SUSE CVE Pages

SUSE offers various self-service options for getting information on Security Issues.

One of these self-service options that are intended for human consumption are our CVE Pages.

For every CVE that might be related to our products we provide a webpage with our current status.

These pages cover SUSE Enterprise products, and also contain content for the openSUSE distributions and SUSE Rancher products.

The detailed evaluation in regards to scoring and affectedness is done only for SUSE Enterprise products.

If you find details missing or think they are incorrect, please work with your support engineer or contact SUSE Security.

Upstream Information

This is the text that the central CVE assignment authority has given this problem. A link to the CVE page at Mitre is also included.

Overall State

This specifies the internal processing state at SUSE of the issue.

• Resolved: This issue has been fixed with updates available.
• Does not affect SUSE: This problem does not affect SUSE Enterprise products.
• Pending: This issue still contains packages that need to be fixed.
• Running: Updates are currently in QA.
• Analysis: The SUSE Security Team is currently analysing this issue.
• New: This issue is waiting for Analysis.
• Postponed: This issue is waiting for more information before analysis can continue.
• Ignore: This issue is considered too minor to be fixed as it likely has no real world impact.
• Revisit: The issue is being reanalyzed after receiving new information.

Rating

This gives the simplified rating as described on SUSE Security Rating Page.

CVSS scores

The next part of the page is listing both the CVSS v2, CVSS v3.1 and CVSS v4.0 scoring of this issue.
We include both the NVD CVSS scores, the SUSE scores and optional CNA scores side by side.

Note that we only score issues affecting our SUSE Enterprise products.

We are scoring security issues using CVSS v3.1 and have started scoring with CVSS v4.0 in 2024. We stopped CVSS v2 scoring in 2019.

SUSE Bugzilla Entries

The SUSE Bugzilla entries referencing this issue are listed and their current state.

Please note that these bugreports are meant for technical cooperation on these issues and not for user consumption or user support.

SUSE Security Advisories

A list linking to the published SUSE Security Advisories and for critical issues also the Technical Information Document (TID).

List of released packages

The packages with their exact version numbers that we have released to fix these issues in a table, by product, packages with versions and also with cross references.

For getting released packages in a programmatic way we offer OVAL, CVRF and CSAF data.

List of packages in QA

This section lists all the packages that are currently in the QA. If this section is not present, nothing is currently in QA.

List of planned updates

The products and packages were we plan to release updates at some point in the future.

Status of this issue by product and package

The internal evaluation state for every product and package pair.

Following states are possible:

• Already Fixed: We identified a shipped update that fixes this for this product, but the CVE was not added at time of release of that update.
• Affected: The package is affected by the problem.
• Released: An update for this package was released and is listed on this page.
• Unsupported: The codestream is no longer supported.
• Not affected: This package is considered not to be affected in this product.
• Analysis: This package is being analyzed for affectedness.
• In Progress: An update is currently in QA.
• Ignore: The issue is being ignored as it either is too minor or other mitigating circumstances are present.
• Won’t fix: The issue affects SUSE, but will not be fixed due to too low severity or other mitigating circumstances.

Note that the evaluation state can still change, especially on fresh issues if more information is received or researched.

Also check out our SUSE Security Portal.