Описание
Security update for apptainer
This update for apptainer fixes the following issues:
- CVE-2025-58190: Fixed a HTML parser misimplementation of a part of the HTML specification for table related tags. (bsc#1258048).
- CVE-2025-47911: Fixed an issue where the HTML parser takes a very long time or even never returns. (bsc#1258047).
Список пакетов
SUSE Linux Enterprise Module for HPC 15 SP7
apptainer-1.4.5-150600.4.15.1
apptainer-sle15_7-1.4.5-150600.4.15.1
openSUSE Leap 15.6
apptainer-1.4.5-150600.4.15.1
apptainer-leap-1.4.5-150600.4.15.1
apptainer-sle15_6-1.4.5-150600.4.15.1
Ссылки
- Link for SUSE-SU-2026:0580-1
- E-Mail link for SUSE-SU-2026:0580-1
- SUSE Security Ratings
- SUSE Bug 1253924
- SUSE Bug 1258047
- SUSE Bug 1258048
- SUSE CVE CVE-2025-47911 page
- SUSE CVE CVE-2025-58190 page
Описание
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
Затронутые продукты
SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.15.1
SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.15.1
openSUSE Leap 15.6:apptainer-1.4.5-150600.4.15.1
openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.15.1
Ссылки
- CVE-2025-47911
- SUSE Bug 1251308
Описание
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
Затронутые продукты
SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.15.1
SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.15.1
openSUSE Leap 15.6:apptainer-1.4.5-150600.4.15.1
openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.15.1
Ссылки
- CVE-2025-58190
- SUSE Bug 1251309