduce --repos-directory and --containers-directory options\n\n- productcompose: support of building against a baseiso\n- preinstallimage: avoid inclusion of build script generated files\n- preserve timestamps on sources copy-in for kiwi and productcompose\n- alpine package support updates\n- tumbleweed config update\n\n- debian: Support installation of foreign architecture packages\n (required for armv7l setups)\n- Parse unknown timezones as UTC\n- Apk (Alpine Linux) format support added\n- Implement default value in parameter expansion\n- Also support supplements that use \u0026 as \u0027and\u0027\n- Add workaround for skopeo\u0027s argument parser\n- add cap-htm=off on power9\n- Fixed usage of chown calls\n- Remove leading `go` from `purl` locators\n\n- container related:\n * Implement support for the new \u003ccontainers\u003e element in kiwi recipes\n * Fixes for SBOM and dependencies of multi stage container builds\n * obs-docker-support: enable dnf and yum substitutions\n- Arch Linux:\n * fix file path for Arch repo\n * exclude unsupported arch\n * Use root as download user\n- build-vm-qemu: force sv48 satp mode on riscv64\n- mkosi:\n * Create .sha256 files after mkosi builds\n * Always pass --image-version to mkosi\n- General improvements and bugfixes (mkosi, pbuild, appimage/livebuild,\n obs work detection, documention, SBOM)\n- Support slsa v1 in unpack_slsa_provenance\n- generate_sbom: do not clobber spdx supplier\n- Harden export_debian_orig_from_git (bsc#1230469)\n\n- SBOM generation:\n - Adding golang introspection support\n - Adding rust binary introspection support\n - Keep track of unknwon licenses and add a \u0027hasExtractedLicensingInfos\u0027\n section\n - Also normalize licenses for cyclonedx\n - Make generate_sbom errors fatal\n - general improvements\n- Fix noprep building not working because the buildir is removed\n- kiwi image: also detect a debian build if /var/lib/dpkg/status is present\n- Do not use the Encode module to convert a code point to utf8\n- Fix personality syscall number for riscv\n- add more required recommendations for KVM builds\n- set PACKAGER field in build-recipe-arch\n- fix writing _modulemd.yaml\n- pbuild: support --release and --baselibs option\n- container:\n - copy base container information from the annotation into the\n containerinfo\n - track base containers over multiple stages\n - always put the base container last in the dependencies\n\n- providing fileprovides in createdirdeps tool\n- Introduce buildflag nochecks\n\n- productcompose: support __all__ option\n- config update: tumbleweed using preinstallexpand\n- minor improvements\n\n- tumbleweed build config update\n- support the %load macro\n- improve container filename generation (docker)\n- fix hanging curl calls during build (docker)\n- productcompose: fix milestone query\n\n- tumbleweed build config update\n- 15.6 build config fixes\n- sourcerpm \u0026 sourcedep handling fixes\n- productcompose:\n - Fix milestone handling\n - Support bcntsynctag\n- Adding debian support to generate_sbom\n- Add syscall for personality switch on loongarch64 kernel\n- vm-build: ext3 \u0026 ext4: fix disk space allocation\n- mkosi format updates, not fully working yet\n- pbuild exception fixes\n- Fixes for current fedora and centos distros\n- Don\u0027t copy original dsc sources if OBS-DCH-RELEASE set\n- Unbreak parsing of sources/patches\n- Support ForceMultiVersion in the dockerfile parser\n- Support %bcond of rpm 4.17.1\n\n- Add a hack for systemd 255.3, creating an empty /etc/os-release\n if missing after preinstall.\n- docker: Fix HEAD request in dummyhttpserver\n- pbuild: Make docker-nobasepackages expand flag the default\n- rpm: Support a couple of builtin rpm macros\n- rpm: Implement argument expansion for define/with/bcond...\n- Fix multiline macro handling\n- Accept -N parameter of %autosetup\n- documentation updates\n- various code cleanup and speedup work.\n\n- ProductCompose: multiple improvements\n- Add buildflags:define_specfile support\n- Fix copy-in of git subdirectory sources\n- pbuild: Speed up XML parsing\n- pubild: product compose support\n- generate_sbom: add help option\n- podman: enforce runtime=runc\n- Implement direct conflicts from the distro config\n- changelog2spec: fix time zone handling\n- Do not unmount /proc/sys/fs/binfmt_misc before runnint the check scripts\n- spec file cleanup\n- documentation updates\n\n- productcompose:\n - support schema 0.1\n - support milestones\n- Leap 15.6 config\n- SLE 15 SP6 config\n\n- productcompose: follow incompatible flavor syntax change\n- pbuild: support for zstd\n\n- fixed handling for cmdline parameters via kernel packages\n\n- productcompose:\n * BREAKING: support new schema\n * adapt flavor architecture parsing\n\n- productcompose:\n * support filtered package lists\n * support default architecture listing\n * fix copy in binaries in VM builds^\n\n- obsproduct build type got renamed to productcompose\n\n- Support zstd compressed rpm-md meta data (bsc#1217269)\n- Added Debian 12 configuration\n- First ObsProduct build format support\n\n- fix SLE 15 SP5 build configuration\n- Improve user agent handling for obs repositories\n\n- Docker:\n - Support flavor specific build descriptions via Dockerfile.