Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-47291 (GCVE-0-2025-47291)
Vulnerability from cvelistv5
Published
2025-05-21 17:26
Modified
2025-05-21 19:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-266 - Incorrect Privilege Assignment
Summary
containerd is an open-source container runtime. A bug was found in the containerd's CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn't put usernamespaced containers under the Kubernetes' cgroup hierarchy, therefore some Kubernetes limits are not honored. This may cause a denial of service of the Kubernetes node. This bug has been fixed in containerd 2.0.5+ and 2.1.0+. Users should update to these versions to resolve the issue. As a workaround, disable usernamespaced pods in Kubernetes temporarily.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| containerd | containerd |
Version: >= 2.0.1, < 2.0.5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47291",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T19:19:32.387955Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T19:19:39.944Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "containerd",
"vendor": "containerd",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0.1, \u003c 2.0.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "containerd is an open-source container runtime. A bug was found in the containerd\u0027s CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn\u0027t put usernamespaced containers under the Kubernetes\u0027 cgroup hierarchy, therefore some Kubernetes limits are not honored. This may cause a denial of service of the Kubernetes node. This bug has been fixed in containerd 2.0.5+ and 2.1.0+. Users should update to these versions to resolve the issue. As a workaround, disable usernamespaced pods in Kubernetes temporarily."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266: Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T17:26:31.141Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/containerd/containerd/security/advisories/GHSA-cxfp-7pvr-95ff",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-cxfp-7pvr-95ff"
}
],
"source": {
"advisory": "GHSA-cxfp-7pvr-95ff",
"discovery": "UNKNOWN"
},
"title": "containerd CRI plugin: Incorrect cgroup hierarchy assignment for containers running in usernamespaced Kubernetes pods."
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-47291",
"datePublished": "2025-05-21T17:26:31.141Z",
"dateReserved": "2025-05-05T16:53:10.374Z",
"dateUpdated": "2025-05-21T19:19:39.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-47291\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-05-21T18:15:52.853\",\"lastModified\":\"2025-09-19T17:25:42.653\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"containerd is an open-source container runtime. A bug was found in the containerd\u0027s CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn\u0027t put usernamespaced containers under the Kubernetes\u0027 cgroup hierarchy, therefore some Kubernetes limits are not honored. This may cause a denial of service of the Kubernetes node. This bug has been fixed in containerd 2.0.5+ and 2.1.0+. Users should update to these versions to resolve the issue. As a workaround, disable usernamespaced pods in Kubernetes temporarily.\"},{\"lang\":\"es\",\"value\":\"containerd es un entorno de ejecuci\u00f3n de contenedores de c\u00f3digo abierto. Se detect\u00f3 un error en la implementaci\u00f3n de CRI de containerd: a partir de la versi\u00f3n 2.0.1 y anteriores a la 2.0.5, containerd no coloca los contenedores con espacio de nombre de usuario en la jerarqu\u00eda de grupos de control de Kubernetes, por lo que no se respetan algunos l\u00edmites de Kubernetes. Esto puede provocar una denegaci\u00f3n de servicio del nodo de Kubernetes. Este error se ha corregido en containerd 2.0.5+ y 2.1.0+. Los usuarios deben actualizar a estas versiones para resolver el problema. Como workaround, deshabilite temporalmente los pods con espacio de nombre de usuario en Kubernetes.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":4.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"UNREPORTED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-266\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.1\",\"versionEndExcluding\":\"2.0.5\",\"matchCriteriaId\":\"560E3202-0E7D-4AD0-81E1-EDCCEDF907DA\"}]}]}],\"references\":[{\"url\":\"https://github.com/containerd/containerd/security/advisories/GHSA-cxfp-7pvr-95ff\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-47291\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-05-21T19:19:32.387955Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-21T19:19:36.210Z\"}}], \"cna\": {\"title\": \"containerd CRI plugin: Incorrect cgroup hierarchy assignment for containers running in usernamespaced Kubernetes pods.\", \"source\": {\"advisory\": \"GHSA-cxfp-7pvr-95ff\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 4.6, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"containerd\", \"product\": \"containerd\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 2.0.1, \u003c 2.0.5\"}]}], \"references\": [{\"url\": \"https://github.com/containerd/containerd/security/advisories/GHSA-cxfp-7pvr-95ff\", \"name\": \"https://github.com/containerd/containerd/security/advisories/GHSA-cxfp-7pvr-95ff\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"containerd is an open-source container runtime. A bug was found in the containerd\u0027s CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn\u0027t put usernamespaced containers under the Kubernetes\u0027 cgroup hierarchy, therefore some Kubernetes limits are not honored. This may cause a denial of service of the Kubernetes node. This bug has been fixed in containerd 2.0.5+ and 2.1.0+. Users should update to these versions to resolve the issue. As a workaround, disable usernamespaced pods in Kubernetes temporarily.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-266\", \"description\": \"CWE-266: Incorrect Privilege Assignment\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-05-21T17:26:31.141Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-47291\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-21T19:19:39.944Z\", \"dateReserved\": \"2025-05-05T16:53:10.374Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-05-21T17:26:31.141Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
fkie_cve-2025-47291
Vulnerability from fkie_nvd
Published
2025-05-21 18:15
Modified
2025-09-19 17:25
Severity ?
Summary
containerd is an open-source container runtime. A bug was found in the containerd's CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn't put usernamespaced containers under the Kubernetes' cgroup hierarchy, therefore some Kubernetes limits are not honored. This may cause a denial of service of the Kubernetes node. This bug has been fixed in containerd 2.0.5+ and 2.1.0+. Users should update to these versions to resolve the issue. As a workaround, disable usernamespaced pods in Kubernetes temporarily.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linuxfoundation | containerd | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linuxfoundation:containerd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "560E3202-0E7D-4AD0-81E1-EDCCEDF907DA",
"versionEndExcluding": "2.0.5",
"versionStartIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "containerd is an open-source container runtime. A bug was found in the containerd\u0027s CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn\u0027t put usernamespaced containers under the Kubernetes\u0027 cgroup hierarchy, therefore some Kubernetes limits are not honored. This may cause a denial of service of the Kubernetes node. This bug has been fixed in containerd 2.0.5+ and 2.1.0+. Users should update to these versions to resolve the issue. As a workaround, disable usernamespaced pods in Kubernetes temporarily."
