openSUSE Local Security Checks : openSUSE Security Advisory (SUSE-SU-2025:1332-1)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.18.2.2025.1332.1

Categoría: openSUSE Local Security Checks

Título: openSUSE Security Advisory (SUSE-SU-2025:1332-1)

Resumen: The remote host is missing an update for the 'rekor' package(s) announced via the SUSE-SU-2025:1332-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'rekor' package(s) announced via the SUSE-SU-2025:1332-1 advisory.

Vulnerability Insight:
This update for rekor fixes the following issues:

- CVE-2023-45288: rekor: golang.org/x/net/http2: Fixed close connections when receiving too many headers (bsc#1236519)
- CVE-2024-6104: rekor: hashicorp/go-retryablehttp: Fixed sensitive information disclosure inside log file (bsc#1227053)
- CVE-2025-22868: rekor: golang.org/x/oauth2/jws: Fixed unexpected memory consumption during token parsing (bsc#1239191)
- CVE-2025-22869: rekor: golang.org/x/crypto/ssh: Fixed denial of service in the Key Exchange (bsc#1239327)
- CVE-2025-27144: rekor: gopkg.in/go-jose/go-jose.v2,github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: Fixed denial of service in Go JOSE's parsing (bsc#1237638)
- CVE-2025-30204: rekor: github.com/golang-jwt/jwt/v5: Fixed jwt-go allowing excessive memory allocation during header parsing (bsc#1240468)

Other fixes:

- Update to version 1.3.10:
* Features
- Added --client-signing-algorithms flag (#1974)
* Fixes / Misc
- emit unpopulated values when marshalling (#2438)
- pkg/api: better logs when algorithm registry rejects a key
(#2429)
- chore: improve mysql readiness checks (#2397)
- Added --client-signing-algorithms flag (#1974)

- Update to version 1.3.9 (jsc#SLE-23476):
* Cache checkpoint for inactive shards (#2332)
* Support per-shard signing keys (#2330)

- Update to version 1.3.8:
* Bug Fixes
- fix zizmor issues (#2298)
- remove unneeded value in log message (#2282)
* Quality Enhancements
- chore: relax go directive to permit 1.22.x
- fetch minisign from homebrew instead of custom ppa (#2329)
- fix(ci): simplify GOVERSION extraction
- chore(deps): bump actions pins to latest
- Updates go and golangci-lint (#2302)
- update builder to use go1.23.4 (#2301)
- clean up spaces
- log request body on 500 error to aid debugging (#2283)

- Update to version 1.3.7:
* New Features
- log request body on 500 error to aid debugging (#2283)
- Add support for signing with Tink keyset (#2228)
- Add public key hash check in Signed Note verification (#2214)
- update Trillian TLS configuration (#2202)
- Add TLS support for Trillian server (#2164)
- Replace docker-compose with plugin if available (#2153)
- Add flags to backfill script (#2146)
- Unset DisableKeepalive for backfill HTTP client (#2137)
- Add script to delete indexes from Redis (#2120)
- Run CREATE statement in backfill script (#2109)
- Add MySQL support to backfill script (#2081)
- Run e2e tests on mysql and redis index backends (#2079)
* Bug Fixes
- remove unneeded value in log message (#2282)
- Add error message when computing consistency proof (#2278)
- fix validation error handling on API (#2217)
- fix error in pretty-printed inclusion proof from verify
subcommand (#2210)
- Fix index scripts (#2203)
- fix failing sharding test
- Better error handling in backfill script (#2148)
- Batch entries in cleanup script (#2158)
- Add missing workflow for index cleanup test (#2121)
- hashedrekord: fix schema $id (#2092)

Affected Software/OS:
'rekor' package(s) on openSUSE Leap 15.6.

Solution:
Please install the updated package(s).