$flavor\n - support \u0027PlusRecommended\u0027 hint to also provide recommended packages\n - use the name/version as filename if both are known\n - Produce docker format containers by default\n- pbuild: Support for signature authentification of OBS resources\n- Fix wiping build root for --vm-type podman\n- Put BUILD_RELEASE and BUILD_CHANGELOG_TIMESTAMP in the /.buildenv\n- build-vm-kvm: use -cpu host on riscv64\n- small fixes and cleanups\n\n- Added parser for BcntSyncTag in sources\n\n- pbuild:\n * fix dependency expansion for build types other than spec\n * Reworked cycle handling code\n * add --extra-packs option\n * add debugflags option\n- Pass-through --buildtool-opt\n- Parse Patch and Source lines more accurately\n- fix tunefs functionality\n- minor bugfixes\n\n- --vm-type=podman added (supports also root-less builds)\n- Also support build constraints in the Dockerfile\n- minor fixes\n\n- Add SUSE ALP build config\n\n- BREAKING: Record errors when parsing the project config\n former behaviour was undefined\n- container: Support compression format configuration option\n- Don\u0027t setup ccache with --no-init\n- improved loongarch64 support\n- sbom: SPDX supplier tag added\n- kiwi: support different versions per profile\n- preinstallimage: fail when recompression fails\n- Add support for recommends and supplements dependencies\n- Support the \u0027keepfilerequires\u0027 expand flag\n- add \u0027--buildtool-opt=OPTIONS\u0027 to pass options to the used build tool\n- distro config updates\n * ArchLinux\n * Tumbleweed\n- documentation updates\n\n- openSUSE Tumbleweed: sync config and move to suse_version 1699.\n\n- universal post-build hook, just place a file in /usr/lib/build/post_build.d/\n- mkbaselibs/hwcaps, fix pattern name once again (x86_64_v3)\n- KiwiProduct: add --use-newest-package hint if the option is set\n\n- Dockerfile support:\n * export multibuild flavor as argument\n * allow parameters in FROM .. scratch lines\n * include OS name in build result if != linux\n- Workaround directory-\u003esymlink usrmerge problems for cross arch sysroot\n- multiple fixes for SBOM support\n\n- KIWI VM image SBOM support added\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-857,SUSE-SLE-Module-Development-Tools-15-SP6-2025-857,SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-857,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-857,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-857,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-857,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-857,SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-857,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-857,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-857,SUSE-SLE-Product-SLES_SAP-15-SP3-2025-857,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-857,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-857,SUSE-Storage-7.1-2025-857,openSUSE-SLE-15.6-2025-857",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0857-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0857-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250857-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0857-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-March/020511.html"
},
{
"category": "self",
"summary": "SUSE Bug 1217269",
"url": "https://bugzilla.suse.com/1217269"
},
{
"category": "self",
"summary": "SUSE Bug 1230469",
"url": "https://bugzilla.suse.com/1230469"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-22038 page",
"url": "https://www.suse.com/security/cve/CVE-2024-22038/"
}
],
"title": "Security update for build",
"tracking": {
"current_release_date": "2025-03-13T17:58:06Z",
"generator": {
"date": "2025-03-13T17:58:06Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0857-1",
"initial_release_date": "2025-03-13T17:58:06Z",
"revision_history": [
{
"date": "2025-03-13T17:58:06Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "build-20250306-150200.19.1.noarch",
"product": {
"name": "build-20250306-150200.19.1.noarch",
"product_id": "build-20250306-150200.19.1.noarch"
}
},
{
"category": "product_version",
"name": "build-initvm-aarch64-20250306-150200.19.1.noarch",
"product": {
"name": "build-initvm-aarch64-20250306-150200.19.1.noarch",
"product_id": "build-initvm-aarch64-20250306-150200.19.1.noarch"
}
},
{
"category": "product_version",
"name": "build-initvm-i586-20250306-150200.19.1.noarch",
"product": {
"name": "build-initvm-i586-20250306-150200.19.1.noarch",
"product_id": "build-initvm-i586-20250306-150200.19.1.noarch"
}
},
{
"category": "product_version",
"name": "build-initvm-powerpc64le-20250306-150200.19.1.noarch",
"product": {
"name": "build-initvm-powerpc64le-20250306-150200.19.1.noarch",
"product_id": "build-initvm-powerpc64le-20250306-150200.19.1.noarch"
}
},
{
"category": "product_version",
"name": "build-initvm-s390x-20250306-150200.19.1.noarch",
"product": {
"name": "build-initvm-s390x-20250306-150200.19.1.noarch",
"product_id": "build-initvm-s390x-20250306-150200.19.1.noarch"
}
},
{
"category": "product_version",
"name": "build-initvm-x86_64-20250306-150200.19.1.noarch",
"product": {
"name": "build-initvm-x86_64-20250306-150200.19.1.noarch",
"product_id": "build-initvm-x86_64-20250306-150200.19.1.noarch"
}
},
{
"category": "product_version",
"name": "build-mkbaselibs-20250306-150200.19.1.noarch",
"product": {
"name": "build-mkbaselibs-20250306-150200.19.1.noarch",
"product_id": "build-mkbaselibs-20250306-150200.19.1.noarch"
}
},
{
"category": "product_version",
"name": "build-mkdrpms-20250306-150200.19.1.noarch",
"product": {
"name": "build-mkdrpms-20250306-150200.19.1.noarch",
"product_id": "build-mkdrpms-20250306-150200.19.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "build-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:build-20250306-150200.19.1.noarch"