},
{
"lang": "es",
"value": "containerd es un entorno de ejecuci\u00f3n de contenedores de c\u00f3digo abierto. Se detect\u00f3 un error en la implementaci\u00f3n de CRI de containerd: a partir de la versi\u00f3n 2.0.1 y anteriores a la 2.0.5, containerd no coloca los contenedores con espacio de nombre de usuario en la jerarqu\u00eda de grupos de control de Kubernetes, por lo que no se respetan algunos l\u00edmites de Kubernetes. Esto puede provocar una denegaci\u00f3n de servicio del nodo de Kubernetes. Este error se ha corregido en containerd 2.0.5+ y 2.1.0+. Los usuarios deben actualizar a estas versiones para resolver el problema. Como workaround, deshabilite temporalmente los pods con espacio de nombre de usuario en Kubernetes."
}
],
"id": "CVE-2025-47291",
"lastModified": "2025-09-19T17:25:42.653",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "UNREPORTED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-05-21T18:15:52.853",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-cxfp-7pvr-95ff"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-266"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
ghsa-cxfp-7pvr-95ff
Vulnerability from github
Published
2025-05-21 18:01
Modified
2025-05-28 19:45
Severity ?
VLAI Severity ?
Summary
containerd CRI plugin: Incorrect cgroup hierarchy assignment for containers running in usernamespaced Kubernetes pods.
Details
Impact
A bug was found in the containerd's CRI implementation where containerd doesn't put usernamespaced containers under the Kubernetes' cgroup hierarchy, therefore some Kubernetes limits are not honored. This may cause a denial of service of the Kubernetes node.
Patches
This bug has been fixed in containerd 2.0.5+ and 2.1.0+. Users should update to these versions to resolve the issue.
Workarounds
Disable usernamespaced pods in Kubernetes temporarily.
Credits
The containerd project would like to thank Rodrigo Campos Catelin and Piotr Rogowski for responsibly disclosing this issue in accordance with the containerd security policy.
For more information
If you have any questions or comments about this advisory:
- Open an issue in containerd
- Email us at security@containerd.io
To report a security issue in containerd: * Report a new vulnerability * Email us at security@containerd.io
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.0.4"
},
"package": {
"ecosystem": "Go",
"name": "github.com/containerd/containerd/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.1"
},
{
"fixed": "2.0.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-47291"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": true,
"github_reviewed_at": "2025-05-21T18:01:48Z",
"nvd_published_at": "2025-05-21T18:15:52Z",
"severity": "MODERATE"
},
"details": "# Impact\n\nA bug was found in the containerd\u0027s CRI implementation where containerd doesn\u0027t put usernamespaced containers under the Kubernetes\u0027 cgroup hierarchy, therefore some Kubernetes limits are not honored. This may cause a denial of service of the Kubernetes node.\n\n# Patches\n\nThis bug has been fixed in containerd 2.0.5+ and 2.1.0+. Users should update to these versions to resolve the issue.\n\n# Workarounds\n\nDisable usernamespaced pods in Kubernetes temporarily.\n\n# Credits\n\nThe containerd project would like to thank Rodrigo Campos Catelin and Piotr Rogowski for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/main/SECURITY.md).\n\n# For more information\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [containerd](https://github.com/containerd/containerd/issues/new/choose)\n* Email us at security@containerd.io\n\nTo report a security issue in containerd:\n* [Report a new vulnerability](https://github.com/containerd/containerd/security/advisories/new)\n* Email us at [security@containerd.io](mailto:security@containerd.io)",
"id": "GHSA-cxfp-7pvr-95ff",
"modified": "2025-05-28T19:45:21Z",
"published": "2025-05-21T18:01:48Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-cxfp-7pvr-95ff"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47291"
},
{
"type": "PACKAGE",
"url": "https://github.com/containerd/containerd"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2025-3701"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "containerd CRI plugin: Incorrect cgroup hierarchy assignment for containers running in usernamespaced Kubernetes pods."
}
opensuse-su-2025:15455-1
Vulnerability from csaf_opensuse
Published
2025-08-16 00:00
Modified
2025-08-16 00:00
Summary
libecpg6-17.6-1.1 on GA media
Notes
Title of the patch
libecpg6-17.6-1.1 on GA media
Description of the patch
These are all security issues fixed in the libecpg6-17.6-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15455
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libecpg6-17.6-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libecpg6-17.6-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15455",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15455-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-8713 page",
"url": "https://www.suse.com/security/cve/CVE-2025-8713/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-8714 page",
"url": "https://www.suse.com/security/cve/CVE-2025-8714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-8715 page",
"url": "https://www.suse.com/security/cve/CVE-2025-8715/"
}
],
"title": "libecpg6-17.6-1.1 on GA media",
"tracking": {
"current_release_date": "2025-08-16T00:00:00Z",
"generator": {
"date": "2025-08-16T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15455-1",
"initial_release_date": "2025-08-16T00:00:00Z",
"revision_history": [
{
"date": "2025-08-16T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libecpg6-17.6-1.1.aarch64",
"product": {
"name": "libecpg6-17.6-1.1.aarch64",
"product_id": "libecpg6-17.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libecpg6-32bit-17.6-1.1.aarch64",
"product": {
"name": "libecpg6-32bit-17.6-1.1.aarch64",
"product_id": "libecpg6-32bit-17.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpq5-17.6-1.1.aarch64",
"product": {
"name": "libpq5-17.6-1.1.aarch64",
"product_id": "libpq5-17.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libpq5-32bit-17.6-1.1.aarch64",
"product": {
"name": "libpq5-32bit-17.6-1.1.aarch64",
"product_id": "libpq5-32bit-17.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql17-17.6-1.1.aarch64",
"product": {
"name": "postgresql17-17.6-1.1.aarch64",
"product_id": "postgresql17-17.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql17-contrib-17.6-1.1.aarch64",
"product": {
"name": "postgresql17-contrib-17.6-1.1.aarch64",
"product_id": "postgresql17-contrib-17.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql17-devel-17.6-1.1.aarch64",
"product": {
"name": "postgresql17-devel-17.6-1.1.aarch64",
"product_id": "postgresql17-devel-17.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql17-docs-17.6-1.1.aarch64",
"product": {
"name": "postgresql17-docs-17.6-1.1.aarch64",
"product_id": "postgresql17-docs-17.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql17-llvmjit-17.6-1.1.aarch64",
"product": {
"name": "postgresql17-llvmjit-17.6-1.1.aarch64",
"product_id": "postgresql17-llvmjit-17.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql17-llvmjit-devel-17.6-1.1.aarch64",
"product": {
"name": "postgresql17-llvmjit-devel-17.6-1.1.aarch64",
"product_id": "postgresql17-llvmjit-devel-17.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql17-plperl-17.6-1.1.aarch64",
"product": {
"name": "postgresql17-plperl-17.6-1.1.aarch64",
"product_id": "postgresql17-plperl-17.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql17-plpython-17.6-1.1.aarch64",
"product": {
"name": "postgresql17-plpython-17.6-1.1.aarch64",
"product_id": "postgresql17-plpython-17.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql17-pltcl-17.6-1.1.aarch64",
"product": {
"name": "postgresql17-pltcl-17.6-1.1.aarch64",
"product_id": "postgresql17-pltcl-17.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql17-server-17.6-1.1.aarch64",
"product": {
"name": "postgresql17-server-17.6-1.1.aarch64",
"product_id": "postgresql17-server-17.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql17-server-devel-17.6-1.1.aarch64",
"product": {
"name": "postgresql17-server-devel-17.6-1.1.aarch64",
"product_id": "postgresql17-server-devel-17.6-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql17-test-17.6-1.1.aarch64",
