openSUSE Security Update: Security update for trivy
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2023:0064-1
Rating:             moderate
References:         #1208091 
Cross-References:   CVE-2023-25165
CVSS scores:
                    CVE-2023-25165 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
                    CVE-2023-25165 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected Products:
                    openSUSE Backports SLE-15-SP4
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This update for trivy fixes the following issues:

   Update to version 0.37.3 (boo#1208091, CVE-2023-25165):

   * chore(helm): update Trivy from v0.36.1 to v0.37.2 (#3574)
   * ci: quote pros in c++ for semantic pr (#3605)
   * fix(image): check proxy settings from env for remote images (#3604)

   Update to version 0.37.2:

   * BREAKING: use normalized trivy-java-db (#3583)
   * fix(image): add timeout for remote images (#3582)
   * fix(misconf): handle dot files better (#3550)

   Update to version 0.37.1:

   * fix(sbom): download the Java DB when generating SBOM (#3539)
   * fix: use cgo free sqlite driver (#3521)
   * ci: fix path to dist folder (#3527)

   Update to version 0.37.0:

   * fix(image): close layers (#3517)
   * refactor: db client changed (#3515)
   * feat(java): use trivy-java-db to get GAV (#3484)
   * docs: add note about the limitation in Rekor (#3494)
   * docs: aggregate targets (#3503)
   * deps: updates wazero to 1.0.0-pre.8 (#3510)
   * docs: add alma 9 and rocky 9 to supported os (#3513)
   * chore: add missing target labels (#3504)
   * docs: add java vulnerability page (#3429)
   * feat(image): add support for Docker CIS Benchmark (#3496)
   * feat(image): secret scanning on container image config (#3495)
   * chore(deps): Upgrade defsec to v0.82.8 (#3488)
   * feat(image): scan misconfigurations in image config (#3437)
   * chore(helm): update Trivy from v0.30.4 to v0.36.1 (#3489)
   * feat(k8s): add node info resource (#3482)
   * perf(secret): optimize secret scanning memory usage (#3453)
   * feat: support aliases in CLI flag, env and config (#3481)
   * fix(k8s): migrate rbac k8s (#3459)
   * feat(java): add implementationVendor and specificationVendor fields to
     detect GroupID from MANIFEST.MF (#3480)
   * refactor: rename security-checks to scanners (#3467)
   * chore: display the troubleshooting URL for the DB denial error (#3474)
   * docs: yaml tabs to spaces, auto create namespace (#3469)
   * docs: adding show-and-tell template to GH discussions (#3391)
   * fix: Fix a temporary file leak in case of error (#3465)
   * fix(test): sort cyclonedx components (#3468)
   * docs: fixing spelling mistakes (#3462)
   * ci: set paths triggering VM tests in PR (#3438)
   * docs: typo in --skip-files (#3454)
   * feat(custom-forward): Extended advisory data (#3444)
   * docs: fix spelling error (#3436)
   * refactor(image): extend image config analyzer (#3434)
   * fix(nodejs): add ignore protocols to yarn parser (#3433)
   * fix(db): check proxy settings when using insecure flag (#3435)
   * feat(misconf): Fetch policies from OCI registry (#3015)
   * ci: downgrade Go to 1.18 and use stable and oldstable go versions for
     unit tests (#3413)
   * ci: store URLs to Github Releases in RPM repository (#3414)
   * feat(server): add support of `skip-db-update` flag for hot db update
     (#3416)
   * fix(image): handle wrong empty layer detection (#3375)
   * test: fix integration tests for spdx and cycloneDX (#3412)
   * feat(python): Include Conda packages in SBOMs (#3379)
   * feat: add support pubspec.lock files for dart (#3344)
   * fix(image): parsePlatform is failing with UNAUTHORIZED error (#3326)
   * fix(license): change normalize for GPL-3+-WITH-BISON-EXCEPTION (#3405)
   * feat(server): log errors on server side (#3397)
   * docs: rewrite installation docs and general improvements (#3368)
   * chore: update code owners (#3393)
   * chore: test docs separately from code (#3392)
   * docs: use the formula maintained by Homebrew (#3389)
   * docs: add `Security Management` section with SonarQube plugin

