crun-1.20-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:15825 Final 1 1 2025-02-11T00:00:00Z current 2025-02-11T00:00:00Z 2025-02-11T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z crun-1.20-1.1 on GA media These are all security issues fixed in the crun-1.20-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-15825 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-24965/ SUSE CVE CVE-2025-24965 page openSUSE Tumbleweed crun-1.20-1.1 crun-1.20-1.1 as a component of openSUSE Tumbleweed crun is an open source OCI Container Runtime fully written in C. In affected versions A malicious container image could trick the krun handler into escaping the root filesystem, allowing file creation or modification on the host. No special permissions are needed, only the ability for the current user to write to the target file. The problem is fixed in crun 1.20 and all users are advised to upgrade. There are no known workarounds for this vulnerability. CVE-2025-24965 openSUSE Tumbleweed:crun-1.20-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-24965.html CVE-2025-24965 https://bugzilla.suse.com/1237421 SUSE Bug 1237421