"product": {
"name": "postgresql17-test-17.6-1.1.aarch64",
"product_id": "postgresql17-test-17.6-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libecpg6-17.6-1.1.ppc64le",
"product": {
"name": "libecpg6-17.6-1.1.ppc64le",
"product_id": "libecpg6-17.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libecpg6-32bit-17.6-1.1.ppc64le",
"product": {
"name": "libecpg6-32bit-17.6-1.1.ppc64le",
"product_id": "libecpg6-32bit-17.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpq5-17.6-1.1.ppc64le",
"product": {
"name": "libpq5-17.6-1.1.ppc64le",
"product_id": "libpq5-17.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libpq5-32bit-17.6-1.1.ppc64le",
"product": {
"name": "libpq5-32bit-17.6-1.1.ppc64le",
"product_id": "libpq5-32bit-17.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql17-17.6-1.1.ppc64le",
"product": {
"name": "postgresql17-17.6-1.1.ppc64le",
"product_id": "postgresql17-17.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql17-contrib-17.6-1.1.ppc64le",
"product": {
"name": "postgresql17-contrib-17.6-1.1.ppc64le",
"product_id": "postgresql17-contrib-17.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql17-devel-17.6-1.1.ppc64le",
"product": {
"name": "postgresql17-devel-17.6-1.1.ppc64le",
"product_id": "postgresql17-devel-17.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql17-docs-17.6-1.1.ppc64le",
"product": {
"name": "postgresql17-docs-17.6-1.1.ppc64le",
"product_id": "postgresql17-docs-17.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql17-llvmjit-17.6-1.1.ppc64le",
"product": {
"name": "postgresql17-llvmjit-17.6-1.1.ppc64le",
"product_id": "postgresql17-llvmjit-17.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql17-llvmjit-devel-17.6-1.1.ppc64le",
"product": {
"name": "postgresql17-llvmjit-devel-17.6-1.1.ppc64le",
"product_id": "postgresql17-llvmjit-devel-17.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql17-plperl-17.6-1.1.ppc64le",
"product": {
"name": "postgresql17-plperl-17.6-1.1.ppc64le",
"product_id": "postgresql17-plperl-17.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql17-plpython-17.6-1.1.ppc64le",
"product": {
"name": "postgresql17-plpython-17.6-1.1.ppc64le",
"product_id": "postgresql17-plpython-17.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql17-pltcl-17.6-1.1.ppc64le",
"product": {
"name": "postgresql17-pltcl-17.6-1.1.ppc64le",
"product_id": "postgresql17-pltcl-17.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql17-server-17.6-1.1.ppc64le",
"product": {
"name": "postgresql17-server-17.6-1.1.ppc64le",
"product_id": "postgresql17-server-17.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql17-server-devel-17.6-1.1.ppc64le",
"product": {
"name": "postgresql17-server-devel-17.6-1.1.ppc64le",
"product_id": "postgresql17-server-devel-17.6-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql17-test-17.6-1.1.ppc64le",
"product": {
"name": "postgresql17-test-17.6-1.1.ppc64le",
"product_id": "postgresql17-test-17.6-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libecpg6-17.6-1.1.s390x",
"product": {
"name": "libecpg6-17.6-1.1.s390x",
"product_id": "libecpg6-17.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libecpg6-32bit-17.6-1.1.s390x",
"product": {
"name": "libecpg6-32bit-17.6-1.1.s390x",
"product_id": "libecpg6-32bit-17.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libpq5-17.6-1.1.s390x",
"product": {
"name": "libpq5-17.6-1.1.s390x",
"product_id": "libpq5-17.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libpq5-32bit-17.6-1.1.s390x",
"product": {
"name": "libpq5-32bit-17.6-1.1.s390x",
"product_id": "libpq5-32bit-17.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql17-17.6-1.1.s390x",
"product": {
"name": "postgresql17-17.6-1.1.s390x",
"product_id": "postgresql17-17.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql17-contrib-17.6-1.1.s390x",
"product": {
"name": "postgresql17-contrib-17.6-1.1.s390x",
"product_id": "postgresql17-contrib-17.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql17-devel-17.6-1.1.s390x",
"product": {
"name": "postgresql17-devel-17.6-1.1.s390x",
"product_id": "postgresql17-devel-17.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql17-docs-17.6-1.1.s390x",
"product": {
"name": "postgresql17-docs-17.6-1.1.s390x",
"product_id": "postgresql17-docs-17.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql17-llvmjit-17.6-1.1.s390x",
"product": {
"name": "postgresql17-llvmjit-17.6-1.1.s390x",
"product_id": "postgresql17-llvmjit-17.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql17-llvmjit-devel-17.6-1.1.s390x",
"product": {
"name": "postgresql17-llvmjit-devel-17.6-1.1.s390x",
"product_id": "postgresql17-llvmjit-devel-17.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql17-plperl-17.6-1.1.s390x",
"product": {
"name": "postgresql17-plperl-17.6-1.1.s390x",
"product_id": "postgresql17-plperl-17.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql17-plpython-17.6-1.1.s390x",
"product": {
"name": "postgresql17-plpython-17.6-1.1.s390x",
"product_id": "postgresql17-plpython-17.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql17-pltcl-17.6-1.1.s390x",
"product": {
"name": "postgresql17-pltcl-17.6-1.1.s390x",
"product_id": "postgresql17-pltcl-17.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql17-server-17.6-1.1.s390x",
"product": {
"name": "postgresql17-server-17.6-1.1.s390x",
"product_id": "postgresql17-server-17.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql17-server-devel-17.6-1.1.s390x",
"product": {
"name": "postgresql17-server-devel-17.6-1.1.s390x",
"product_id": "postgresql17-server-devel-17.6-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql17-test-17.6-1.1.s390x",
"product": {
"name": "postgresql17-test-17.6-1.1.s390x",
"product_id": "postgresql17-test-17.6-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libecpg6-17.6-1.1.x86_64",
"product": {
"name": "libecpg6-17.6-1.1.x86_64",
"product_id": "libecpg6-17.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libecpg6-32bit-17.6-1.1.x86_64",
"product": {
"name": "libecpg6-32bit-17.6-1.1.x86_64",
"product_id": "libecpg6-32bit-17.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpq5-17.6-1.1.x86_64",
"product": {
"name": "libpq5-17.6-1.1.x86_64",
"product_id": "libpq5-17.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libpq5-32bit-17.6-1.1.x86_64",
"product": {
"name": "libpq5-32bit-17.6-1.1.x86_64",
"product_id": "libpq5-32bit-17.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql17-17.6-1.1.x86_64",
"product": {
"name": "postgresql17-17.6-1.1.x86_64",
"product_id": "postgresql17-17.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql17-contrib-17.6-1.1.x86_64",
"product": {
"name": "postgresql17-contrib-17.6-1.1.x86_64",
"product_id": "postgresql17-contrib-17.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql17-devel-17.6-1.1.x86_64",
"product": {
"name": "postgresql17-devel-17.6-1.1.x86_64",
"product_id": "postgresql17-devel-17.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql17-docs-17.6-1.1.x86_64",
"product": {
"name": "postgresql17-docs-17.6-1.1.x86_64",
"product_id": "postgresql17-docs-17.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql17-llvmjit-17.6-1.1.x86_64",
"product": {
"name": "postgresql17-llvmjit-17.6-1.1.x86_64",
"product_id": "postgresql17-llvmjit-17.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql17-llvmjit-devel-17.6-1.1.x86_64",
"product": {
"name": "postgresql17-llvmjit-devel-17.6-1.1.x86_64",
"product_id": "postgresql17-llvmjit-devel-17.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql17-plperl-17.6-1.1.x86_64",
"product": {
"name": "postgresql17-plperl-17.6-1.1.x86_64",
"product_id": "postgresql17-plperl-17.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql17-plpython-17.6-1.1.x86_64",
"product": {
"name": "postgresql17-plpython-17.6-1.1.x86_64",
"product_id": "postgresql17-plpython-17.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql17-pltcl-17.6-1.1.x86_64",
"product": {
"name": "postgresql17-pltcl-17.6-1.1.x86_64",
"product_id": "postgresql17-pltcl-17.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql17-server-17.6-1.1.x86_64",
"product": {
"name": "postgresql17-server-17.6-1.1.x86_64",
"product_id": "postgresql17-server-17.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql17-server-devel-17.6-1.1.x86_64",
