SUSE CVE Pages

SUSE offers various self-service options for getting information on Security Issues.

One of these self-service options that are intended for human consumption are our CVE Pages.

For every CVE that might be related to our products we provide a webpage with our current status.

These pages cover SUSE Enterprise products, and also contain content for the openSUSE distributions.

The detailed evaluation in regards to scoring and affectedness is done only for SUSE Enterprise products.

If you find details missing or think they are incorrect, please work with your support engineer or contact SUSE Security.

Upstream Information

This is the text that the central CVE assignment authority has given this problem. A link to the CVE page at Mitre is also included.

Overall State

This specifies the internal processing state at SUSE of the issue.

• Resolved: Everything is considered to be done to address this issue.
• Does not affect SUSE: This problem does not affect SUSE Enterprise products.
• Pending: This issue still contains packages that need to be fixed.
• Running: Updates are currently in QA.
• Analysis: The SUSE Security Team is currently analysing this issue.
• New: This issue is waiting for Analysis.
• Postponed: This issue is waiting for more information before analysis can continue.
• Ignore: This issue is considered too minor to be fixed as it likely has no real world impact.

Rating

This gives the simplified rating as described on SUSE Security Rating Page.

CVSS scores

The next part of the page is listing both the CVSS v2 and CVSS v3 scoring of this issue.
We include both the NVD CVSS scores and the SUSE scores side by side.

Note that we only score issues affecting our SUSE Enterprise products.

We are scoring security issues using CVSS v3.1 (We stopped CVSS v2 scoring in 2019.)

SUSE Bugzilla Entries

The SUSE Bugzilla entries referencing this issue are listed and their current state.

Please note that these bugreports are meant for technical cooperation on these issues and not for user consumption or user support.

SUSE Security Advisories

A list linking to the published SUSE Security Advisories and for critical issues also the Technical Information Document (TID).

List of released packages

The packages with their exact version numbers that we have released to fix these issues in a table, by product, packages with versions and also with cross references.

For getting released packages in a programmatic way we offer OVAL and CVRF data.

List of packages in QA

This section lists all the packages that are currently in the QA. If this section is not present, nothing is currently in QA.

List of planned updates

The products and packages were we plan to release updates at some point in the future.

Status of this issue by product and package

The internal evaluation state for every product and package pair.

Following states are possible:

• Already Fixed: The package is not affected by the problem, e.g. we ship a newer version.
• Affected: The package is affected by the problem.
• Released: An update for this package was released.
• Unsupported: The codestream is no longer supported.
• Not affected: This package is considered not to be affected.
• Analysis: This package is being analyzed for affectedness.
• In Progress: An update is currently in QA.
• Ignore: The issue is being ignored as it either is too minor or other mitigating circumstances are present.
• Won’t fix: The issue affects SUSE, but will not be fixed due to too low severity or other mitigating circumstances.

Note that the evaluation state can still change, especially on fresh issues if more information is received or researched.

Also check out our SUSE Security Portal.