govulncheck-vulndb-0.0.20250130T185858-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:15790 Final 1 1 2025-02-04T00:00:00Z current 2025-02-04T00:00:00Z 2025-02-04T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z govulncheck-vulndb-0.0.20250130T185858-1.1 on GA media These are all security issues fixed in the govulncheck-vulndb-0.0.20250130T185858-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-15790 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-10846/ SUSE CVE CVE-2024-10846 page https://www.suse.com/security/cve/CVE-2024-13484/ SUSE CVE CVE-2024-13484 page https://www.suse.com/security/cve/CVE-2024-3727/ SUSE CVE CVE-2024-3727 page https://www.suse.com/security/cve/CVE-2025-0750/ SUSE CVE CVE-2025-0750 page https://www.suse.com/security/cve/CVE-2025-24369/ SUSE CVE CVE-2025-24369 page openSUSE Tumbleweed govulncheck-vulndb-0.0.20250130T185858-1.1 govulncheck-vulndb-0.0.20250130T185858-1.1 as a component of openSUSE Tumbleweed The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included CVE-2024-10846 openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250130T185858-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-10846.html CVE-2024-10846 https://bugzilla.suse.com/1236335 SUSE Bug 1236335 A flaw was found in openshift-gitops-operator-container. The openshift.io/cluster-monitoring label is applied to all namespaces that deploy an ArgoCD CR instance, allowing the namespace to create a rogue PrometheusRule. This issue can have adverse effects on the platform monitoring stack, as the rule is rolled out cluster-wide when the label is applied. CVE-2024-13484 openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250130T185858-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-13484.html CVE-2024-13484 A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. CVE-2024-3727 openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250130T185858-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-3727.html CVE-2024-3727 https://bugzilla.suse.com/1224112 SUSE Bug 1224112 A vulnerability was found in CRI-O. A path traversal issue in the log management functions (UnMountPodLogs and LinkContainerLogs) may allow an attacker with permissions to create and delete Pods to unmount arbitrary host paths, leading to node-level denial of service by unmounting critical system directories. CVE-2025-0750 openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250130T185858-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-0750.html CVE-2025-0750 https://bugzilla.suse.com/1236479 SUSE Bug 1236479 Anubis is a tool that allows administrators to protect bots against AI scrapers through bot-checking heuristics and a proof-of-work challenge to discourage scraping from multiple IP addresses. Anubis allows attackers to bypass the bot protection by requesting a challenge, formulates any nonce (such as 42069), and then passes the challenge with difficulty zero. Commit e09d0226a628f04b1d80fd83bee777894a45cd02 fixes this behavior by not using a client-specified difficulty value. CVE-2025-24369 openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250130T185858-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-24369.html CVE-2025-24369