"product": {
"name": "postgresql17-server-devel-17.6-1.1.x86_64",
"product_id": "postgresql17-server-devel-17.6-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql17-test-17.6-1.1.x86_64",
"product": {
"name": "postgresql17-test-17.6-1.1.x86_64",
"product_id": "postgresql17-test-17.6-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libecpg6-17.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libecpg6-17.6-1.1.aarch64"
},
"product_reference": "libecpg6-17.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecpg6-17.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libecpg6-17.6-1.1.ppc64le"
},
"product_reference": "libecpg6-17.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecpg6-17.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libecpg6-17.6-1.1.s390x"
},
"product_reference": "libecpg6-17.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecpg6-17.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libecpg6-17.6-1.1.x86_64"
},
"product_reference": "libecpg6-17.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecpg6-32bit-17.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.aarch64"
},
"product_reference": "libecpg6-32bit-17.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecpg6-32bit-17.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.ppc64le"
},
"product_reference": "libecpg6-32bit-17.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecpg6-32bit-17.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.s390x"
},
"product_reference": "libecpg6-32bit-17.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libecpg6-32bit-17.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.x86_64"
},
"product_reference": "libecpg6-32bit-17.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpq5-17.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpq5-17.6-1.1.aarch64"
},
"product_reference": "libpq5-17.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpq5-17.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpq5-17.6-1.1.ppc64le"
},
"product_reference": "libpq5-17.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpq5-17.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpq5-17.6-1.1.s390x"
},
"product_reference": "libpq5-17.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpq5-17.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpq5-17.6-1.1.x86_64"
},
"product_reference": "libpq5-17.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpq5-32bit-17.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.aarch64"
},
"product_reference": "libpq5-32bit-17.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpq5-32bit-17.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.ppc64le"
},
"product_reference": "libpq5-32bit-17.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpq5-32bit-17.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.s390x"
},
"product_reference": "libpq5-32bit-17.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libpq5-32bit-17.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.x86_64"
},
"product_reference": "libpq5-32bit-17.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-17.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-17.6-1.1.aarch64"
},
"product_reference": "postgresql17-17.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-17.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-17.6-1.1.ppc64le"
},
"product_reference": "postgresql17-17.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-17.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-17.6-1.1.s390x"
},
"product_reference": "postgresql17-17.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-17.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-17.6-1.1.x86_64"
},
"product_reference": "postgresql17-17.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-contrib-17.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.aarch64"
},
"product_reference": "postgresql17-contrib-17.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-contrib-17.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.ppc64le"
},
"product_reference": "postgresql17-contrib-17.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-contrib-17.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.s390x"
},
"product_reference": "postgresql17-contrib-17.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-contrib-17.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.x86_64"
},
"product_reference": "postgresql17-contrib-17.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-devel-17.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.aarch64"
},
"product_reference": "postgresql17-devel-17.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-devel-17.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.ppc64le"
},
"product_reference": "postgresql17-devel-17.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-devel-17.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.s390x"
},
"product_reference": "postgresql17-devel-17.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-devel-17.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.x86_64"
},
"product_reference": "postgresql17-devel-17.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-docs-17.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.aarch64"
},
"product_reference": "postgresql17-docs-17.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-docs-17.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.ppc64le"
},
"product_reference": "postgresql17-docs-17.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-docs-17.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.s390x"
},
"product_reference": "postgresql17-docs-17.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-docs-17.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.x86_64"
},
"product_reference": "postgresql17-docs-17.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-llvmjit-17.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.aarch64"
},
"product_reference": "postgresql17-llvmjit-17.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-llvmjit-17.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.ppc64le"
},
"product_reference": "postgresql17-llvmjit-17.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-llvmjit-17.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.s390x"
},
"product_reference": "postgresql17-llvmjit-17.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-llvmjit-17.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.x86_64"
},
"product_reference": "postgresql17-llvmjit-17.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-llvmjit-devel-17.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.aarch64"
},
"product_reference": "postgresql17-llvmjit-devel-17.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-llvmjit-devel-17.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.ppc64le"
},
"product_reference": "postgresql17-llvmjit-devel-17.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-llvmjit-devel-17.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.s390x"
},
"product_reference": "postgresql17-llvmjit-devel-17.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-llvmjit-devel-17.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.x86_64"
},
"product_reference": "postgresql17-llvmjit-devel-17.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-plperl-17.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.aarch64"
},
"product_reference": "postgresql17-plperl-17.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-plperl-17.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.ppc64le"
},
"product_reference": "postgresql17-plperl-17.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-plperl-17.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.s390x"
},
"product_reference": "postgresql17-plperl-17.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-plperl-17.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.x86_64"
},
"product_reference": "postgresql17-plperl-17.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-plpython-17.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.aarch64"
},
"product_reference": "postgresql17-plpython-17.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-plpython-17.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.ppc64le"
},
