apptainer-1.3.6-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:14618-1 Final 1 1 2025-01-07T00:00:00Z current 2025-01-07T00:00:00Z 2025-01-07T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z apptainer-1.3.6-2.1 on GA media These are all security issues fixed in the apptainer-1.3.6-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-14618 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/O3WPJO3GKMRSPM2EPUNFU5AXM6YFRQAN/ E-Mail link for openSUSE-SU-2025:14618-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-28180/ SUSE CVE CVE-2024-28180 page openSUSE Tumbleweed apptainer-1.3.6-2.1 apptainer-leap-1.3.6-2.1 apptainer-sle15_5-1.3.6-2.1 apptainer-sle15_6-1.3.6-2.1 apptainer-sle15_7-1.3.6-2.1 apptainer-1.3.6-2.1 as a component of openSUSE Tumbleweed apptainer-leap-1.3.6-2.1 as a component of openSUSE Tumbleweed apptainer-sle15_5-1.3.6-2.1 as a component of openSUSE Tumbleweed apptainer-sle15_6-1.3.6-2.1 as a component of openSUSE Tumbleweed apptainer-sle15_7-1.3.6-2.1 as a component of openSUSE Tumbleweed Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3. CVE-2024-28180 openSUSE Tumbleweed:apptainer-1.3.6-2.1 openSUSE Tumbleweed:apptainer-leap-1.3.6-2.1 openSUSE Tumbleweed:apptainer-sle15_5-1.3.6-2.1 openSUSE Tumbleweed:apptainer-sle15_6-1.3.6-2.1 openSUSE Tumbleweed:apptainer-sle15_7-1.3.6-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/O3WPJO3GKMRSPM2EPUNFU5AXM6YFRQAN/ https://www.suse.com/security/cve/CVE-2024-28180.html CVE-2024-28180 https://bugzilla.suse.com/1234984 SUSE Bug 1234984