govulncheck-vulndb-0.0.20250331T171002-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:14955-1 Final 1 1 2025-04-02T00:00:00Z current 2025-04-02T00:00:00Z 2025-04-02T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z govulncheck-vulndb-0.0.20250331T171002-1.1 on GA media These are all security issues fixed in the govulncheck-vulndb-0.0.20250331T171002-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-14955 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GT5JSN3VXOPFJR5R2YOR4UYXCVU3UJDI/ E-Mail link for openSUSE-SU-2025:14955-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-12055/ SUSE CVE CVE-2024-12055 page https://www.suse.com/security/cve/CVE-2024-12886/ SUSE CVE CVE-2024-12886 page https://www.suse.com/security/cve/CVE-2025-0315/ SUSE CVE CVE-2025-0315 page https://www.suse.com/security/cve/CVE-2025-0317/ SUSE CVE CVE-2025-0317 page openSUSE Tumbleweed govulncheck-vulndb-0.0.20250331T171002-1.1 govulncheck-vulndb-0.0.20250331T171002-1.1 as a component of openSUSE Tumbleweed A vulnerability in Ollama versions <=0.3.14 allows a malicious user to create a customized gguf model file that can be uploaded to the public Ollama server. When the server processes this malicious model, it crashes, leading to a Denial of Service (DoS) attack. The root cause of the issue is an out-of-bounds read in the gguf.go file. CVE-2024-12055 openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250331T171002-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GT5JSN3VXOPFJR5R2YOR4UYXCVU3UJDI/ https://www.suse.com/security/cve/CVE-2024-12055.html CVE-2024-12055 https://bugzilla.suse.com/1239834 SUSE Bug 1239834 An Out-Of-Memory (OOM) vulnerability exists in the `ollama` server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the `ollama` server crashing. The vulnerability is present in the `makeRequestWithRetry` and `getAuthorizationToken` functions, which use `io.ReadAll` to read the response body. This can result in excessive memory usage and a Denial of Service (DoS) condition. CVE-2024-12886 openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250331T171002-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GT5JSN3VXOPFJR5R2YOR4UYXCVU3UJDI/ https://www.suse.com/security/cve/CVE-2024-12886.html CVE-2024-12886 https://bugzilla.suse.com/1239881 SUSE Bug 1239881 A vulnerability in ollama/ollama <=0.3.14 allows a malicious user to create a customized GGUF model file, upload it to the Ollama server, and create it. This can cause the server to allocate unlimited memory, leading to a Denial of Service (DoS) attack. CVE-2025-0315 openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250331T171002-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GT5JSN3VXOPFJR5R2YOR4UYXCVU3UJDI/ https://www.suse.com/security/cve/CVE-2025-0315.html CVE-2025-0315 https://bugzilla.suse.com/1239840 SUSE Bug 1239840 A vulnerability in ollama/ollama versions <=0.3.14 allows a malicious user to upload and create a customized GGUF model file on the Ollama server. This can lead to a division by zero error in the ggufPadding function, causing the server to crash and resulting in a Denial of Service (DoS) attack. CVE-2025-0317 openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250331T171002-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GT5JSN3VXOPFJR5R2YOR4UYXCVU3UJDI/ https://www.suse.com/security/cve/CVE-2025-0317.html CVE-2025-0317 https://bugzilla.suse.com/1239832 SUSE Bug 1239832