Описание
Security update for docker-stable
This update for docker-stable fixes the following issues:
- CVE-2025-30204: Fixed a vulnerability in jwt-go which allowed excessive memory allocation during header parsing. (bsc#1240513)
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
docker-stable-24.0.9_ce-150000.1.36.1
docker-stable-bash-completion-24.0.9_ce-150000.1.36.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
docker-stable-24.0.9_ce-150000.1.36.1
docker-stable-bash-completion-24.0.9_ce-150000.1.36.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
docker-stable-24.0.9_ce-150000.1.36.1
docker-stable-bash-completion-24.0.9_ce-150000.1.36.1
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
docker-stable-24.0.9_ce-150000.1.36.1
docker-stable-bash-completion-24.0.9_ce-150000.1.36.1
SUSE Linux Enterprise Module for Containers 15 SP7
docker-stable-24.0.9_ce-150000.1.36.1
docker-stable-bash-completion-24.0.9_ce-150000.1.36.1
docker-stable-zsh-completion-24.0.9_ce-150000.1.36.1
SUSE Linux Enterprise Server 15 SP4-LTSS
docker-stable-24.0.9_ce-150000.1.36.1
docker-stable-bash-completion-24.0.9_ce-150000.1.36.1
SUSE Linux Enterprise Server 15 SP5-LTSS
docker-stable-24.0.9_ce-150000.1.36.1
docker-stable-bash-completion-24.0.9_ce-150000.1.36.1
SUSE Linux Enterprise Server 15 SP6-LTSS
docker-stable-24.0.9_ce-150000.1.36.1
docker-stable-bash-completion-24.0.9_ce-150000.1.36.1
docker-stable-zsh-completion-24.0.9_ce-150000.1.36.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
docker-stable-24.0.9_ce-150000.1.36.1
docker-stable-bash-completion-24.0.9_ce-150000.1.36.1
SUSE Linux Enterprise Server for SAP Applications 15 SP5
docker-stable-24.0.9_ce-150000.1.36.1
docker-stable-bash-completion-24.0.9_ce-150000.1.36.1
SUSE Linux Enterprise Server for SAP Applications 15 SP6
docker-stable-24.0.9_ce-150000.1.36.1
docker-stable-bash-completion-24.0.9_ce-150000.1.36.1
docker-stable-zsh-completion-24.0.9_ce-150000.1.36.1
openSUSE Leap 15.6
docker-stable-24.0.9_ce-150000.1.36.1
docker-stable-bash-completion-24.0.9_ce-150000.1.36.1
docker-stable-fish-completion-24.0.9_ce-150000.1.36.1
docker-stable-rootless-extras-24.0.9_ce-150000.1.36.1
docker-stable-zsh-completion-24.0.9_ce-150000.1.36.1
Ссылки
- Link for SUSE-SU-2026:0659-1
- E-Mail link for SUSE-SU-2026:0659-1
- SUSE Security Ratings
- SUSE Bug 1240513
- SUSE CVE CVE-2025-30204 page
Описание
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-24.0.9_ce-150000.1.36.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:docker-stable-bash-completion-24.0.9_ce-150000.1.36.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-24.0.9_ce-150000.1.36.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:docker-stable-bash-completion-24.0.9_ce-150000.1.36.1
Ссылки
- CVE-2025-30204
- SUSE Bug 1240441
- SUSE Bug 1240442