   Update to version 0.36.1:

   * fix(deps): fix errors on yarn.lock files that contain local file
     reference (#3384)
   * feat(flag): early fail when the format is invalid (#3370)
   * docs(aws): fix broken links (#3374)

   Update to version 0.36.0:

   * docs: improve compliance docs (#3340)
   * feat(deps): add yarn lock dependency tree (#3348)
   * fix: compliance change id and title naming (#3349)
   * feat: add support for mix.lock files for elixir language (#3328)
   * feat: add k8s cis bench (#3315)
   * test: disable SearchLocalStoreByNameOrDigest test for non-amd64 arch
     (#3322)
   * revert: cache merged layers (#3334)
   * feat(cyclonedx): add recommendation (#3336)
   * feat(ubuntu): added support ubuntu ESM versions (#1893)
   * fix: change logic to build relative paths for skip-dirs and skip-files
     (#3331)
   * feat: Adding support for Windows testing (#3037)
   * feat: add support for Alpine 3.17 (#3319)
   * docs: change PodFile.lock to Podfile.lock (#3318)
   * fix(sbom): support for the detection of old CycloneDX predicate type
     (#3316)
   * feat(secret): Use .trivyignore for filtering secret scanning result
     (#3312)
   * chore(go): remove experimental FS API usage in Wasm (#3299)
   * ci: add workflow to add issues to roadmap project (#3292)
   * fix(vuln): include duplicate vulnerabilities with different package
     paths in the final report (#3275)
   * feat(sbom): better support for third-party SBOMs (#3262)
   * docs: add information about languages with support for dependency
     locations (#3306)
   * feat(vm): add `region` option to vm scan to be able to scan any region's
     ami and ebs snapshots (#3284)
   * fix(vuln): change severity vendor priority for ghsa-ids and vulns from
     govuln (#3255)
   * docs: remove comparisons (#3289)
   * feat: add support for Wolfi Linux (#3215)
   * ci: add go.mod to canary workflow (#3288)
   * feat(python): skip dev dependencies (#3282)
   * chore: update ubuntu version for Github action runnners (#3257)
   * fix(go): skip dep without Path for go-binaries (#3254)
   * feat(rust): add ID for cargo pgks (#3256)
   * feat: add support for swift cocoapods lock files (#2956)
   * fix(sbom): use proper constants (#3286)
   * test(vm): import relevant analyzers (#3285)
   * feat: support scan remote repository (#3131)
   * docs: fix typo in fluxcd (#3268)
   * docs: fix broken "ecosystem" link in readme (#3280)
   * feat(misconf): Add compliance check support (#3130)
   * docs: Adding Concourse resource for trivy (#3224)
   * chore(deps): change golang from 1.19.2 to 1.19 (#3249)
   * fix(sbom): duplicate dependson (#3261)
   * chore(go): updates wazero to 1.0.0-pre.4 (#3242)
   * feat(report): add dependency locations to sarif format (#3210)
   * fix(rpm): add rocky to osVendors (#3241)
   * docs: fix a typo (#3236)
   * feat(dotnet): add dependency parsing for nuget lock files (#3222)
   * docs: add pre-commit hook to community tools (#3203)
   * feat(helm): pass arbitrary env vars to trivy (#3208)

   Update to version 0.35.0:

