SUSE-SU-2023:0871-1

See a problem?

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:0871-1.json

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2023:0871-1

Related

Published

2023-03-22T13:33:28Z

Modified

2023-03-22T13:33:28Z

Summary

Security update for container-suseconnect

Details

This update of container-suseconnect fixes the following issue:

container-suseconnect was rebuilt against the current go1.19 release, fixing security issues and other bugs fixed in go1.19.7.
CVE-2022-41723: Fixed quadratic complexity in HPACK decoding (bsc#1208270).
CVE-2022-41724: Fixed panic with arge handshake records in crypto/tls (bsc#1208271).
CVE-2022-41725: Fixed denial of service from excessive resource consumption in net/http and mime/multipart (bsc#1208272).
CVE-2023-24532: Fixed incorrect P-256 ScalarMult and ScalarBaseMult results (bsc#1209030).
CVE-2022-41720: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows (bsc#1206134).

References

Affected packages

SUSE:Linux Enterprise Module for Containers 15 SP4 / container-suseconnect

Package

Name: container-suseconnect
Purl: purl:rpm/suse/container-suseconnect&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.0-150000.4.24.1

Ecosystem specific

{
    "binaries": [
        {
            "container-suseconnect": "2.4.0-150000.4.24.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSS / container-suseconnect

Package

Name: container-suseconnect
Purl: purl:rpm/suse/container-suseconnect&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.0-150000.4.24.1

Ecosystem specific

{
    "binaries": [
        {
            "container-suseconnect": "2.4.0-150000.4.24.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSS / container-suseconnect

Package

Name: container-suseconnect
Purl: purl:rpm/suse/container-suseconnect&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.0-150000.4.24.1

Ecosystem specific

{
    "binaries": [
        {
            "container-suseconnect": "2.4.0-150000.4.24.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP3-ESPOS / container-suseconnect

Package

Name: container-suseconnect
Purl: purl:rpm/suse/container-suseconnect&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.0-150000.4.24.1

Ecosystem specific

{
    "binaries": [
        {
            "container-suseconnect": "2.4.0-150000.4.24.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS / container-suseconnect

Package

Name: container-suseconnect
Purl: purl:rpm/suse/container-suseconnect&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.0-150000.4.24.1

Ecosystem specific

{
    "binaries": [
        {
            "container-suseconnect": "2.4.0-150000.4.24.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP1-LTSS / container-suseconnect

Package

Name: container-suseconnect
Purl: purl:rpm/suse/container-suseconnect&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.0-150000.4.24.1

Ecosystem specific

{
    "binaries": [
        {
            "container-suseconnect": "2.4.0-150000.4.24.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP2-LTSS / container-suseconnect

Package

Name: container-suseconnect
Purl: purl:rpm/suse/container-suseconnect&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.0-150000.4.24.1

Ecosystem specific

{
    "binaries": [
        {
            "container-suseconnect": "2.4.0-150000.4.24.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP3-LTSS / container-suseconnect

Package

Name: container-suseconnect
Purl: purl:rpm/suse/container-suseconnect&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.0-150000.4.24.1

Ecosystem specific

{
    "binaries": [
        {
            "container-suseconnect": "2.4.0-150000.4.24.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP1 / container-suseconnect

Package

Name: container-suseconnect
Purl: purl:rpm/suse/container-suseconnect&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.0-150000.4.24.1

Ecosystem specific

{
    "binaries": [
        {
            "container-suseconnect": "2.4.0-150000.4.24.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP2 / container-suseconnect

Package

Name: container-suseconnect
Purl: purl:rpm/suse/container-suseconnect&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.0-150000.4.24.1

Ecosystem specific

{
    "binaries": [
        {
            "container-suseconnect": "2.4.0-150000.4.24.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP3 / container-suseconnect

Package

Name: container-suseconnect
Purl: purl:rpm/suse/container-suseconnect&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.0-150000.4.24.1

Ecosystem specific

{
    "binaries": [
        {
            "container-suseconnect": "2.4.0-150000.4.24.1"
        }
    ]
}

SUSE:Enterprise Storage 7 / container-suseconnect

Package

Name: container-suseconnect
Purl: purl:rpm/suse/container-suseconnect&distro=SUSE%20Enterprise%20Storage%207

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.0-150000.4.24.1

Ecosystem specific

{
    "binaries": [
        {
            "container-suseconnect": "2.4.0-150000.4.24.1"
        }
    ]
}

SUSE:Enterprise Storage 7.1 / container-suseconnect

Package

Name: container-suseconnect
Purl: purl:rpm/suse/container-suseconnect&distro=SUSE%20Enterprise%20Storage%207.1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.0-150000.4.24.1

Ecosystem specific

{
    "binaries": [
        {
            "container-suseconnect": "2.4.0-150000.4.24.1"
        }
    ]
}