SUSE CVE Pages
SUSE offers various self-service options for getting information on Security Issues.
One of these self-service options that are intended for human consumption are our CVE Pages.
For every CVE that might be related to our products we provide a webpage with our current status.
These pages cover SUSE Enterprise products, and also contain content for the openSUSE distributions.
The detailed evaluation in regards to scoring and affectedness is done only for SUSE Enterprise products.
If you find details missing or think they are incorrect, please work with your support engineer or contact SUSE Security.
This is the text that the central CVE assignment authority has given this problem. A link to the CVE page at Mitre is also included.
This specifies the internal processing state at SUSE of the issue.
- Resolved: Everything is considered to be done to address this issue.
- Does not affect SUSE: This problem does not affect SUSE Enterprise products.
- Pending: This issue still contains packages that need to be fixed.
- Running: Updates are currently in QA.
- Analysis: The SUSE Security Team is currently analysing this issue.
- New: This issue is waiting for Analysis.
- Postponed: This issue is waiting for more information before analysis can continue.
- Ignore: This issue is considered too minor to be fixed as it likely has no real world impact.
This gives the simplified rating as described on SUSE Security Rating Page.
Note that we only score issues affecting our SUSE Enterprise products.
We are scoring security issues using CVSS v3. (We stopped CVSS v2 scoring a year ago.)
SUSE Bugzilla Entries
The SUSE Bugzilla entries referencing this issue are listed and their current state.
Please note that these bugreports are meant for technical cooperation on these issues and not for user consumption or user support.
SUSE Security Advisories
A list linking to the published SUSE Security Advisories and for critical issues also the Technical Information Document (TID).
List of released packages
The packages with their exact version numbers that we have released to fix these issues in a table, by product, packages with versions and also with cross references to the SUSE Patchbuilder site.
List of packages in QA
This section lists all the packages that are currently in the QA. If this section is not present, nothing is currently in QA.
List of planned updates
The products and packages were we plan to release updates at some point in the future.
Status of this issue by product and package
The internal evaluation state for every product and package pair.
Following states are possible:
- Already Fixed: The package is not affected by the problem, e.g. we ship a newer version.
- Affected: The package is affected by the problem.
- Released: An update for this package was released.
- Unsupported: The codestream is no longer supported.
- Not affected: This package is considered not to be affected.
- Analysis: This package is being analysed for affectedness.
- In Progress: An update is currently in QA.
- Ignore: The issue is being ignored as it either is too minor or other mitigating circumstances are present.
Note that the evaluation state can still change, especially on fresh issues if more information is received or researched.
Also check out our SUSE Security Portal.