   * chore(vm): update xfs filesystem parser for change log (#3230)
   * feat: add virtual machine scan command (#2910)
   * docs: reorganize index and readme (#3026)
   * fix: `slowSizeThreshold` should be less than `defaultSizeThreshold`
     (#3225)
   * feat: Export functions for trivy plugin (#3204)
   * feat(image): add support wildcard for platform os (#3196)
   * fix: load compliance report from file system (#3161)
   * fix(suse): use package name to get advisories (#3199)
   * docs(image): space issues during image scan (#3190)
   * feat(containerd): scan image by digest (#3075)
   * fix(vuln): add package name to title (#3183)
   * fix: present control status instead of compliance percentage in
     compliance report (#3181)
   * perf(license): remove go-enry/go-license-detector. (#3187)
   * fix: workdir command as empty layer (#3087)
   * docs: reorganize ecosystem section (#3025)
   * feat(dotnet): add support dependency location for dotnet-core files
     (#3095)
   * feat(dotnet): add support dependency location for nuget lock files
     (#3032)
   * chore: update code owners for misconfigurations (#3176)
   * feat: add slow mode (#3084)
   * docs: fix typo in enable-builin-rules mentions (#3118)
   * feat: Add maintainer field to OS packages (#3149)
   * docs: fix some typo (#3171)
   * docs: fix links on Built-in Policies page (#3124)
   * fix: Perform filepath.Clean first and then filepath.ToSlash for
     skipFile/skipDirs settings (#3144)
   * chore: use newline for semantic pr (#3172)
   * fix(spdx): rename describes field in spdx (#3102)
   * chore: handle GOPATH with several paths in make file (#3092)
   * docs(flag): add "rego" configuration file options (#3165)
   * chore(go): updates wazero to 1.0.0-pre.3 (#3090)
   * docs(license): fix typo inside quick start (#3134)
   * chore: update codeowners for docs (#3135)
   * fix(cli): exclude --compliance flag from non supported sub-commands
     (#3158)
   * fix: remove --security-checks none from image help (#3156)
   * fix: compliance flag description (#3160)
   * docs(k8s): fix a typo (#3163)

   Update to version 0.34.0:

   * feat(vuln): support dependency graph for RHEL/CentOS (#3094)
   * feat(vuln): support dependency graph for dpkg and apk (#3093)
   * perf(license): enable license classifier only with "--license-full"
     (#3086)
   * feat(report): add secret scanning to ASFF template (#2860)
   * feat: Allow override of containerd namespace (#3060)
   * fix(vuln): In alpine use Name as SrcName (#3079)
   * fix(secret): Alibaba AccessKey ID (#3083)

   Update to version 0.33.0:

   * refactor(k8s): custom reports (#3076)
   * fix(misconf): Bump in-toto-golang with correct CycloneDX predicate
     (#3068)
   * feat(image): add support for passing architecture and OS (#3012)
   * test: disable containerd integration tests for non-amd64 arch (#3073)
   * feat(server): Add support for client/server mode to rootfs command
     (#3021)
   * feat(vuln): support non-packaged binaries (#3019)
   * feat: compliance reports (#2951)
   * fix(flag): disable flag parsing for each plugin command (#3074)
   * feat(nodejs): add support dependency location for yarn.lock files (#3016)
   * chore: Switch github.com/liamg dependencies to github.com/aquasecurity
     (#3069)
   * feat: add k8s components (#2589)
   * fix(secret): update the regex for secrets scanning (#2964)
   * fix: bump trivy-kubernetes (#3064)
   * docs: fix missing 'image' subcommand (#3051)
   * chore: Patch golang x/text vulnerability (#3046)
   * chore: add licensed project logo (#3058)
   * feat(ubuntu): set Ubuntu 22.10 EOL (#3054)
   * refactor(analyzer): use strings.TrimSuffix instead of strings.HasSuffix
     (#3028)
   * feat(report): Use understandable value for shortDescription in SARIF
     reports (#3009)
   * docs(misconf): fix typo (#3043)
   * feat: add support for scanning azure ARM (#3011)
   * feat(report): add location.message to SARIF output (#3002) (#3003)
   * feat(nodejs): add dependency line numbers for npm lock files (#2932)
   * test(fs): add `--skip-files`, `--skip-dirs` (#2984)
   * docs: add Woodpecker CI integrations example (#2823)
   * fix(sbom): ref generation if serialNumber is empty when input is
     cyclonedx file (#3000)
   * fix(java): don't stop parsing jar file when wrong inner jar is found
     (#2989)
   * fix(sbom): use nuget purl type for dotnet-core (#2990)
   * perf: retrieve rekor entries in bulk (#2987)
   * feat(aws): Custom rego policies for AWS scanning (#2994)
   * docs: jq cli formatting (#2881)
   * docs(repo): troubleshooting $TMPDIR customization (#2985)
   * chore: run `go fmt` (#2897)
   * chore(go): updates wazero to 1.0.0-pre.2 (#2955)
   * fix(aws): Less function for slice sorting always returns false #2967
   * fix(java): fix unmarshal pom exclusions (#2936)

