SUSE 5181 Published by

SUSE Linux has received multiple security upgrades, including libnss_slurm, java-23-openjdk, govulncheck-vulndb, docker-stable, and java-17-openjdk.

openSUSE-SU-2024:14450-1: moderate: libnss_slurm2-24.05.4-1.1 on GA media
openSUSE-SU-2024:14449-1: moderate: java-23-openjdk-23.0.1.0-1.1 on GA media
openSUSE-SU-2024:14447-1: moderate: govulncheck-vulndb-0.0.20241030T212825-1.1 on GA media
openSUSE-SU-2024:14446-1: moderate: docker-stable-24.0.9_ce-1.1 on GA media
openSUSE-SU-2024:14448-1: moderate: java-17-openjdk-17.0.13.0-1.1 on GA media




openSUSE-SU-2024:14450-1: moderate: libnss_slurm2-24.05.4-1.1 on GA media


# libnss_slurm2-24.05.4-1.1 on GA media

Announcement ID: openSUSE-SU-2024:14450-1
Rating: moderate

Cross-References:

* CVE-2024-48936

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the libnss_slurm2-24.05.4-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* libnss_slurm2 24.05.4-1.1
* libpmi0 24.05.4-1.1
* libslurm41 24.05.4-1.1
* perl-slurm 24.05.4-1.1
* slurm 24.05.4-1.1
* slurm-auth-none 24.05.4-1.1
* slurm-config 24.05.4-1.1
* slurm-config-man 24.05.4-1.1
* slurm-cray 24.05.4-1.1
* slurm-devel 24.05.4-1.1
* slurm-doc 24.05.4-1.1
* slurm-hdf5 24.05.4-1.1
* slurm-lua 24.05.4-1.1
* slurm-munge 24.05.4-1.1
* slurm-node 24.05.4-1.1
* slurm-openlava 24.05.4-1.1
* slurm-pam_slurm 24.05.4-1.1
* slurm-plugins 24.05.4-1.1
* slurm-rest 24.05.4-1.1
* slurm-seff 24.05.4-1.1
* slurm-sjstat 24.05.4-1.1
* slurm-slurmdbd 24.05.4-1.1
* slurm-sql 24.05.4-1.1
* slurm-sview 24.05.4-1.1
* slurm-testsuite 24.05.4-1.1
* slurm-torque 24.05.4-1.1
* slurm-webdoc 24.05.4-1.1

## References:

* https://www.suse.com/security/cve/CVE-2024-48936.html



openSUSE-SU-2024:14449-1: moderate: java-23-openjdk-23.0.1.0-1.1 on GA media


# java-23-openjdk-23.0.1.0-1.1 on GA media

Announcement ID: openSUSE-SU-2024:14449-1
Rating: moderate

Cross-References:

* CVE-2024-21208
* CVE-2024-21210
* CVE-2024-21217
* CVE-2024-21235

CVSS scores:

* CVE-2024-21208 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-21208 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2024-21210 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2024-21210 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2024-21217 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-21217 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2024-21235 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2024-21235 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 4 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the java-23-openjdk-23.0.1.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* java-23-openjdk 23.0.1.0-1.1
* java-23-openjdk-demo 23.0.1.0-1.1
* java-23-openjdk-devel 23.0.1.0-1.1
* java-23-openjdk-headless 23.0.1.0-1.1
* java-23-openjdk-javadoc 23.0.1.0-1.1
* java-23-openjdk-jmods 23.0.1.0-1.1
* java-23-openjdk-src 23.0.1.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2024-21208.html
* https://www.suse.com/security/cve/CVE-2024-21210.html
* https://www.suse.com/security/cve/CVE-2024-21217.html
* https://www.suse.com/security/cve/CVE-2024-21235.html



openSUSE-SU-2024:14447-1: moderate: govulncheck-vulndb-0.0.20241030T212825-1.1 on GA media


# govulncheck-vulndb-0.0.20241030T212825-1.1 on GA media

Announcement ID: openSUSE-SU-2024:14447-1
Rating: moderate

Cross-References:

* CVE-2022-45157
* CVE-2023-22644
* CVE-2023-32197
* CVE-2024-10214
* CVE-2024-10241
* CVE-2024-22030
* CVE-2024-22036
* CVE-2024-33662
* CVE-2024-36814
* CVE-2024-38365
* CVE-2024-39223
* CVE-2024-47003
* CVE-2024-47067
* CVE-2024-47182
* CVE-2024-47534
* CVE-2024-47616
* CVE-2024-47825
* CVE-2024-47827
* CVE-2024-47832
* CVE-2024-47877
* CVE-2024-48909
* CVE-2024-48921
* CVE-2024-49380
* CVE-2024-49381
* CVE-2024-49753
* CVE-2024-49757
* CVE-2024-50312
* CVE-2024-7558
* CVE-2024-7594
* CVE-2024-8037
* CVE-2024-8038
* CVE-2024-8901
* CVE-2024-8975
* CVE-2024-8996
* CVE-2024-9180
* CVE-2024-9264
* CVE-2024-9312
* CVE-2024-9313
* CVE-2024-9341
* CVE-2024-9355
* CVE-2024-9407
* CVE-2024-9486
* CVE-2024-9594
* CVE-2024-9675

CVSS scores:

