SUSE-SU-2026:20551-1 Security update for kubevirt

This update for kubevirt fixes the following issues: Update to version 1.7.0 bsc1257128. Security issues fixed: - CVE-2025-64435: logic flaw in the virt-controller can lead to incorrect status updates and potentially causing a DoS bsc1253189. - CVE-2024-45310: kubevirt vendored...

Security update for docker

This update for docker fixes the following issues: Update to Docker 28.2.2-ce bsc1243833, bsc1242114: CVE-2025-0495: Fixed credential leakage to telemetry endpoints when credentials allowed to be set as attribute values in cache-to/cache-from configuration.bsc1239765 CVE-2025-22872:...

Medium: ecs-init

Issue Overview: The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result i...

AZL-60459 CVE-2025-22872 affecting package cri-tools for versions less than 1.32.0-2

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

AZL-65664 CVE-2025-22872 affecting package nvidia-container-toolkit for versions less than 1.17.8-3

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

AZL-60542 CVE-2025-22872 affecting package gh for versions less than 2.62.0-8

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

AZL-60588 CVE-2025-22872 affecting package telegraf for versions less than 1.29.4-16

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

AZL-60492 CVE-2025-22872 affecting package ig for versions less than 0.37.0-4

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

AZL-60474 CVE-2025-22872 affecting package multus for versions less than 4.0.2-5

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

AZL-61812 CVE-2025-22872 affecting package cri-o 1.30.1-1

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

AZL-61762 CVE-2025-22872 affecting package podman for versions less than 5.6.1-2

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

AZL-60486 CVE-2025-22872 affecting package containerd2 for versions less than 2.0.0-9

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

AZL-60528 CVE-2025-22872 affecting package cert-manager for versions less than 1.12.15-4

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

AZL-60502 CVE-2025-22872 affecting package cni-plugins for versions less than 1.3.0-8

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

AZL-60467 CVE-2025-22872 affecting package docker-buildx for versions less than 0.14.0-6

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...