SUSE-CU-2025:5156-1: Security update of suse/cosign
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Jul 10 07:28:45 UTC 2025
SUSE Container Update Advisory: suse/cosign
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:5156-1
Container Tags : suse/cosign:2 , suse/cosign:2.5 , suse/cosign:2.5.0 , suse/cosign:2.5.0-11.15 , suse/cosign:latest
Container Release : 11.15
Severity : low
Type : security
References : 1236931 1239119 1239817 CVE-2025-30258
-----------------------------------------------------------------
The container suse/cosign was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2259-1
Released: Wed Jul 9 17:18:02 2025
Summary: Recommended update for gpg2
Type: security
Severity: low
References: 1236931,1239119,1239817,CVE-2025-30258
This update for gpg2 fixes the following issues:
- CVE-2025-30258: Fixed DoS due to a malicious subkey in the keyring (bsc#1239119).
Other bugfixes:
- Do not install expired sks certificate (bsc#1243069).
- gpg hangs when importing a key (bsc#1236931).
The following package changes have been done:
- gpg2-2.4.4-150600.3.9.1 updated
- container:registry.suse.com-bci-bci-micro-15.7-41cc47eee6293a3d0e22a28860735271035596a7640eabad0930777dce1a528d-0 updated
More information about the sle-container-updates
mailing list