   Update to version 0.32.1:

   * fix(java): use fields of dependency from dependencyManagement from upper
     pom.xml to parse deps (#2943)
   * chore: expat lib and go binary deps vulns (#2940)
   * wasm: Removes accidentally exported memory (#2950)
   * fix(sbom): fix package name separation for gradle (#2906)
   * docs(readme.md): fix broken integrations link (#2931)
   * fix(image): handle images with single layer in rescan mergedLayers cache
     (#2927)
   * fix(cli): split env values with ',' for slice flags (#2926)
   * fix(cli): config/helm: also take into account files with `.yml` (#2928)
   * fix(flag): add file-patterns flag for config subcommand (#2925)

   Update to version 0.32.0:

   * docs: add Rekor SBOM attestation scanning (#2893)
   * chore: narrow the owner scope (#2894)
   * fix: remove a patch number from the recommendation link (#2891)
   * fix: enable parsing of UUID-only rekor entry ID (#2887)
   * docs(sbom): add SPDX scanning (#2885)
   * docs: restructure docs and add tutorials (#2883)
   * feat(sbom): scan sbom attestation in the rekor record (#2699)
   * feat(k8s): support outdated-api (#2877)
   * fix(c): support revisions in Conan parser (#2878)
   * feat: dynamic links support for scan results (#2838)
   * docs: update archlinux commands (#2876)
   * feat(secret): add line from dockerfile where secret was added to secret
     result (#2780)
   * feat(sbom): Add unmarshal for spdx (#2868)
   * fix: revert asff arn and add documentation (#2852)
   * docs: batch-import-findings limit (#2851)
   * feat(sbom): Add marshal for spdx (#2867)
   * build: checkout before setting up Go (#2873)
   * docs: azure doc and trivy (#2869)
   * fix: Scan tarr'd dependencies (#2857)
   * chore(helm): helm test with ingress (#2630)
   * feat(report): add secrets to sarif format (#2820)
   * refactor: add a new interface for initializing analyzers (#2835)
   * fix: update ProductArn with account id (#2782)
   * feat(helm): make cache TTL configurable (#2798)
   * build(): Sign releaser artifacts, not only container manifests (#2789)
   * chore: improve doc about azure devops (#2795)
   * docs: don't push patch versions (#2824)
   * feat: add support for conan.lock file (#2779)
   * feat: cache merged layers   * feat: add support for gradle.lockfile (#2759)
   * feat: move file patterns to a global level to be able to use it on any
     analyzer (#2539)
   * Fix url validaton failures (#2783)
   * fix(image): add logic to detect empty layers (#2790)
   * feat(rust): add dependency graph from Rust binaries (#2771)

   Update to version 0.31.3:

   * fix: handle empty OS family (#2768)
   * fix: fix k8s summary report (#2777)
   * fix: don't skip packages that don't contain vulns, when using
     --list-all-pkgs flag (#2767)
   * chore: bump trivy-kubernetes (#2770)
   * fix(secret): Consider secrets in rpc calls (#2753)
   * fix(java): check depManagement from upper pom's (#2747)
   * fix(php): skip `composer.lock` inside `vendor` folder (#2718)
   * fix: fix k8s rbac filter (#2765)
   * feat(misconf): skipping misconfigurations by AVD ID (#2743)
   * chore(deps): Upgrade Alpine to 3.16.2 to fix zlib issue (#2741)
   * docs: add MacPorts install instructions (#2727)
   * docs: typo (#2730)

   Update to version 0.31.2:

   * fix: Correctly handle recoverable AWS scanning errors (#2726)
   * docs: Remove reference to SecurityAudit policy for AWS scanning (#2721)

   Update to version 0.31.1:

   * fix: upgrade defsec to v0.71.7 for elb scan panic (#2720)

   Update to version 0.31.0:

   * fix(flag): add error when there are no supported security checks (#2713)
   * fix(vuln): continue scanning when no vuln found in the first application
     (#2712)
   * revert: add new classes for vulnerabilities (#2701)
   * feat(secret): detect secrets removed or overwritten in upper layer
     (#2611)
   * fix(cli): secret scanning perf link fix (#2607)
   * chore(deps): bump github.com/spf13/viper from 1.8.1 to 1.12.0 (#2650)
   * feat: Add AWS Cloud scanning (#2493)
   * docs: specify the type when verifying an attestation (#2697)
   * docs(sbom): improve SBOM docs by adding a description for scanning SBOM
     attestation (#2690)
   * fix(rpc): scanResponse rpc conversion for custom resources (#2692)
   * feat(rust): Add support for cargo-auditable (#2675)
   * feat: Support passing value overrides for configuration checks (#2679)
   * feat(sbom): add support for scanning a sbom attestation (#2652)
   * chore(image): skip symlinks and hardlinks from tar scan (#2634)
   * fix(report): Update junit.tpl (#2677)
   * fix(cyclonedx): add nil check to metadata.component (#2673)
   * docs(secret): fix missing and broken links (#2674)
   * refactor(cyclonedx): implement json.Unmarshaler (#2662)
   * feat(kubernetes): add option to specify kubeconfig file path (#2576)
   * docs:  follow Debian's "instructions to connect to a third-party
     repository" (#2511)
   * feat(alma): set AlmaLinux 9 EOL (#2653)
   * fix(misconf): Allow quotes in Dockerfile WORKDIR when detecting relative
     dirs (#2636)
   * test(misconf): add tests for misconf handler for dockerfiles (#2621)
   * feat(oracle): set Oracle Linux 9 EOL (#2635)
   * BREAKING: add new classes for vulnerabilities (#2541)
   * fix(secret): add newline escaping for asymmetric private key (#2532)
   * docs: improve formatting (#2572)
   * feat(helm): allows users to define an existing secret for tokens (#2587)
   * docs(mariner): use tdnf in fs usage example (#2616)
   * docs: remove unnecessary double quotation marks (#2609)
   * fix: Fix --file-patterns flag (#2625)
   * feat(report): add support for Cosign vulnerability attestation (#2567)
   * docs(mariner): use v2.0 in examples (#2602)
   * feat(report): add secrets template for codequality report (#2461)


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Backports SLE-15-SP4:

      zypper in -t patch openSUSE-2023-64=1



Package List:

   - openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):

      trivy-0.37.3-bp154.2.9.1


References:

   https://www.suse.com/security/cve/CVE-2023-25165.html
   https://bugzilla.suse.com/1208091