"product_reference": "postgresql17-plpython-17.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-plpython-17.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.s390x"
},
"product_reference": "postgresql17-plpython-17.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-plpython-17.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.x86_64"
},
"product_reference": "postgresql17-plpython-17.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-pltcl-17.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.aarch64"
},
"product_reference": "postgresql17-pltcl-17.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-pltcl-17.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.ppc64le"
},
"product_reference": "postgresql17-pltcl-17.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-pltcl-17.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.s390x"
},
"product_reference": "postgresql17-pltcl-17.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-pltcl-17.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.x86_64"
},
"product_reference": "postgresql17-pltcl-17.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-server-17.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-server-17.6-1.1.aarch64"
},
"product_reference": "postgresql17-server-17.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-server-17.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-server-17.6-1.1.ppc64le"
},
"product_reference": "postgresql17-server-17.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-server-17.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-server-17.6-1.1.s390x"
},
"product_reference": "postgresql17-server-17.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-server-17.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-server-17.6-1.1.x86_64"
},
"product_reference": "postgresql17-server-17.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-server-devel-17.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.aarch64"
},
"product_reference": "postgresql17-server-devel-17.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-server-devel-17.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.ppc64le"
},
"product_reference": "postgresql17-server-devel-17.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-server-devel-17.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.s390x"
},
"product_reference": "postgresql17-server-devel-17.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-server-devel-17.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.x86_64"
},
"product_reference": "postgresql17-server-devel-17.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-test-17.6-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-test-17.6-1.1.aarch64"
},
"product_reference": "postgresql17-test-17.6-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-test-17.6-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-test-17.6-1.1.ppc64le"
},
"product_reference": "postgresql17-test-17.6-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-test-17.6-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-test-17.6-1.1.s390x"
},
"product_reference": "postgresql17-test-17.6-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql17-test-17.6-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql17-test-17.6-1.1.x86_64"
},
"product_reference": "postgresql17-test-17.6-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-8713",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-8713"
}
],
"notes": [
{
"category": "general",
"text": "PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide. PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process. Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies. Reachable statistics data notably included histograms and most-common-values lists. CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libecpg6-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libecpg6-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libecpg6-17.6-1.1.s390x",
"openSUSE Tumbleweed:libecpg6-17.6-1.1.x86_64",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.s390x",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.x86_64",
"openSUSE Tumbleweed:libpq5-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libpq5-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libpq5-17.6-1.1.s390x",
"openSUSE Tumbleweed:libpq5-17.6-1.1.x86_64",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.s390x",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-8713",
"url": "https://www.suse.com/security/cve/CVE-2025-8713"
},
{
"category": "external",
"summary": "SUSE Bug 1248120 for CVE-2025-8713",
"url": "https://bugzilla.suse.com/1248120"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libecpg6-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libecpg6-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libecpg6-17.6-1.1.s390x",
"openSUSE Tumbleweed:libecpg6-17.6-1.1.x86_64",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.s390x",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.x86_64",
"openSUSE Tumbleweed:libpq5-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libpq5-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libpq5-17.6-1.1.s390x",
"openSUSE Tumbleweed:libpq5-17.6-1.1.x86_64",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.s390x",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libecpg6-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libecpg6-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libecpg6-17.6-1.1.s390x",
"openSUSE Tumbleweed:libecpg6-17.6-1.1.x86_64",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.s390x",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.x86_64",
"openSUSE Tumbleweed:libpq5-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libpq5-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libpq5-17.6-1.1.s390x",
"openSUSE Tumbleweed:libpq5-17.6-1.1.x86_64",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.s390x",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-16T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-8713"
},
{
"cve": "CVE-2025-8714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-8714"
}
],
"notes": [
{
"category": "general",
"text": "Untrusted data inclusion in pg_dump in PostgreSQL allows a malicious superuser of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands. pg_dumpall is also affected. pg_restore is affected when used to generate a plain-format dump. This is similar to MySQL CVE-2024-21096. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libecpg6-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libecpg6-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libecpg6-17.6-1.1.s390x",
"openSUSE Tumbleweed:libecpg6-17.6-1.1.x86_64",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.s390x",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.x86_64",
"openSUSE Tumbleweed:libpq5-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libpq5-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libpq5-17.6-1.1.s390x",
"openSUSE Tumbleweed:libpq5-17.6-1.1.x86_64",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.s390x",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-8714",
"url": "https://www.suse.com/security/cve/CVE-2025-8714"
},
{
"category": "external",
"summary": "SUSE Bug 1248122 for CVE-2025-8714",
"url": "https://bugzilla.suse.com/1248122"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libecpg6-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libecpg6-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libecpg6-17.6-1.1.s390x",
"openSUSE Tumbleweed:libecpg6-17.6-1.1.x86_64",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.s390x",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.x86_64",
"openSUSE Tumbleweed:libpq5-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libpq5-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libpq5-17.6-1.1.s390x",
"openSUSE Tumbleweed:libpq5-17.6-1.1.x86_64",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.s390x",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libecpg6-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libecpg6-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libecpg6-17.6-1.1.s390x",
"openSUSE Tumbleweed:libecpg6-17.6-1.1.x86_64",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.s390x",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.x86_64",