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:S/C:C/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2023-45288
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/
https://go.dev/cl/576155
https://go.dev/issue/65051
https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M
https://pkg.go.dev/vuln/GO-2024-2687
http://www.openwall.com/lists/oss-security/2024/04/03/16
http://www.openwall.com/lists/oss-security/2024/04/05/4
Common Vulnerability Exposure (CVE) ID: CVE-2024-6104
https://discuss.hashicorp.com/c/security
Common Vulnerability Exposure (CVE) ID: CVE-2025-22868
Common Vulnerability Exposure (CVE) ID: CVE-2025-22869
Common Vulnerability Exposure (CVE) ID: CVE-2025-27144
Common Vulnerability Exposure (CVE) ID: CVE-2025-30204

Copyright Copyright (C) 2025 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.18.2.2025.1332.1
Categoría:	openSUSE Local Security Checks
Título:	openSUSE Security Advisory (SUSE-SU-2025:1332-1)
Resumen:	The remote host is missing an update for the 'rekor' package(s) announced via the SUSE-SU-2025:1332-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'rekor' package(s) announced via the SUSE-SU-2025:1332-1 advisory. Vulnerability Insight: This update for rekor fixes the following issues: - CVE-2023-45288: rekor: golang.org/x/net/http2: Fixed close connections when receiving too many headers (bsc#1236519) - CVE-2024-6104: rekor: hashicorp/go-retryablehttp: Fixed sensitive information disclosure inside log file (bsc#1227053) - CVE-2025-22868: rekor: golang.org/x/oauth2/jws: Fixed unexpected memory consumption during token parsing (bsc#1239191) - CVE-2025-22869: rekor: golang.org/x/crypto/ssh: Fixed denial of service in the Key Exchange (bsc#1239327) - CVE-2025-27144: rekor: gopkg.in/go-jose/go-jose.v2,github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: Fixed denial of service in Go JOSE's parsing (bsc#1237638) - CVE-2025-30204: rekor: github.com/golang-jwt/jwt/v5: Fixed jwt-go allowing excessive memory allocation during header parsing (bsc#1240468) Other fixes: - Update to version 1.3.10: * Features - Added --client-signing-algorithms flag (#1974) * Fixes / Misc - emit unpopulated values when marshalling (#2438) - pkg/api: better logs when algorithm registry rejects a key (#2429) - chore: improve mysql readiness checks (#2397) - Added --client-signing-algorithms flag (#1974) - Update to version 1.3.9 (jsc#SLE-23476): * Cache checkpoint for inactive shards (#2332) * Support per-shard signing keys (#2330) - Update to version 1.3.8: * Bug Fixes - fix zizmor issues (#2298) - remove unneeded value in log message (#2282) * Quality Enhancements - chore: relax go directive to permit 1.22.x - fetch minisign from homebrew instead of custom ppa (#2329) - fix(ci): simplify GOVERSION extraction - chore(deps): bump actions pins to latest - Updates go and golangci-lint (#2302) - update builder to use go1.23.4 (#2301) - clean up spaces - log request body on 500 error to aid debugging (#2283) - Update to version 1.3.7: * New Features - log request body on 500 error to aid debugging (#2283) - Add support for signing with Tink keyset (#2228) - Add public key hash check in Signed Note verification (#2214) - update Trillian TLS configuration (#2202) - Add TLS support for Trillian server (#2164) - Replace docker-compose with plugin if available (#2153) - Add flags to backfill script (#2146) - Unset DisableKeepalive for backfill HTTP client (#2137) - Add script to delete indexes from Redis (#2120) - Run CREATE statement in backfill script (#2109) - Add MySQL support to backfill script (#2081) - Run e2e tests on mysql and redis index backends (#2079) * Bug Fixes - remove unneeded value in log message (#2282) - Add error message when computing consistency proof (#2278) - fix validation error handling on API (#2217) - fix error in pretty-printed inclusion proof from verify subcommand (#2210) - Fix index scripts (#2203) - fix failing sharding test - Better error handling in backfill script (#2148) - Batch entries in cleanup script (#2158) - Add missing workflow for index cleanup test (#2121) - hashedrekord: fix schema $id (#2092) Affected Software/OS: 'rekor' package(s) on openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:S/C:C/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2023-45288 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/ https://go.dev/cl/576155 https://go.dev/issue/65051 https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M https://pkg.go.dev/vuln/GO-2024-2687 http://www.openwall.com/lists/oss-security/2024/04/03/16 http://www.openwall.com/lists/oss-security/2024/04/05/4 Common Vulnerability Exposure (CVE) ID: CVE-2024-6104 https://discuss.hashicorp.com/c/security Common Vulnerability Exposure (CVE) ID: CVE-2025-22868 Common Vulnerability Exposure (CVE) ID: CVE-2025-22869 Common Vulnerability Exposure (CVE) ID: CVE-2025-27144 Common Vulnerability Exposure (CVE) ID: CVE-2025-30204
Copyright	Copyright (C) 2025 Greenbone AG