},
"product_reference": "build-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-mkbaselibs-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:build-mkbaselibs-20250306-150200.19.1.noarch"
},
"product_reference": "build-mkbaselibs-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:build-20250306-150200.19.1.noarch"
},
"product_reference": "build-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-mkbaselibs-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch"
},
"product_reference": "build-mkbaselibs-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:build-20250306-150200.19.1.noarch"
},
"product_reference": "build-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-mkbaselibs-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:build-mkbaselibs-20250306-150200.19.1.noarch"
},
"product_reference": "build-mkbaselibs-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:build-20250306-150200.19.1.noarch"
},
"product_reference": "build-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-mkbaselibs-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch"
},
"product_reference": "build-mkbaselibs-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:build-20250306-150200.19.1.noarch"
},
"product_reference": "build-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-mkbaselibs-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:build-mkbaselibs-20250306-150200.19.1.noarch"
},
"product_reference": "build-mkbaselibs-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:build-20250306-150200.19.1.noarch"
},
"product_reference": "build-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-mkbaselibs-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch"
},
"product_reference": "build-mkbaselibs-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:build-20250306-150200.19.1.noarch"
},
"product_reference": "build-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-mkbaselibs-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch"
},
"product_reference": "build-mkbaselibs-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:build-20250306-150200.19.1.noarch"
},
"product_reference": "build-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-mkbaselibs-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch"
},
"product_reference": "build-mkbaselibs-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:build-20250306-150200.19.1.noarch"
},
"product_reference": "build-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-mkbaselibs-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch"
},
"product_reference": "build-mkbaselibs-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:build-20250306-150200.19.1.noarch"
},
"product_reference": "build-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-mkbaselibs-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:build-mkbaselibs-20250306-150200.19.1.noarch"
},
"product_reference": "build-mkbaselibs-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:build-20250306-150200.19.1.noarch"
},
"product_reference": "build-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-mkbaselibs-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:build-mkbaselibs-20250306-150200.19.1.noarch"
},
"product_reference": "build-mkbaselibs-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:build-20250306-150200.19.1.noarch"
},
"product_reference": "build-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-mkbaselibs-20250306-150200.19.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:build-mkbaselibs-20250306-150200.19.1.noarch"
},
"product_reference": "build-mkbaselibs-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-20250306-150200.19.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:build-20250306-150200.19.1.noarch"
},
"product_reference": "build-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-mkbaselibs-20250306-150200.19.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:build-mkbaselibs-20250306-150200.19.1.noarch"
},
"product_reference": "build-mkbaselibs-20250306-150200.19.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-20250306-150200.19.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:build-20250306-150200.19.1.noarch"
},
"product_reference": "build-20250306-150200.19.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-initvm-aarch64-20250306-150200.19.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:build-initvm-aarch64-20250306-150200.19.1.noarch"
},
"product_reference": "build-initvm-aarch64-20250306-150200.19.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-initvm-powerpc64le-20250306-150200.19.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:build-initvm-powerpc64le-20250306-150200.19.1.noarch"
},
"product_reference": "build-initvm-powerpc64le-20250306-150200.19.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-initvm-s390x-20250306-150200.19.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:build-initvm-s390x-20250306-150200.19.1.noarch"
},
"product_reference": "build-initvm-s390x-20250306-150200.19.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-initvm-x86_64-20250306-150200.19.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:build-initvm-x86_64-20250306-150200.19.1.noarch"
},
"product_reference": "build-initvm-x86_64-20250306-150200.19.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-mkbaselibs-20250306-150200.19.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:build-mkbaselibs-20250306-150200.19.1.noarch"