"openSUSE Tumbleweed:libpq5-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libpq5-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libpq5-17.6-1.1.s390x",
"openSUSE Tumbleweed:libpq5-17.6-1.1.x86_64",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.s390x",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-16T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-8714"
},
{
"cve": "CVE-2025-8715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-8715"
}
],
"notes": [
{
"category": "general",
"text": "Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks can achieve SQL injection as a superuser of the restore target server. pg_dumpall, pg_restore, and pg_upgrade are also affected. Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected. Versions before 11.20 are unaffected. CVE-2012-0868 had fixed this class of problem, but version 11.20 reintroduced it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libecpg6-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libecpg6-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libecpg6-17.6-1.1.s390x",
"openSUSE Tumbleweed:libecpg6-17.6-1.1.x86_64",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.s390x",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.x86_64",
"openSUSE Tumbleweed:libpq5-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libpq5-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libpq5-17.6-1.1.s390x",
"openSUSE Tumbleweed:libpq5-17.6-1.1.x86_64",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.s390x",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-8715",
"url": "https://www.suse.com/security/cve/CVE-2025-8715"
},
{
"category": "external",
"summary": "SUSE Bug 1248119 for CVE-2025-8715",
"url": "https://bugzilla.suse.com/1248119"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libecpg6-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libecpg6-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libecpg6-17.6-1.1.s390x",
"openSUSE Tumbleweed:libecpg6-17.6-1.1.x86_64",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.s390x",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.x86_64",
"openSUSE Tumbleweed:libpq5-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libpq5-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libpq5-17.6-1.1.s390x",
"openSUSE Tumbleweed:libpq5-17.6-1.1.x86_64",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.s390x",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libecpg6-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libecpg6-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libecpg6-17.6-1.1.s390x",
"openSUSE Tumbleweed:libecpg6-17.6-1.1.x86_64",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.s390x",
"openSUSE Tumbleweed:libecpg6-32bit-17.6-1.1.x86_64",
"openSUSE Tumbleweed:libpq5-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libpq5-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libpq5-17.6-1.1.s390x",
"openSUSE Tumbleweed:libpq5-17.6-1.1.x86_64",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.aarch64",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.s390x",
"openSUSE Tumbleweed:libpq5-32bit-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-contrib-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-devel-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-docs-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-llvmjit-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-llvmjit-devel-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-plperl-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-plpython-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-pltcl-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-server-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-server-devel-17.6-1.1.x86_64",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.aarch64",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.s390x",
"openSUSE Tumbleweed:postgresql17-test-17.6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-16T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-8715"
}
]
}
opensuse-su-2025:15454-1
Vulnerability from csaf_opensuse
Published
2025-08-15 00:00
Modified
2025-08-15 00:00
Summary
trivy-0.65.0-1.1 on GA media
Notes
Title of the patch
trivy-0.65.0-1.1 on GA media
Description of the patch
These are all security issues fixed in the trivy-0.65.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15454
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "trivy-0.65.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the trivy-0.65.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15454",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15454-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22868 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22872 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-30204 page",
"url": "https://www.suse.com/security/cve/CVE-2025-30204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47291 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47291/"
}
],
"title": "trivy-0.65.0-1.1 on GA media",
"tracking": {
"current_release_date": "2025-08-15T00:00:00Z",
"generator": {
"date": "2025-08-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15454-1",
"initial_release_date": "2025-08-15T00:00:00Z",
"revision_history": [
{
"date": "2025-08-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.65.0-1.1.aarch64",
"product": {
"name": "trivy-0.65.0-1.1.aarch64",
"product_id": "trivy-0.65.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.65.0-1.1.ppc64le",
"product": {
"name": "trivy-0.65.0-1.1.ppc64le",
"product_id": "trivy-0.65.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.65.0-1.1.s390x",
"product": {
"name": "trivy-0.65.0-1.1.s390x",
"product_id": "trivy-0.65.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "trivy-0.65.0-1.1.x86_64",
"product": {
"name": "trivy-0.65.0-1.1.x86_64",
"product_id": "trivy-0.65.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.65.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64"
},
"product_reference": "trivy-0.65.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.65.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le"
},
"product_reference": "trivy-0.65.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.65.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x"
},
"product_reference": "trivy-0.65.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "trivy-0.65.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64"
},
"product_reference": "trivy-0.65.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22868"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22868",
"url": "https://www.suse.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "SUSE Bug 1239185 for CVE-2025-22868",
"url": "https://bugzilla.suse.com/1239185"
},
{
"category": "external",
"summary": "SUSE Bug 1239186 for CVE-2025-22868",
"url": "https://bugzilla.suse.com/1239186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-22868"
},
{
"cve": "CVE-2025-22869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22869"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22869",
"url": "https://www.suse.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "SUSE Bug 1239322 for CVE-2025-22869",
"url": "https://bugzilla.suse.com/1239322"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-22869"
},
{
"cve": "CVE-2025-22872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22872"
}
],
"notes": [
{
"category": "general",
"text": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22872",
"url": "https://www.suse.com/security/cve/CVE-2025-22872"
},
{
"category": "external",
"summary": "SUSE Bug 1241710 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1241710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-22872"
},
{
"cve": "CVE-2025-30204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-30204"
}
],
"notes": [
{
"category": "general",
"text": "golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function\u0027s argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-30204",
"url": "https://www.suse.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "SUSE Bug 1240441 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240441"
},
{
"category": "external",
"summary": "SUSE Bug 1240442 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-30204"
