Описание
Security update for docker-stable
This update for docker-stable fixes the following issues:
- CVE-2025-30204: Fixed a vulnerability in jwt-go which allowed excessive memory allocation during header parsing. (bsc#1240513)
Список пакетов
SUSE Linux Enterprise Server 12 SP5-LTSS
docker-stable-24.0.9_ce-1.29.1
docker-stable-bash-completion-24.0.9_ce-1.29.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
docker-stable-24.0.9_ce-1.29.1
docker-stable-bash-completion-24.0.9_ce-1.29.1
Ссылки
- Link for SUSE-SU-2026:0641-1
- E-Mail link for SUSE-SU-2026:0641-1
- SUSE Security Ratings
- SUSE Bug 1240513
- SUSE CVE CVE-2025-30204 page
Описание
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-24.0.9_ce-1.29.1
SUSE Linux Enterprise Server 12 SP5-LTSS:docker-stable-bash-completion-24.0.9_ce-1.29.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-24.0.9_ce-1.29.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:docker-stable-bash-completion-24.0.9_ce-1.29.1
Ссылки
- CVE-2025-30204
- SUSE Bug 1240441
- SUSE Bug 1240442