},
"product_reference": "build-mkbaselibs-20250306-150200.19.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "build-mkdrpms-20250306-150200.19.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:build-mkdrpms-20250306-150200.19.1.noarch"
},
"product_reference": "build-mkdrpms-20250306-150200.19.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-22038",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-22038"
}
],
"notes": [
{
"category": "general",
"text": "Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:build-20250306-150200.19.1.noarch",
"SUSE Enterprise Storage 7.1:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:build-mkbaselibs-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-initvm-aarch64-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-initvm-powerpc64le-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-initvm-s390x-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-initvm-x86_64-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-mkbaselibs-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-mkdrpms-20250306-150200.19.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-22038",
"url": "https://www.suse.com/security/cve/CVE-2024-22038"
},
{
"category": "external",
"summary": "SUSE Bug 1230469 for CVE-2024-22038",
"url": "https://bugzilla.suse.com/1230469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:build-20250306-150200.19.1.noarch",
"SUSE Enterprise Storage 7.1:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:build-mkbaselibs-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-initvm-aarch64-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-initvm-powerpc64le-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-initvm-s390x-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-initvm-x86_64-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-mkbaselibs-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-mkdrpms-20250306-150200.19.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:build-20250306-150200.19.1.noarch",
"SUSE Enterprise Storage 7.1:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:build-mkbaselibs-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:build-20250306-150200.19.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:build-mkbaselibs-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-initvm-aarch64-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-initvm-powerpc64le-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-initvm-s390x-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-initvm-x86_64-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-mkbaselibs-20250306-150200.19.1.noarch",
"openSUSE Leap 15.6:build-mkdrpms-20250306-150200.19.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-03-13T17:58:06Z",
"details": "important"
}
],
"title": "CVE-2024-22038"
}
]
}
suse-su-2024:4212-1
Vulnerability from csaf_suse
Published
2024-12-05 16:04
Modified
2024-12-05 16:04
Summary
Security update for obs-scm-bridge
Notes
Title of the patch
Security update for obs-scm-bridge
Description of the patch
This update for obs-scm-bridge fixes the following issues:
Updated to version 0.5.4:
- CVE-2024-22038: Fixed DoS attacks, information leaks with crafted Git repositories (bnc#1230469)
Patchnames
SUSE-2024-4212,SUSE-SLE-Module-Development-Tools-15-SP5-2024-4212,SUSE-SLE-Module-Development-Tools-15-SP6-2024-4212,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-4212,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-4212,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-4212,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-4212,SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-4212,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-4212,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-4212,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4212,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-4212,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-4212,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-4212,SUSE-Storage-7.1-2024-4212,openSUSE-SLE-15.5-2024-4212,openSUSE-SLE-15.6-2024-4212
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for obs-scm-bridge",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for obs-scm-bridge fixes the following issues:\n\n Updated to version 0.5.4:\n - CVE-2024-22038: Fixed DoS attacks, information leaks with crafted Git repositories (bnc#1230469)\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-4212,SUSE-SLE-Module-Development-Tools-15-SP5-2024-4212,SUSE-SLE-Module-Development-Tools-15-SP6-2024-4212,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-4212,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-4212,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-4212,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-4212,SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-4212,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-4212,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-4212,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-4212,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-4212,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-4212,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-4212,SUSE-Storage-7.1-2024-4212,openSUSE-SLE-15.5-2024-4212,openSUSE-SLE-15.6-2024-4212",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_4212-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:4212-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20244212-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:4212-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-December/019937.html"
