Lucene search
SuseSUSE-SU-2022:3486-1HistoryOct 01, 2022 - 12:00 a.m.
Security update for cosign (important)
2022-10-0100:00:00
lists.opensuse.org
22
cosign
update
cve-2022-36056
version 1.12.0
vulnerability
suse
installation methods
patch
opensuse leap 15.4
suse linux enterprise module for basesystem 15-sp4
EPSS
0
Percentile
12.8%
An update that fixes one vulnerability, contains one
feature is now available.
Description:
This update for cosign fixes the following issues:
Updated to version 1.12.0 (jsc#SLE-23879):
- CVE-2022-36056: Fixed verify-blob could successfully verify an artifact
when verification should have failed (bsc#1203430).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3486=1
-
SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3486=1
Related
alpinelinux
alpinelinux
CVE-2022-36056
2022-09-14 20:15:09
nvd
nvd
CVE-2022-36056
2022-09-14 20:15:09
veracode
veracode
Authorization Bypass
2022-09-15 05:15:20
nessus
nessus
SUSE SLED15 / SLES15 Security Update : cosign (SUSE-SU-2022:3486-1)
2022-10-02 00:00:00
openvas
openvas
openSUSE: Security Advisory for cosign (SUSE-SU-2022:3486-1)
2022-10-02 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3486-1)
2022-10-03 00:00:00
osv
osv
Improper blob verification in github.com/sigstore/cosign
2023-11-09 19:35:28
CVE-2022-36056
2022-09-14 20:15:09
redhatcve
redhatcve
CVE-2022-36056
2022-09-21 15:49:22
cve
cve
CVE-2022-36056
2022-09-14 20:15:09
prion
prion
Design/Logic Flaw
2022-09-14 20:15:00
github
github
cvelist
cvelist
CVE-2022-36056 Vulnerabilities with blob verification in sigstore cosign
2022-09-14 19:50:09
redhat
redhat
(RHSA-2022:8827) Low: RHACS 3.73 enhancement and security update
2022-12-06 13:04:45