},
{
"cve": "CVE-2025-47291",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47291"
}
],
"notes": [
{
"category": "general",
"text": "containerd is an open-source container runtime. A bug was found in the containerd\u0027s CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn\u0027t put usernamespaced containers under the Kubernetes\u0027 cgroup hierarchy, therefore some Kubernetes limits are not honored. This may cause a denial of service of the Kubernetes node. This bug has been fixed in containerd 2.0.5+ and 2.1.0+. Users should update to these versions to resolve the issue. As a workaround, disable usernamespaced pods in Kubernetes temporarily.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47291",
"url": "https://www.suse.com/security/cve/CVE-2025-47291"
},
{
"category": "external",
"summary": "SUSE Bug 1243632 for CVE-2025-47291",
"url": "https://bugzilla.suse.com/1243632"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:trivy-0.65.0-1.1.aarch64",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.ppc64le",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.s390x",
"openSUSE Tumbleweed:trivy-0.65.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-08-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-47291"
}
]
}
opensuse-su-2025:15159-1
Vulnerability from csaf_opensuse
Published
2025-05-26 00:00
Modified
2025-05-26 00:00
Summary
govulncheck-vulndb-0.0.20250523T151856-1.1 on GA media
Notes
Title of the patch
govulncheck-vulndb-0.0.20250523T151856-1.1 on GA media
Description of the patch
These are all security issues fixed in the govulncheck-vulndb-0.0.20250523T151856-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15159
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "govulncheck-vulndb-0.0.20250523T151856-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the govulncheck-vulndb-0.0.20250523T151856-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15159",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15159-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:15159-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NBVOKYMJCE2HZLSF5W3H3Q7KEHMMOQR3/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:15159-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NBVOKYMJCE2HZLSF5W3H3Q7KEHMMOQR3/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-40120 page",
"url": "https://www.suse.com/security/cve/CVE-2024-40120/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-1975 page",
"url": "https://www.suse.com/security/cve/CVE-2025-1975/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-2527 page",
"url": "https://www.suse.com/security/cve/CVE-2025-2527/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-2570 page",
"url": "https://www.suse.com/security/cve/CVE-2025-2570/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-31947 page",
"url": "https://www.suse.com/security/cve/CVE-2025-31947/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3446 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3446/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47282 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47282/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47283 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47283/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47284 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47290 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47291 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47291/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-48056 page",
"url": "https://www.suse.com/security/cve/CVE-2025-48056/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-48069 page",
"url": "https://www.suse.com/security/cve/CVE-2025-48069/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5031 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5031/"
}
],
"title": "govulncheck-vulndb-0.0.20250523T151856-1.1 on GA media",
"tracking": {
"current_release_date": "2025-05-26T00:00:00Z",
"generator": {
"date": "2025-05-26T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15159-1",
"initial_release_date": "2025-05-26T00:00:00Z",
"revision_history": [
{
"date": "2025-05-26T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"product": {
"name": "govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"product_id": "govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"product": {
"name": "govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"product_id": "govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"product": {
"name": "govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"product_id": "govulncheck-vulndb-0.0.20250523T151856-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64",
"product": {
"name": "govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64",
"product_id": "govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64"
},
"product_reference": "govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le"
},
"product_reference": "govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250523T151856-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x"
},
"product_reference": "govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
},
"product_reference": "govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-40120",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-40120"
}
],
"notes": [
{
"category": "general",
"text": "seaweedfs v3.68 was discovered to contain a SQL injection vulnerability via the component /abstract_sql/abstract_sql_store.go.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-40120",
"url": "https://www.suse.com/security/cve/CVE-2024-40120"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-26T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-40120"
},
{
"cve": "CVE-2025-1975",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-1975"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a service. This is due to improper validation of array index access when downloading a model via the /api/pull endpoint, which can lead to a server crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-1975",
"url": "https://www.suse.com/security/cve/CVE-2025-1975"
},
{
"category": "external",
"summary": "SUSE Bug 1243287 for CVE-2025-1975",
"url": "https://bugzilla.suse.com/1243287"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-26T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-1975"
},
{
"cve": "CVE-2025-2527",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-2527"
}
],
"notes": [
{
"category": "general",
"text": "Mattermost versions 10.5.x \u003c= 10.5.2, 9.11.x \u003c= 9.11.11 failed to properly verify a user\u0027s permissions when accessing groups, which allows an attacker to view group information via an API request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-2527",
"url": "https://www.suse.com/security/cve/CVE-2025-2527"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-26T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-2527"
},
{
"cve": "CVE-2025-2570",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-2570"
}
],
"notes": [
{
"category": "general",
"text": "Mattermost versions 10.5.x \u003c= 10.5.3, 9.11.x \u003c= 9.11.11 fail to check `RestrictSystemAdmin` setting if user doesn\u0027t have access to `ExperimentalSettings` which allows a System Manager to access `ExperimentSettings` when `RestrictSystemAdmin` is true via System Console.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-2570",
"url": "https://www.suse.com/security/cve/CVE-2025-2570"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-26T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-2570"
},
{
"cve": "CVE-2025-31947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-31947"
}
],
"notes": [
{
"category": "general",
"text": "Mattermost versions 10.6.x \u003c= 10.6.1, 10.5.x \u003c= 10.5.2, 10.4.x \u003c= 10.4.4, 9.11.x \u003c= 9.11.11 fail to lockout LDAP users following repeated login failures, which allows attackers to lock external LDAP accounts through repeated login failures through Mattermost.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-31947",
"url": "https://www.suse.com/security/cve/CVE-2025-31947"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-26T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-31947"
},
{
