velero-1.11.1-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13225 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z velero-1.11.1-1.1 on GA media These are all security issues fixed in the velero-1.11.1-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13225 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:13225 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-27191/ SUSE CVE CVE-2022-27191 page https://www.suse.com/security/cve/CVE-2022-41717/ SUSE CVE CVE-2022-41717 page openSUSE Tumbleweed velero-1.11.1-1.1 velero-bash-completion-1.11.1-1.1 velero-fish-completion-1.11.1-1.1 velero-zsh-completion-1.11.1-1.1 velero-1.11.1-1.1 as a component of openSUSE Tumbleweed velero-bash-completion-1.11.1-1.1 as a component of openSUSE Tumbleweed velero-fish-completion-1.11.1-1.1 as a component of openSUSE Tumbleweed velero-zsh-completion-1.11.1-1.1 as a component of openSUSE Tumbleweed The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. CVE-2022-27191 openSUSE Tumbleweed:velero-1.11.1-1.1 openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1 openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1 openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-27191.html CVE-2022-27191 https://bugzilla.suse.com/1197284 SUSE Bug 1197284 An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection. CVE-2022-41717 openSUSE Tumbleweed:velero-1.11.1-1.1 openSUSE Tumbleweed:velero-bash-completion-1.11.1-1.1 openSUSE Tumbleweed:velero-fish-completion-1.11.1-1.1 openSUSE Tumbleweed:velero-zsh-completion-1.11.1-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-41717.html CVE-2022-41717 https://bugzilla.suse.com/1206135 SUSE Bug 1206135