{"affected":[{"ecosystem_specific":{"binaries":[{"apptainer":"1.4.5-150600.4.12.1","apptainer-sle15_7":"1.4.5-150600.4.12.1","libsquashfuse0":"0.5.0-150600.3.2.1","squashfuse":"0.5.0-150600.3.2.1","squashfuse-tools":"0.5.0-150600.3.2.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for HPC 15 SP7","name":"apptainer","purl":"pkg:rpm/suse/apptainer&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP7"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.4.5-150600.4.12.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"apptainer":"1.4.5-150600.4.12.1","apptainer-sle15_7":"1.4.5-150600.4.12.1","libsquashfuse0":"0.5.0-150600.3.2.1","squashfuse":"0.5.0-150600.3.2.1","squashfuse-tools":"0.5.0-150600.3.2.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for HPC 15 SP7","name":"squashfuse","purl":"pkg:rpm/suse/squashfuse&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP7"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.5.0-150600.3.2.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"apptainer":"1.4.5-150600.4.12.1","apptainer-sle15_6":"1.4.5-150600.4.12.1","libsquashfuse0":"0.5.0-150600.3.2.1","squashfuse":"0.5.0-150600.3.2.1","squashfuse-tools":"0.5.0-150600.3.2.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP6-LTSS","name":"apptainer","purl":"pkg:rpm/suse/apptainer&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.4.5-150600.4.12.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"apptainer":"1.4.5-150600.4.12.1","apptainer-sle15_6":"1.4.5-150600.4.12.1","libsquashfuse0":"0.5.0-150600.3.2.1","squashfuse":"0.5.0-150600.3.2.1","squashfuse-tools":"0.5.0-150600.3.2.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP6-LTSS","name":"squashfuse","purl":"pkg:rpm/suse/squashfuse&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.5.0-150600.3.2.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"apptainer":"1.4.5-150600.4.12.1","apptainer-leap":"1.4.5-150600.4.12.1","apptainer-sle15_6":"1.4.5-150600.4.12.1","libsquashfuse0":"0.5.0-150600.3.2.1","squashfuse":"0.5.0-150600.3.2.1","squashfuse-devel":"0.5.0-150600.3.2.1","squashfuse-tools":"0.5.0-150600.3.2.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"apptainer","purl":"pkg:rpm/opensuse/apptainer&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.4.5-150600.4.12.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"apptainer":"1.4.5-150600.4.12.1","apptainer-leap":"1.4.5-150600.4.12.1","apptainer-sle15_6":"1.4.5-150600.4.12.1","libsquashfuse0":"0.5.0-150600.3.2.1","squashfuse":"0.5.0-150600.3.2.1","squashfuse-devel":"0.5.0-150600.3.2.1","squashfuse-tools":"0.5.0-150600.3.2.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"squashfuse","purl":"pkg:rpm/opensuse/squashfuse&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.5.0-150600.3.2.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for apptainer fixes the following issues:\n\nSecurity fixes:\n\n- CVE-2024-45310: Fixed runc being tricked into creating empty \n  files/directories on host (bsc#1257432)\n- CVE-2025-65105: Fixed security bypass due to disabling security \n  options (bsc#1255462)\n- CVE-2025-47914: Fixed malformed constraint may cause denial of \n  service in golang.org/x/crypto/ssh/agent (bsc#1253967)\n- CVE-2025-58181: Fixed unbounded memory consumption in \n  golang.org/x/crypto/ssh (bsc#1253784)\n- CVE-2025-47913: Fixed potential denial of service in \n  golang.org/x/crypto/ssh/agent (bsc#1253506)\n- CVE-2025-22872: Fixed incorrect Neutralization of Input During \n  Web Page Generation in x/net (bsc#1241710)\n- CVE-2025-22870: Fixed HTTP Proxy bypass using IPv6 Zone IDs in \n  golang.org/x/net (bsc#1238611)\n- CVE-2025-22869: Fixed potential denial of service in \n  golang.org/x/crypto (bsc#1239322)\n- CVE-2025-27144: Fixed DoS in go-jose Parsing in \n  github.com/go-jose/go-jose (bsc#1237608)\n- CVE-2025-8556: Fixed missing and wrong validation can lead \n  to incorrect results in github.com/cloudflare/circl\n\nOther fixes:\n\n- Update to 1.4.5\n","id":"SUSE-SU-2026:0439-1","modified":"2026-02-11T09:30:02Z","published":"2026-02-11T09:30:02Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2026/suse-su-20260439-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1237608"},{"type":"REPORT","url":"https://bugzilla.suse.com/1238611"},{"type":"REPORT","url":"https://bugzilla.suse.com/1239322"},{"type":"REPORT","url":"https://bugzilla.suse.com/1241710"},{"type":"REPORT","url":"https://bugzilla.suse.com/1253506"},{"type":"REPORT","url":"https://bugzilla.suse.com/1253784"},{"type":"REPORT","url":"https://bugzilla.suse.com/1253967"},{"type":"REPORT","url":"https://bugzilla.suse.com/1255462"},{"type":"REPORT","url":"https://bugzilla.suse.com/1257432"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-45310"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-22869"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-22870"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-22872"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-27144"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-47913"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-47914"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-58181"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-65105"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-8556"}],"related":["CVE-2024-45310","CVE-2025-22869","CVE-2025-22870","CVE-2025-22872","CVE-2025-27144","CVE-2025-47913","CVE-2025-47914","CVE-2025-58181","CVE-2025-65105","CVE-2025-8556"],"summary":"Security update for apptainer","upstream":["CVE-2024-45310","CVE-2025-22869","CVE-2025-22870","CVE-2025-22872","CVE-2025-27144","CVE-2025-47913","CVE-2025-47914","CVE-2025-58181","CVE-2025-65105","CVE-2025-8556"]}