},
{
"category": "self",
"summary": "SUSE Bug 1230469",
"url": "https://bugzilla.suse.com/1230469"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-22038 page",
"url": "https://www.suse.com/security/cve/CVE-2024-22038/"
}
],
"title": "Security update for obs-scm-bridge",
"tracking": {
"current_release_date": "2024-12-05T16:04:31Z",
"generator": {
"date": "2024-12-05T16:04:31Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:4212-1",
"initial_release_date": "2024-12-05T16:04:31Z",
"revision_history": [
{
"date": "2024-12-05T16:04:31Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"product": {
"name": "obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"product_id": "obs-scm-bridge-0.5.4-150100.3.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "obs-scm-bridge-0.5.4-150100.3.6.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP5:obs-scm-bridge-0.5.4-150100.3.6.1.noarch"
},
"product_reference": "obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "obs-scm-bridge-0.5.4-150100.3.6.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15 SP6:obs-scm-bridge-0.5.4-150100.3.6.1.noarch"
},
"product_reference": "obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "obs-scm-bridge-0.5.4-150100.3.6.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:obs-scm-bridge-0.5.4-150100.3.6.1.noarch"
},
"product_reference": "obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "obs-scm-bridge-0.5.4-150100.3.6.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:obs-scm-bridge-0.5.4-150100.3.6.1.noarch"
},
"product_reference": "obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "obs-scm-bridge-0.5.4-150100.3.6.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:obs-scm-bridge-0.5.4-150100.3.6.1.noarch"
},
"product_reference": "obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "obs-scm-bridge-0.5.4-150100.3.6.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:obs-scm-bridge-0.5.4-150100.3.6.1.noarch"
},
"product_reference": "obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "obs-scm-bridge-0.5.4-150100.3.6.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:obs-scm-bridge-0.5.4-150100.3.6.1.noarch"
},
"product_reference": "obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "obs-scm-bridge-0.5.4-150100.3.6.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:obs-scm-bridge-0.5.4-150100.3.6.1.noarch"
},
"product_reference": "obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "obs-scm-bridge-0.5.4-150100.3.6.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:obs-scm-bridge-0.5.4-150100.3.6.1.noarch"
},
"product_reference": "obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "obs-scm-bridge-0.5.4-150100.3.6.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:obs-scm-bridge-0.5.4-150100.3.6.1.noarch"
},
"product_reference": "obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "obs-scm-bridge-0.5.4-150100.3.6.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:obs-scm-bridge-0.5.4-150100.3.6.1.noarch"
},
"product_reference": "obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "obs-scm-bridge-0.5.4-150100.3.6.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:obs-scm-bridge-0.5.4-150100.3.6.1.noarch"
},
"product_reference": "obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "obs-scm-bridge-0.5.4-150100.3.6.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:obs-scm-bridge-0.5.4-150100.3.6.1.noarch"
},
"product_reference": "obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "obs-scm-bridge-0.5.4-150100.3.6.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:obs-scm-bridge-0.5.4-150100.3.6.1.noarch"
},
"product_reference": "obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "obs-scm-bridge-0.5.4-150100.3.6.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:obs-scm-bridge-0.5.4-150100.3.6.1.noarch"
},
"product_reference": "obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-22038",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-22038"
}
],
"notes": [
{
"category": "general",
"text": "Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"openSUSE Leap 15.5:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"openSUSE Leap 15.6:obs-scm-bridge-0.5.4-150100.3.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-22038",
"url": "https://www.suse.com/security/cve/CVE-2024-22038"
},
{
"category": "external",
"summary": "SUSE Bug 1230469 for CVE-2024-22038",
"url": "https://bugzilla.suse.com/1230469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"openSUSE Leap 15.5:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"openSUSE Leap 15.6:obs-scm-bridge-0.5.4-150100.3.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP5:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15 SP6:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"openSUSE Leap 15.5:obs-scm-bridge-0.5.4-150100.3.6.1.noarch",
"openSUSE Leap 15.6:obs-scm-bridge-0.5.4-150100.3.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-05T16:04:31Z",
"details": "important"
}
],
"title": "CVE-2024-22038"
}
]
}
ghsa-4hx2-h4m6-qchx
Vulnerability from github
Published
2024-11-28 18:38
Modified
2024-11-28 18:38
Severity ?
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
6.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N
6.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
Details
Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service.
