Security update for govulncheck-vulndb

Announcement ID:	SUSE-SU-2025:0297-1
Release Date:	2025-01-30T14:03:41Z
Rating:	moderate
References:	jsc#PED-11136
Cross-References:	CVE-2024-11218 CVE-2024-36402 CVE-2024-36403 CVE-2024-45336 CVE-2024-45339 CVE-2024-45340 CVE-2024-45341 CVE-2024-51491 CVE-2024-52281 CVE-2024-52594 CVE-2024-52602 CVE-2024-52791 CVE-2024-53263 CVE-2024-56138 CVE-2024-56323 CVE-2024-56515 CVE-2025-0377 CVE-2025-20033 CVE-2025-20086 CVE-2025-20088 CVE-2025-20621 CVE-2025-21088 CVE-2025-22149 CVE-2025-22445 CVE-2025-22449 CVE-2025-22865 CVE-2025-23028 CVE-2025-23047 CVE-2025-23208 CVE-2025-24030 CVE-2025-24337 CVE-2025-24354 CVE-2025-24355
CVSS scores:	CVE-2024-11218 ( SUSE ): 8.7 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVE-2024-11218 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H CVE-2024-11218 ( NVD ): 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVE-2024-36402 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2024-36403 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2024-45336 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2024-45339 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2024-45339 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2024-45339 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2024-45340 ( SUSE ): 7.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L CVE-2024-45340 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-45341 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2024-51491 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2024-52594 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2024-52602 ( NVD ): 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2024-52791 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2024-53263 ( NVD ): 8.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVE-2024-56138 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2024-56323 ( NVD ): 5.8 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVE-2024-56515 ( NVD ): 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N CVE-2025-0377 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2025-20033 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2025-20086 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-20088 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-20621 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-21088 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-22149 ( NVD ): 2.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVE-2025-22445 ( NVD ): 3.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N CVE-2025-22449 ( NVD ): 3.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N CVE-2025-22865 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-22865 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2025-23028 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2025-23028 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2025-23047 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2025-23208 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2025-24030 ( NVD ): 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2025-24337 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2025-24354 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2025-24355 ( NVD ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Affected Products:	openSUSE Leap 15.6 SUSE Linux Enterprise Desktop 15 SP6 SUSE Linux Enterprise Real Time 15 SP6 SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server for SAP Applications 15 SP6 SUSE Package Hub 15 15-SP6

An update that solves 33 vulnerabilities and contains one feature can now be installed.

Description:

This update for govulncheck-vulndb fixes the following issues:

• Update to version 0.0.20250128T150132 2025-01-28T15:01:32Z. Refs jsc#PED-11136 Go CVE Numbering Authority IDs added or updated with aliases:
• GO-2025-3409 CVE-2025-23208 GHSA-c9p4-xwr9-rfhx
• GO-2025-3410 CVE-2025-24337 GHSA-3qc3-mx6x-267h
• GO-2025-3413 CVE-2025-0377 GHSA-wpfp-cm49-9m9q
• GO-2025-3414 CVE-2024-11218 GHSA-5vpc-35f4-r8w6
• GO-2025-3415 CVE-2025-23028 GHSA-9m5p-c77c-f9j7
• GO-2025-3416 CVE-2025-23047 GHSA-h78m-j95m-5356
• GO-2025-3418 CVE-2025-24030 GHSA-j777-63hf-hx76
• GO-2025-3419 CVE-2025-24355 GHSA-v34r-vj4r-38j6

• GO-2025-3422 CVE-2025-24354

• Update to version 0.0.20250128T004730 2025-01-28T00:47:30Z. Refs jsc#PED-11136 Go CVE Numbering Authority IDs added or updated with aliases:

• GO-2025-3372 CVE-2024-45339
• GO-2025-3373 CVE-2024-45341
• GO-2025-3383 CVE-2024-45340
• GO-2025-3420 CVE-2024-45336

• GO-2025-3421 CVE-2025-22865

• Update to version 0.0.20250117T214834 2025-01-17T21:48:34Z. Refs jsc#PED-11136 Go CVE Numbering Authority IDs added or updated with aliases:

• GO-2025-3392 CVE-2025-20086 GHSA-5m7j-6gc4-ff5g
• GO-2025-3393 CVE-2025-21088 GHSA-8j3q-gc9x-7972
• GO-2025-3394 CVE-2025-20088 GHSA-45v9-w9fh-33j6
• GO-2025-3396 CVE-2024-52594
• GO-2025-3397 CVE-2024-36402 GHSA-8vmr-h7h5-cqhg
• GO-2025-3398 CVE-2024-52791 GHSA-gp86-q8hg-fpxj
• GO-2025-3399 CVE-2024-52602 GHSA-r6jg-jfv6-2fjv
• GO-2025-3400 CVE-2024-56515 GHSA-rcxc-wjgw-579r
• GO-2025-3401 CVE-2024-36403 GHSA-vc2m-hw89-qjxf

• GO-2025-3407 CVE-2025-20621 GHSA-w6xh-c82w-h997

• Update to version 0.0.20250115T172141 2025-01-15T17:21:41Z. Refs jsc#PED-11136 Go CVE Numbering Authority IDs added or updated with aliases:

• GO-2025-3381 CVE-2024-56138 GHSA-45v3-38pc-874v
• GO-2025-3382 CVE-2024-51491 GHSA-qjh3-4j3h-vmwp
• GO-2025-3384 CVE-2024-56323 GHSA-32q6-rr98-cjqv
• GO-2025-3390 CVE-2024-53263 GHSA-q6r2-x2cc-vrp7

• GO-2025-3391 CVE-2024-52281 GHSA-2v2w-8v8c-wcm9

• Update to version 0.0.20250109T194159 2025-01-09T19:41:59Z. Refs jsc#PED-11136 Go CVE Numbering Authority IDs added or updated with aliases:

• GO-2025-3376 CVE-2025-22149 GHSA-675f-rq2r-jw82
• GO-2025-3377 CVE-2025-22449 GHSA-q8fg-cp3q-5jwm
• GO-2025-3379 CVE-2025-20033 GHSA-2549-xh72-qrpm
• GO-2025-3380 CVE-2025-22445 GHSA-7rgp-4j56-fm79

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• openSUSE Leap 15.6
  zypper in -t patch openSUSE-SLE-15.6-2025-297=1
• SUSE Package Hub 15 15-SP6
  zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-297=1

Package List:

• openSUSE Leap 15.6 (noarch)
  • govulncheck-vulndb-0.0.20250128T150132-150000.1.29.1
• SUSE Package Hub 15 15-SP6 (noarch)
  • govulncheck-vulndb-0.0.20250128T150132-150000.1.29.1

References:

• https://www.suse.com/security/cve/CVE-2024-11218.html
• https://www.suse.com/security/cve/CVE-2024-36402.html
• https://www.suse.com/security/cve/CVE-2024-36403.html
• https://www.suse.com/security/cve/CVE-2024-45336.html
• https://www.suse.com/security/cve/CVE-2024-45339.html
• https://www.suse.com/security/cve/CVE-2024-45340.html
• https://www.suse.com/security/cve/CVE-2024-45341.html
• https://www.suse.com/security/cve/CVE-2024-51491.html
• https://www.suse.com/security/cve/CVE-2024-52281.html
• https://www.suse.com/security/cve/CVE-2024-52594.html
• https://www.suse.com/security/cve/CVE-2024-52602.html
• https://www.suse.com/security/cve/CVE-2024-52791.html
• https://www.suse.com/security/cve/CVE-2024-53263.html
• https://www.suse.com/security/cve/CVE-2024-56138.html
• https://www.suse.com/security/cve/CVE-2024-56323.html
• https://www.suse.com/security/cve/CVE-2024-56515.html
• https://www.suse.com/security/cve/CVE-2025-0377.html
• https://www.suse.com/security/cve/CVE-2025-20033.html
• https://www.suse.com/security/cve/CVE-2025-20086.html
• https://www.suse.com/security/cve/CVE-2025-20088.html
• https://www.suse.com/security/cve/CVE-2025-20621.html
• https://www.suse.com/security/cve/CVE-2025-21088.html
• https://www.suse.com/security/cve/CVE-2025-22149.html
• https://www.suse.com/security/cve/CVE-2025-22445.html
• https://www.suse.com/security/cve/CVE-2025-22449.html
• https://www.suse.com/security/cve/CVE-2025-22865.html
• https://www.suse.com/security/cve/CVE-2025-23028.html
• https://www.suse.com/security/cve/CVE-2025-23047.html
• https://www.suse.com/security/cve/CVE-2025-23208.html
• https://www.suse.com/security/cve/CVE-2025-24030.html
• https://www.suse.com/security/cve/CVE-2025-24337.html
• https://www.suse.com/security/cve/CVE-2025-24354.html
• https://www.suse.com/security/cve/CVE-2025-24355.html
• https://jira.suse.com/browse/PED-11136