{"affected":[{"ecosystem_specific":{"binaries":[{"podman":"4.9.5-3.1","podman-docker":"4.9.5-3.1","podman-remote":"4.9.5-3.1","podmansh":"4.9.5-3.1"}]},"package":{"ecosystem":"SUSE:Linux Micro 6.0","name":"podman","purl":"pkg:rpm/suse/podman&distro=SUSE%20Linux%20Micro%206.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.9.5-3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for podman fixes the following issues:\n\n- CVE-2025-27144: Fixed gopkg.in/square/go-jose.v2,gopkg.in/go-jose/go-jose.v2,github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: Go JOSE's Parsing Vulnerable to Denial of Service (bsc#1237641):\n- CVE-2024-11218: Fixed github.com/containers/buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile  (bsc#1236270):\n- CVE-2023-45288: Fixed golang.org/x/net/http2: close connections when receiving too many headers (bsc#1236507):\n- CVE-2024-6104: Fixed hashicorp/go-retryablehttp: url might write sensitive information to log file  (bsc#1227052):\n\n","id":"SUSE-SU-2025:20143-1","modified":"2025-03-12T10:31:01Z","published":"2025-03-12T10:31:01Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202520143-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1227052"},{"type":"REPORT","url":"https://bugzilla.suse.com/1236270"},{"type":"REPORT","url":"https://bugzilla.suse.com/1236507"},{"type":"REPORT","url":"https://bugzilla.suse.com/1237641"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-45288"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-11218"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-6104"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-9407"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-27144"}],"related":["CVE-2023-45288","CVE-2024-11218","CVE-2024-6104","CVE-2024-9407","CVE-2025-27144"],"summary":"Security update for podman","upstream":["CVE-2023-45288","CVE-2024-11218","CVE-2024-6104","CVE-2024-9407","CVE-2025-27144"]}