4 matches found
Security update for cosign
This update for cosign fixes the following issues: Update to version 3.0.5 jscSLE-23879. Security issues fixed: CVE-2025-11065: github.com/go-viper/mapstructure/v2: sensitive Information leak in logs bsc1250620. CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause...
cosign-3.0.5-1.1 on GA media (moderate)
cosign-3.0.5-1.1 on GA media Announcement ID: openSUSE-SU-2026:10235-1 Rating: moderate Cross-References: CVE-2026-22772 CVE-2026-23991 CVE-2026-23992 CVE-2026-24122 CVE-2026-24137 CVE-2026-26958 CVSS scores: CVE-2026-22772 SUSE : 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVE-2026-22772 SU...
CVE-2026-23992 go-tuf improperly validates the configured threshold for delegations
go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository can have the configured value of signature thresholds set to 0, which effectively disables signature verification. This can lead to...
CVE-2026-23992
The CVE-2026-23992 entry concerns go-tuf (Go implementation of The Update Framework). It states that in versions 2.0.0 up to but not including 2.3.1, a compromised or misconfigured TUF repository could configure signature thresholds to 0, effectively disabling signature verification. This can all...