"cve": "CVE-2025-3446",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3446"
}
],
"notes": [
{
"category": "general",
"text": "Mattermost versions 10.6.x \u003c= 10.6.1, 10.5.x \u003c= 10.5.2, 10.4.x \u003c= 10.4.4, 9.11.x \u003c= 9.11.11 fail to check the correct permissions which allows authenticated users who only have permission to invite non-guest users to a team to add guest users to that team via the API to add a single user to a team.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3446",
"url": "https://www.suse.com/security/cve/CVE-2025-3446"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-26T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-3446"
},
{
"cve": "CVE-2025-47282",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47282"
}
],
"notes": [
{
"category": "general",
"text": "Gardener External DNS Management is an environment to manage external DNS entries for a kubernetes cluster. A security vulnerability was discovered in Gardener\u0027s External DNS Management prior to version 0.23.6 that could allow a user with administrative privileges for a Gardener project or a user with administrative privileges for a shoot cluster, including administrative privileges for a single namespace of the shoot cluster, to obtain control over the seed cluster where the shoot cluster is managed. This CVE affects all Gardener installations no matter of the public cloud provider(s) used for the seed clusters/shoot clusters. The affected component is `gardener/external-dns-management`. The `external-dns-management` component may also be deployed on the seeds by the `gardener/gardener-extension-shoot-dns-service` extension when the extension is enabled. In this case, all versions of the `shoot-dns-service` extension `\u003c= v1.60.0` are affected by this vulnerability. Version 0.23.6 of Gardener External DNS Management fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47282",
"url": "https://www.suse.com/security/cve/CVE-2025-47282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-26T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2025-47282"
},
{
"cve": "CVE-2025-47283",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47283"
}
],
"notes": [
{
"category": "general",
"text": "Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 that could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed. This CVE affects all Gardener installations no matter of the public cloud provider(s) used for the seed clusters/shoot clusters. `gardener/gardener` (`gardenlet`) is the affected component. Versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47283",
"url": "https://www.suse.com/security/cve/CVE-2025-47283"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-26T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2025-47283"
},
{
"cve": "CVE-2025-47284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47284"
}
],
"notes": [
{
"category": "general",
"text": "Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in the `gardenlet` component of Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0. It could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed. This CVE affects all Gardener installations where gardener/gardener-extension-provider-gcp is in use. Versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47284",
"url": "https://www.suse.com/security/cve/CVE-2025-47284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-26T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2025-47284"
},
{
"cve": "CVE-2025-47290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47290"
}
],
"notes": [
{
"category": "general",
"text": "containerd is a container runtime. A time-of-check to time-of-use (TOCTOU) vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. The only affected version of containerd is 2.1.0. Other versions of containerd are not affected. This bug has been fixed in containerd 2.1.1. Users should update to this version to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47290",
"url": "https://www.suse.com/security/cve/CVE-2025-47290"
},
{
"category": "external",
"summary": "SUSE Bug 1243392 for CVE-2025-47290",
"url": "https://bugzilla.suse.com/1243392"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-26T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-47290"
},
{
"cve": "CVE-2025-47291",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47291"
}
],
"notes": [
{
"category": "general",
"text": "containerd is an open-source container runtime. A bug was found in the containerd\u0027s CRI implementation where containerd, starting in version 2.0.1 and prior to version 2.0.5, doesn\u0027t put usernamespaced containers under the Kubernetes\u0027 cgroup hierarchy, therefore some Kubernetes limits are not honored. This may cause a denial of service of the Kubernetes node. This bug has been fixed in containerd 2.0.5+ and 2.1.0+. Users should update to these versions to resolve the issue. As a workaround, disable usernamespaced pods in Kubernetes temporarily.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47291",
"url": "https://www.suse.com/security/cve/CVE-2025-47291"
},
{
"category": "external",
"summary": "SUSE Bug 1243632 for CVE-2025-47291",
"url": "https://bugzilla.suse.com/1243632"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-26T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-47291"
},
{
"cve": "CVE-2025-48056",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-48056"
}
],
"notes": [
{
"category": "general",
"text": "Hubble is a fully distributed networking and security observability platform for cloud native workloads. Prior to version 1.17.2, a network attacker could inject malicious control characters into Hubble CLI terminal output, potentially leading to loss of integrity and manipulation of the output. This could be leveraged to conceal log entries, rewrite output, or even make the terminal temporarily unusable. Exploitation of this attack would require the victim to be monitoring Kafka traffic using Layer 7 Protocol Visibility at the time of the attack. The issue is patched in Hubble CLI v1.17.2. Hubble CLI users who are unable to upgrade can direct their Hubble flows to a log file and inspect the output within a text editor.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-48056",
"url": "https://www.suse.com/security/cve/CVE-2025-48056"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-26T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-48056"
},
{
"cve": "CVE-2025-48069",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-48069"
}
],
"notes": [
{
"category": "general",
"text": "ejson2env allows users to decrypt EJSON secrets and export them as environment variables. Prior to version 2.0.8, the `ejson2env` tool has a vulnerability related to how it writes to `stdout`. Specifically, the tool is intended to write an export statement for environment variables and their values. However, due to inadequate output sanitization, there is a potential risk where variable names or values may include malicious content, resulting in additional unintended commands being output to `stdout`. If this output is improperly utilized in further command execution, it could lead to command injection, allowing an attacker to execute arbitrary commands on the host system. Version 2.0.8 sanitizes output during decryption. Other mitigations involve avoiding use of `ejson2env` to decrypt untrusted user secrets and/or avoiding evaluating or executing the direct output from `ejson2env` without removing nonprintable characters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-48069",
"url": "https://www.suse.com/security/cve/CVE-2025-48069"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-26T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-48069"
},
{
"cve": "CVE-2025-5031",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5031"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the component wxapkg File Decompression Handler. The manipulation leads to resource consumption. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5031",
"url": "https://www.suse.com/security/cve/CVE-2025-5031"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250523T151856-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-26T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-5031"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…