Описание
Security update for docker-stable
This update for docker-stable fixes the following issues:
- CVE-2025-58181: Fixed unbounded memory consumption. (bsc#1253904)
- CVE-2025-30204: Fixed a bug in jwt-go which allows excessive memory allocation during header parsing. (bsc#1240513)
Список пакетов
openSUSE Leap 16.0
Ссылки
- SUSE Security Ratings
- SUSE Bug 1240513
- SUSE Bug 1253904
- SUSE Bug 1254206
- SUSE CVE CVE-2025-30204 page
- SUSE CVE CVE-2025-58181 page
Описание
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.
Затронутые продукты
Ссылки
- CVE-2025-30204
- SUSE Bug 1240441
- SUSE Bug 1240442
Описание
SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.
Затронутые продукты
Ссылки
- CVE-2025-58181
- SUSE Bug 1253784