{"affected":[{"ecosystem_specific":{"binaries":[{"elemental-toolkit":"2.1.3-1.1"}]},"package":{"ecosystem":"SUSE:Linux Micro 6.0","name":"elemental-toolkit","purl":"pkg:rpm/suse/elemental-toolkit&distro=SUSE%20Linux%20Micro%206.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.1.3-1.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for elemental-toolkit fixes the following issues:\n\n- Updated to version 2.1.3:\n  * Simplify podman calls in CI steup\n  * Switched GHA runners to Ubuntu 24.04\n  * Updated year in headers\n  * Updated to go1.23, required by the new x/crypto module\n  * CVE-2025-22870: Fixed proxy bypass using IPv6 zone IDs (bsc#1238700)\n  * CVE-2025-22869: golang.org/x/crypto/ssh: Fixed Denial of Service in the Key Exchange (bsc#1239335)\n","id":"SUSE-SU-2025:20210-1","modified":"2025-04-29T11:13:15Z","published":"2025-04-29T11:13:15Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202520210-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1238700"},{"type":"REPORT","url":"https://bugzilla.suse.com/1239335"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-22869"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-22870"}],"related":["CVE-2025-22869","CVE-2025-22870"],"summary":"Security update for elemental-toolkit","upstream":["CVE-2025-22869","CVE-2025-22870"]}