Overview

File _patchinfo of Package patchinfo.42518

<patchinfo incident="42518">
  <issue tracker="cve" id="2025-22869"/>
  <issue tracker="cve" id="2025-47914"/>
  <issue tracker="cve" id="2025-65105"/>
  <issue tracker="cve" id="2025-22870"/>
  <issue tracker="cve" id="2025-27144"/>
  <issue tracker="cve" id="2024-45310"/>
  <issue tracker="cve" id="2025-8556"/>
  <issue tracker="cve" id="2025-22872"/>
  <issue tracker="cve" id="2025-47913"/>
  <issue tracker="cve" id="2025-58181"/>
  <issue tracker="bnc" id="1257432">VUL-0: CVE-2024-45310: apptainer: github.com/opencontainers/runc/libcontainer/utils: runc can be tricked into creating empty files/directories on host</issue>
  <issue tracker="bnc" id="1255462">VUL-0: CVE-2025-65105: apptainer: security bypass due to disabling security options</issue>
  <issue tracker="bnc" id="1253967">VUL-0: CVE-2025-47914: TRACKERBUG: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read</issue>
  <issue tracker="bnc" id="1253784">VUL-0: CVE-2025-58181: TRACKERBUG: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption</issue>
  <issue tracker="bnc" id="1253506">VUL-0: CVE-2025-47913: TRACKERBUG: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or</issue>
  <issue tracker="bnc" id="1241710">VUL-0: CVE-2025-22872: TRACKERBUG: golang.org/x/net/html: tags incorrectly interpreted by tokenizer can lead to content being placed in the wrong scope during</issue>
  <issue tracker="bnc" id="1238611">VUL-0: CVE-2025-22870: TRACKERBUG: golang.org/net/http, golang.org/x/net/proxy, golang.org/x/net/http/httpproxy: proxy bypass using IPv6 zone IDs</issue>
  <issue tracker="bnc" id="1239322">VUL-0: CVE-2025-22869: TRACKERBUG: golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh</issue>
  <issue tracker="bnc" id="1237608">VUL-0: CVE-2025-27144: TRACKERBUG: gopkg.in/square/go-jose.v2,gopkg.in/go-jose/go-jose.v2,github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: Go JOSE's Parsing Vulnerable to Denial of Service</issue>
  <packager>mslacken</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for apptainer</summary>
  <description>This update for apptainer fixes the following issues:

Security fixes:

- CVE-2024-45310: Fixed runc being tricked into creating empty 
  files/directories on host (bsc#1257432)
- CVE-2025-65105: Fixed security bypass due to disabling security 
  options (bsc#1255462)
- CVE-2025-47914: Fixed malformed constraint may cause denial of 
  service in golang.org/x/crypto/ssh/agent (bsc#1253967)
- CVE-2025-58181: Fixed unbounded memory consumption in 
  golang.org/x/crypto/ssh (bsc#1253784)
- CVE-2025-47913: Fixed potential denial of service in 
  golang.org/x/crypto/ssh/agent (bsc#1253506)
- CVE-2025-22872: Fixed incorrect Neutralization of Input During 
  Web Page Generation in x/net (bsc#1241710)
- CVE-2025-22870: Fixed HTTP Proxy bypass using IPv6 Zone IDs in 
  golang.org/x/net (bsc#1238611)
- CVE-2025-22869: Fixed potential denial of service in 
  golang.org/x/crypto (bsc#1239322)
- CVE-2025-27144: Fixed DoS in go-jose Parsing in 
  github.com/go-jose/go-jose (bsc#1237608)
- CVE-2025-8556: Fixed missing and wrong validation can lead 
  to incorrect results in github.com/cloudflare/circl

Other fixes:

- Update to 1.4.5
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places