SUSE: Security Advisory (SUSE-SU-2026:20976-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2026:20976-1 Security update for docker-compose

This update for docker-compose fixes the following issues: - CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request bsc1253584. - CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validat...

SUSE-SU-2026:20871-1 Security update for docker-compose

This update for docker-compose fixes the following issue: - CVE-2025-62725: OCI compose artifacts can be used to escape the cache directory and overwrite arbitrary files bsc1252752...

CVE-2025-62725

creationtimestamp| type| source ---|---|--- 2025-10-27 22:05:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m47gfvoobr2o 2025-10-29 01:38:49+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3m4ccsu4tra2w 2025-10-29 06:06:28+00:00| seen|...

CVE-2025-62725

Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...

CVE-2025-62725 Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations

Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...