Security update for containerized-data-importer SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:20550-1 Final 1 1 2026-02-26T16:03:48Z current 2026-02-26T16:03:48Z 2026-02-26T16:03:48Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for containerized-data-importer This update for containerized-data-importer fixes the following issues: Update to version 1.64.0. Security issues fixed: - CVE-2024-28180: improper handling of highly compressed data (bsc#1235204). - CVE-2024-45338: denial of service due to non-linear parsing of case-insensitive content (bsc#1235365). - CVE-2025-22868: unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239205). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SL-Micro-6.2-317 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-202620550-1/ Link for SUSE-SU-2026:20550-1 https://lists.suse.com/pipermail/sle-updates/2026-March/044567.html E-Mail link for SUSE-SU-2026:20550-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1235204 SUSE Bug 1235204 https://bugzilla.suse.com/1235365 SUSE Bug 1235365 https://bugzilla.suse.com/1239205 SUSE Bug 1239205 https://www.suse.com/security/cve/CVE-2024-28180/ SUSE CVE CVE-2024-28180 page https://www.suse.com/security/cve/CVE-2024-45338/ SUSE CVE CVE-2024-45338 page https://www.suse.com/security/cve/CVE-2025-22868/ SUSE CVE CVE-2025-22868 page SUSE Linux Micro 6.2 containerized-data-importer-manifests-1.64.0-160000.1.1 containerized-data-importer-manifests-1.64.0-160000.1.1 as a component of SUSE Linux Micro 6.2 Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3. CVE-2024-28180 SUSE Linux Micro 6.2:containerized-data-importer-manifests-1.64.0-160000.1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-202620550-1/ https://www.suse.com/security/cve/CVE-2024-28180.html CVE-2024-28180 https://bugzilla.suse.com/1234984 SUSE Bug 1234984 An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. CVE-2024-45338 SUSE Linux Micro 6.2:containerized-data-importer-manifests-1.64.0-160000.1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-202620550-1/ https://www.suse.com/security/cve/CVE-2024-45338.html CVE-2024-45338 https://bugzilla.suse.com/1234794 SUSE Bug 1234794 An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. CVE-2025-22868 SUSE Linux Micro 6.2:containerized-data-importer-manifests-1.64.0-160000.1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-202620550-1/ https://www.suse.com/security/cve/CVE-2025-22868.html CVE-2025-22868 https://bugzilla.suse.com/1239185 SUSE Bug 1239185 https://bugzilla.suse.com/1239186 SUSE Bug 1239186