{
"affected": [],
"aliases": [
"CVE-2024-22038"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-28T10:15:07Z",
"severity": "MODERATE"
},
"details": "Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service.",
"id": "GHSA-4hx2-h4m6-qchx",
"modified": "2024-11-28T18:38:36Z",
"published": "2024-11-28T18:38:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22038"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-22038"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
opensuse-su-2024:14543-1
Vulnerability from csaf_opensuse
Published
2024-12-04 00:00
Modified
2024-12-04 00:00
Summary
obs-scm-bridge-0.5.4-1.1 on GA media
Notes
Title of the patch
obs-scm-bridge-0.5.4-1.1 on GA media
Description of the patch
These are all security issues fixed in the obs-scm-bridge-0.5.4-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-14543
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "obs-scm-bridge-0.5.4-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the obs-scm-bridge-0.5.4-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14543",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14543-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2024:14543-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SSIRMKVEDVCU2OCQMQLG2IJZ4RGLG656/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2024:14543-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SSIRMKVEDVCU2OCQMQLG2IJZ4RGLG656/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-22038 page",
"url": "https://www.suse.com/security/cve/CVE-2024-22038/"
}
],
"title": "obs-scm-bridge-0.5.4-1.1 on GA media",
"tracking": {
"current_release_date": "2024-12-04T00:00:00Z",
"generator": {
"date": "2024-12-04T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14543-1",
"initial_release_date": "2024-12-04T00:00:00Z",
"revision_history": [
{
"date": "2024-12-04T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "obs-scm-bridge-0.5.4-1.1.aarch64",
"product": {
"name": "obs-scm-bridge-0.5.4-1.1.aarch64",
"product_id": "obs-scm-bridge-0.5.4-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "obs-scm-bridge-0.5.4-1.1.ppc64le",
"product": {
"name": "obs-scm-bridge-0.5.4-1.1.ppc64le",
"product_id": "obs-scm-bridge-0.5.4-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "obs-scm-bridge-0.5.4-1.1.s390x",
"product": {
"name": "obs-scm-bridge-0.5.4-1.1.s390x",
"product_id": "obs-scm-bridge-0.5.4-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "obs-scm-bridge-0.5.4-1.1.x86_64",
"product": {
"name": "obs-scm-bridge-0.5.4-1.1.x86_64",
"product_id": "obs-scm-bridge-0.5.4-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "obs-scm-bridge-0.5.4-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:obs-scm-bridge-0.5.4-1.1.aarch64"
},
"product_reference": "obs-scm-bridge-0.5.4-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "obs-scm-bridge-0.5.4-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:obs-scm-bridge-0.5.4-1.1.ppc64le"
},
"product_reference": "obs-scm-bridge-0.5.4-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "obs-scm-bridge-0.5.4-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:obs-scm-bridge-0.5.4-1.1.s390x"
},
"product_reference": "obs-scm-bridge-0.5.4-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "obs-scm-bridge-0.5.4-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:obs-scm-bridge-0.5.4-1.1.x86_64"
},
"product_reference": "obs-scm-bridge-0.5.4-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-22038",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-22038"
}
],
"notes": [
{
"category": "general",
"text": "Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:obs-scm-bridge-0.5.4-1.1.aarch64",
"openSUSE Tumbleweed:obs-scm-bridge-0.5.4-1.1.ppc64le",
"openSUSE Tumbleweed:obs-scm-bridge-0.5.4-1.1.s390x",
"openSUSE Tumbleweed:obs-scm-bridge-0.5.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-22038",
"url": "https://www.suse.com/security/cve/CVE-2024-22038"
},
{
"category": "external",
"summary": "SUSE Bug 1230469 for CVE-2024-22038",
"url": "https://bugzilla.suse.com/1230469"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:obs-scm-bridge-0.5.4-1.1.aarch64",
"openSUSE Tumbleweed:obs-scm-bridge-0.5.4-1.1.ppc64le",
"openSUSE Tumbleweed:obs-scm-bridge-0.5.4-1.1.s390x",
"openSUSE Tumbleweed:obs-scm-bridge-0.5.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:obs-scm-bridge-0.5.4-1.1.aarch64",
"openSUSE Tumbleweed:obs-scm-bridge-0.5.4-1.1.ppc64le",
"openSUSE Tumbleweed:obs-scm-bridge-0.5.4-1.1.s390x",
"openSUSE Tumbleweed:obs-scm-bridge-0.5.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-12-04T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-22038"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…