Security update for kubernetes1.24 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:02424-1 Final 1 1 2025-07-21T08:37:12Z current 2025-07-21T08:37:12Z 2025-07-21T08:37:12Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for kubernetes1.24 This update for kubernetes1.24 fixes the following issues: - CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content (bsc#1241865). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-2424 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202502424-1/ Link for SUSE-SU-2025:02424-1 https://lists.suse.com/pipermail/sle-updates/2025-July/040823.html E-Mail link for SUSE-SU-2025:02424-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1241865 SUSE Bug 1241865 https://www.suse.com/security/cve/CVE-2025-22872/ SUSE CVE CVE-2025-22872 page kubernetes1.24-apiserver-1.24.17-150400.9.22.1 kubernetes1.24-client-1.24.17-150400.9.22.1 kubernetes1.24-client-bash-completion-1.24.17-150400.9.22.1 kubernetes1.24-client-common-1.24.17-150400.9.22.1 kubernetes1.24-client-fish-completion-1.24.17-150400.9.22.1 kubernetes1.24-controller-manager-1.24.17-150400.9.22.1 kubernetes1.24-kubeadm-1.24.17-150400.9.22.1 kubernetes1.24-kubelet-1.24.17-150400.9.22.1 kubernetes1.24-kubelet-common-1.24.17-150400.9.22.1 kubernetes1.24-proxy-1.24.17-150400.9.22.1 kubernetes1.24-scheduler-1.24.17-150400.9.22.1 The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. <math>, <svg>, etc contexts). CVE-2025-22872 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502424-1/ https://www.suse.com/security/cve/CVE-2025-22872.html CVE-2025-22872 https://bugzilla.suse.com/1241710 SUSE Bug 1241710