openSUSE Local Security Checks : openSUSE Security Advisory (openSUSE-SU-2025:0103-1)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.18.1.2025.0103.1

Kategorie: openSUSE Local Security Checks

Titel: openSUSE Security Advisory (openSUSE-SU-2025:0103-1)

Zusammenfassung: The remote host is missing an update for the 'cadvisor' package(s) announced via the openSUSE-SU-2025:0103-1 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'cadvisor' package(s) announced via the openSUSE-SU-2025:0103-1 advisory.

Vulnerability Insight:
This update for cadvisor fixes the following issues:

- update to 0.52.1:

* Make resctrl optional/pluggable

- update to 0.52.0:

* bump containerd related deps: api v1.8.0, errdefs v1.0.0, ttrpc v1.2.6
* chore: Update Prometheus libraries
* bump runc to v1.2.4
* Add Pressure Stall Information Metrics
* Switch to opencontainers/cgroups repository (includes update
from golang 1.22 to 1.24)
* Bump to newer opencontainers/image-spec @ v1.1.1

- update to 0.49.2:

* Cp fix test
* Revert 'reduce_logs_for_kubelet_use_crio'

- CVE-2025-22868: golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2 (boo#1239291)

- Update to version 0.49.1:

* build docker - add --provenance=false flag
* Remove s390x support
* Disable libipmctl in build
* Ugrade base image to 1.22 and alpine 3.18
* fix type of C.malloc in cgo
* Bump runc to v1.1.12
* Bump to bullseye
* Remove section about canary image
* Add note about WebUI auth
* Remove mentions of accelerator from the docs
* reduce_logs_for_kubelet_use_crio
* upgrade actions/checkout and actions/setup-go and actions/upload-artifact
* build(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /cmd
* add cadvisor and crio upstream changes
* Avoid using container/podman in manager.go
* container: skip checking for files in non-existent directories.
* Adjust the log level of Initialize Plugins
* add ignored device
* fix: variable naming
* build(deps): bump golang.org/x/net from 0.10.0 to 0.17.0 in /cmd
* manager: require higher verbosity level for container info misses
* Information should be logged on increased verbosity only
* Running do mod tidy
* Running go mod tidy
* Running go mod tidy
* container/libcontainer: Improve limits file parsing perf
* container/libcontainer: Add limit parsing benchmark
* build(deps): bump github.com/cyphar/filepath-securejoin in /cmd
* build(deps): bump github.com/cyphar/filepath-securejoin
* Set verbosity after flag definition
* fix: error message typo
* vendor: bump runc to 1.1.9
* Switch to use busybox from registry.k8s.io
* Bump golang ci lint to v1.54.1
* Bump github.com/docker/docker in /cmd
* Bump github.com/docker/docker
* Bump github.com/docker/distribution in /cmd
* Bump github.com/docker/distribution
* Update genproto dependency to isolated submodule
* remove the check for the existence of NFS files, which will cause unnecessary requests.
* reduce inotify watch
* fix performance degradation of NFS
* fix: fix type issue
* fix: fix cgo memory leak
* ft: export memory kernel usage
* sysinfo: Ignore 'hidden' sysfs device entries
* Increasing required verbosity level
* Patch to fix issue 2341
* podman support: Enable Podman support.
* podman support: Create Podman handler.
* podman support: Changes in Docker handler.
* unit test: machine_swap_bytes
* Add documentation for machine_swap_bytes ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'cadvisor' package(s) on openSUSE Leap 15.6.

Solution:
Please install the updated package(s).

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2022-27664
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/
https://security.gentoo.org/glsa/202209-26
https://groups.google.com/g/golang-announce
Common Vulnerability Exposure (CVE) ID: CVE-2025-22868

Copyright Copyright (C) 2025 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.18.1.2025.0103.1
Kategorie:	openSUSE Local Security Checks
Titel:	openSUSE Security Advisory (openSUSE-SU-2025:0103-1)
Zusammenfassung:	The remote host is missing an update for the 'cadvisor' package(s) announced via the openSUSE-SU-2025:0103-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'cadvisor' package(s) announced via the openSUSE-SU-2025:0103-1 advisory. Vulnerability Insight: This update for cadvisor fixes the following issues: - update to 0.52.1: * Make resctrl optional/pluggable - update to 0.52.0: * bump containerd related deps: api v1.8.0, errdefs v1.0.0, ttrpc v1.2.6 * chore: Update Prometheus libraries * bump runc to v1.2.4 * Add Pressure Stall Information Metrics * Switch to opencontainers/cgroups repository (includes update from golang 1.22 to 1.24) * Bump to newer opencontainers/image-spec @ v1.1.1 - update to 0.49.2: * Cp fix test * Revert 'reduce_logs_for_kubelet_use_crio' - CVE-2025-22868: golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2 (boo#1239291) - Update to version 0.49.1: * build docker - add --provenance=false flag * Remove s390x support * Disable libipmctl in build * Ugrade base image to 1.22 and alpine 3.18 * fix type of C.malloc in cgo * Bump runc to v1.1.12 * Bump to bullseye * Remove section about canary image * Add note about WebUI auth * Remove mentions of accelerator from the docs * reduce_logs_for_kubelet_use_crio * upgrade actions/checkout and actions/setup-go and actions/upload-artifact * build(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /cmd * add cadvisor and crio upstream changes * Avoid using container/podman in manager.go * container: skip checking for files in non-existent directories. * Adjust the log level of Initialize Plugins * add ignored device * fix: variable naming * build(deps): bump golang.org/x/net from 0.10.0 to 0.17.0 in /cmd * manager: require higher verbosity level for container info misses * Information should be logged on increased verbosity only * Running do mod tidy * Running go mod tidy * Running go mod tidy * container/libcontainer: Improve limits file parsing perf * container/libcontainer: Add limit parsing benchmark * build(deps): bump github.com/cyphar/filepath-securejoin in /cmd * build(deps): bump github.com/cyphar/filepath-securejoin * Set verbosity after flag definition * fix: error message typo * vendor: bump runc to 1.1.9 * Switch to use busybox from registry.k8s.io * Bump golang ci lint to v1.54.1 * Bump github.com/docker/docker in /cmd * Bump github.com/docker/docker * Bump github.com/docker/distribution in /cmd * Bump github.com/docker/distribution * Update genproto dependency to isolated submodule * remove the check for the existence of NFS files, which will cause unnecessary requests. * reduce inotify watch * fix performance degradation of NFS * fix: fix type issue * fix: fix cgo memory leak * ft: export memory kernel usage * sysinfo: Ignore 'hidden' sysfs device entries * Increasing required verbosity level * Patch to fix issue 2341 * podman support: Enable Podman support. * podman support: Create Podman handler. * podman support: Changes in Docker handler. * unit test: machine_swap_bytes * Add documentation for machine_swap_bytes ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'cadvisor' package(s) on openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2022-27664 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/ https://security.gentoo.org/glsa/202209-26 https://groups.google.com/g/golang-announce Common Vulnerability Exposure (CVE) ID: CVE-2025-22868
Copyright	Copyright (C) 2025 Greenbone AG