Security update for cosign

This update for cosign rebuilds it against the current go 1.25 security release. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for your product: openSUSE Leap 15....

SUSE-SU-2026:20904-1 Security update for cosign

This update for cosign fixes the following issues: Update to version 3.0.5: - CVE-2026-24122: Fixed improper validation of certificates that outlive expired CA certificates bsc1258542 - CVE-2026-26958: Fixed filippo.io/edwards25519: failure to initialize receiver in MultiScalarMult can produce...

SUSE-SU-2026:0777-1 Security update for cosign

This update for cosign fixes the following issues: Update to version 3.0.5 jscSLE-23879. Security issues fixed: - CVE-2025-11065: github.com/go-viper/mapstructure/v2: sensitive Information leak in logs bsc1250620. - CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cau...

cosign-2.5.3-1.1 on GA media (moderate)

cosign-2.5.3-1.1 on GA media Announcement ID: openSUSE-SU-2025:15355-1 Rating: moderate Cross-References: CVE-2025-46569 CVSS scores: CVE-2025-46569 SUSE : 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L CVE-2025-46569 SUSE : 7.6 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N...

Security update for cosign

This update for cosign fixes the following issues: CVE-2024-6104: cosign: hashicorp/go-retryablehttp: Fixed sensitive information disclosure to log file bsc1227031 CVE-2024-51744: cosign: github.com/golang-jwt/jwt/v4: Fixed bad documentation of error handling in ParseWithClaims leading to...

SUSE-SU-2024:1486-1 Security update for cosign

This update for cosign fixes the following issues: - CVE-2024-29902: Fixed denial of service on host machine via remote image with a malicious attachments bsc1222835 - CVE-2024-29903: Fixed denial of service on host machine via malicious software artifacts bsc1222837 Other fixes: - Updated to 2.2...

SUSE-SU-2024:0430-1 Security update for cosign

This update for cosign fixes the following issues: Updated to 2.2.3 jscSLE-23879: Bug Fixes: Fix race condition on verification with multiple signatures attached to image 3486 fixclean: Fix clean cmd for private registries 3446 Fixed BYO PKI verification 3427 Features: Allow for option in cosign...

SUSE-SU-2023:4870-1 Security update for cosign

This update for cosign fixes the following issues: Updated to 2.2.1 jscSLE-23879 - Enhancements: CVE-2023-46737: Possible endless data attack from attacker-controlled registry bsc1216933 feat: Support basic auth and bearer auth login to registry 3310 add support for ignoring certificates with...

SUSE-SU-2022:3486-1 Security update for cosign

This update for cosign fixes the following issues: Updated to version 1.12.0 jscSLE-23879: - CVE-2022-36056: Fixed verify-blob could successfully verify an artifact when verification should have failed bsc1203430...