* CVE-2024-9264 ( SUSE ): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2024-9264 ( SUSE ): 9.4 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-9341 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
* CVE-2024-9341 ( SUSE ): 5.8 CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2024-9407 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
* CVE-2024-9407 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2024-9675 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2024-9675 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 44 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the govulncheck-vulndb-0.0.20241030T212825-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* govulncheck-vulndb 0.0.20241030T212825-1.1

## References:

* https://www.suse.com/security/cve/CVE-2022-45157.html
* https://www.suse.com/security/cve/CVE-2023-22644.html
* https://www.suse.com/security/cve/CVE-2023-32197.html
* https://www.suse.com/security/cve/CVE-2024-10214.html
* https://www.suse.com/security/cve/CVE-2024-10241.html
* https://www.suse.com/security/cve/CVE-2024-22030.html
* https://www.suse.com/security/cve/CVE-2024-22036.html
* https://www.suse.com/security/cve/CVE-2024-33662.html
* https://www.suse.com/security/cve/CVE-2024-36814.html
* https://www.suse.com/security/cve/CVE-2024-38365.html
* https://www.suse.com/security/cve/CVE-2024-39223.html
* https://www.suse.com/security/cve/CVE-2024-47003.html
* https://www.suse.com/security/cve/CVE-2024-47067.html
* https://www.suse.com/security/cve/CVE-2024-47182.html
* https://www.suse.com/security/cve/CVE-2024-47534.html
* https://www.suse.com/security/cve/CVE-2024-47616.html
* https://www.suse.com/security/cve/CVE-2024-47825.html
* https://www.suse.com/security/cve/CVE-2024-47827.html
* https://www.suse.com/security/cve/CVE-2024-47832.html
* https://www.suse.com/security/cve/CVE-2024-47877.html
* https://www.suse.com/security/cve/CVE-2024-48909.html
* https://www.suse.com/security/cve/CVE-2024-48921.html
* https://www.suse.com/security/cve/CVE-2024-49380.html
* https://www.suse.com/security/cve/CVE-2024-49381.html
* https://www.suse.com/security/cve/CVE-2024-49753.html
* https://www.suse.com/security/cve/CVE-2024-49757.html
* https://www.suse.com/security/cve/CVE-2024-50312.html
* https://www.suse.com/security/cve/CVE-2024-7558.html
* https://www.suse.com/security/cve/CVE-2024-7594.html
* https://www.suse.com/security/cve/CVE-2024-8037.html
* https://www.suse.com/security/cve/CVE-2024-8038.html
* https://www.suse.com/security/cve/CVE-2024-8901.html
* https://www.suse.com/security/cve/CVE-2024-8975.html
* https://www.suse.com/security/cve/CVE-2024-8996.html
* https://www.suse.com/security/cve/CVE-2024-9180.html
* https://www.suse.com/security/cve/CVE-2024-9264.html
* https://www.suse.com/security/cve/CVE-2024-9312.html
* https://www.suse.com/security/cve/CVE-2024-9313.html
* https://www.suse.com/security/cve/CVE-2024-9341.html
* https://www.suse.com/security/cve/CVE-2024-9355.html
* https://www.suse.com/security/cve/CVE-2024-9407.html
* https://www.suse.com/security/cve/CVE-2024-9486.html
* https://www.suse.com/security/cve/CVE-2024-9594.html
* https://www.suse.com/security/cve/CVE-2024-9675.html



openSUSE-SU-2024:14446-1: moderate: docker-stable-24.0.9_ce-1.1 on GA media


# docker-stable-24.0.9_ce-1.1 on GA media

Announcement ID: openSUSE-SU-2024:14446-1
Rating: moderate

Cross-References:

* CVE-2024-41110

CVSS scores:

* CVE-2024-41110 ( SUSE ): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the docker-stable-24.0.9_ce-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* docker-stable 24.0.9_ce-1.1
* docker-stable-bash-completion 24.0.9_ce-1.1
* docker-stable-buildx 0.17.1-1.1
* docker-stable-fish-completion 24.0.9_ce-1.1
* docker-stable-rootless-extras 24.0.9_ce-1.1
* docker-stable-zsh-completion 24.0.9_ce-1.1

## References:

* https://www.suse.com/security/cve/CVE-2024-41110.html



openSUSE-SU-2024:14448-1: moderate: java-17-openjdk-17.0.13.0-1.1 on GA media


# java-17-openjdk-17.0.13.0-1.1 on GA media

Announcement ID: openSUSE-SU-2024:14448-1
Rating: moderate

Cross-References:

* CVE-2024-21208
* CVE-2024-21210
* CVE-2024-21217
* CVE-2024-21235

CVSS scores:

* CVE-2024-21208 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-21208 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2024-21210 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2024-21210 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2024-21217 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-21217 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2024-21235 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2024-21235 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves 4 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the java-17-openjdk-17.0.13.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* java-17-openjdk 17.0.13.0-1.1
* java-17-openjdk-demo 17.0.13.0-1.1
* java-17-openjdk-devel 17.0.13.0-1.1
* java-17-openjdk-headless 17.0.13.0-1.1
* java-17-openjdk-javadoc 17.0.13.0-1.1
* java-17-openjdk-jmods 17.0.13.0-1.1
* java-17-openjdk-src 17.0.13.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2024-21208.html
* https://www.suse.com/security/cve/CVE-2024-21210.html
* https://www.suse.com/security/cve/CVE-2024-21217.html
* https://www.suse.com/security/cve/CVE-2024-21235.html