openSUSE: 2023:0064-1 moderate: trivy

March 5, 2023
An update that fixes one vulnerability is now available

Description

This update for trivy fixes the following issues: Update to version 0.37.3 (boo#1208091, CVE-2023-25165): * chore(helm): update Trivy from v0.36.1 to v0.37.2 (#3574) * ci: quote pros in c++ for semantic pr (#3605) * fix(image): check proxy settings from env for remote images (#3604) Update to version 0.37.2: * BREAKING: use normalized trivy-java-db (#3583) * fix(image): add timeout for remote images (#3582) * fix(misconf): handle dot files better (#3550) Update to version 0.37.1: * fix(sbom): download the Java DB when generating SBOM (#3539) * fix: use cgo free sqlite driver (#3521) * ci: fix path to dist folder (#3527) Update to version 0.37.0: * fix(image): close layers (#3517) * refactor: db client changed (#3515) * feat(java): use trivy-java-db to get GAV (#3484) * docs: add note about the limitation in Rekor (#3494) * docs: aggregate targets (#3503) * deps: updates wazero to 1.0.0-pre.8 (#3510) * docs: add alma 9 and rocky 9 to supported os (#3513) * chore: add missing target labels (#3504) * docs: add java vulnerability page (#3429) * feat(image): add support for Docker CIS Benchmark (#3496) * feat(image): secret scanning on container image config (#3495) * chore(deps): Upgrade defsec to v0.82.8 (#3488) * feat(image): scan misconfigurations in image config (#3437) * chore(helm): update Trivy from v0.30.4 to v0.36.1 (#3489) * feat(k8s): add node info resource (#3482) * perf(secret): optimize secret scanning memory usage (#3453) * feat: support aliases in CLI flag, env and config (#3481) * fix(k8s): migrate rbac k8s (#3459) * feat(java): add implementationVendor and specificationVendor fields to detect GroupID from MANIFEST.MF (#3480) * refactor: rename security-checks to scanners (#3467) * chore: display the troubleshooting URL for the DB denial error (#3474) * docs: yaml tabs to spaces, auto create namespace (#3469) * docs: adding show-and-tell template to GH discussions (#3391) * fix: Fix a temporary file leak in case of error (#3465) * fix(test): sort cyclonedx components (#3468) * docs: fixing spelling mistakes (#3462) * ci: set paths triggering VM tests in PR (#3438) * docs: typo in --skip-files (#3454) * feat(custom-forward): Extended advisory data (#3444) * docs: fix spelling error (#3436) * refactor(image): extend image config analyzer (#3434) * fix(nodejs): add ignore protocols to yarn parser (#3433) * fix(db): check proxy settings when using insecure flag (#3435) * feat(misconf): Fetch policies from OCI registry (#3015) * ci: downgrade Go to 1.18 and use stable and oldstable go versions for unit tests (#3413) * ci: store URLs to Github Releases in RPM repository (#3414) * feat(server): add support of `skip-db-update` flag for hot db update (#3416) * fix(image): handle wrong empty layer detection (#3375) * test: fix integration tests for spdx and cycloneDX (#3412) * feat(python): Include Conda packages in SBOMs (#3379) * feat: add support pubspec.lock files for dart (#3344) * fix(image): parsePlatform is failing with UNAUTHORIZED error (#3326) * fix(license): change normalize for GPL-3+-WITH-BISON-EXCEPTION (#3405) * feat(server): log errors on server side (#3397) * docs: rewrite installation docs and general improvements (#3368) * chore: update code owners (#3393) * chore: test docs separately from code (#3392) * docs: use the formula maintained by Homebrew (#3389) * docs: add `Security Management` section with SonarQube plugin Update to version 0.36.1: * fix(deps): fix errors on yarn.lock files that contain local file reference (#3384) * feat(flag): early fail when the format is invalid (#3370) * docs(aws): fix broken links (#3374) Update to version 0.36.0: * docs: improve compliance docs (#3340) * feat(deps): add yarn lock dependency tree (#3348) * fix: compliance change id and title naming (#3349) * feat: add support for mix.lock files for elixir language (#3328) * feat: add k8s cis bench (#3315) * test: disable SearchLocalStoreByNameOrDigest test for non-amd64 arch (#3322) * revert: cache merged layers (#3334) * feat(cyclonedx): add recommendation (#3336) * feat(ubuntu): added support ubuntu ESM versions (#1893) * fix: change logic to build relative paths for skip-dirs and skip-files (#3331) * feat: Adding support for Windows testing (#3037) * feat: add support for Alpine 3.17 (#3319) * docs: change PodFile.lock to Podfile.lock (#3318) * fix(sbom): support for the detection of old CycloneDX predicate type (#3316) * feat(secret): Use .trivyignore for filtering secret scanning result (#3312) * chore(go): remove experimental FS API usage in Wasm (#3299) * ci: add workflow to add issues to roadmap project (#3292) * fix(vuln): include duplicate vulnerabilities with different package paths in the final report (#3275) * feat(sbom): better support for third-party SBOMs (#3262) * docs: add information about languages with support for dependency locations (#3306) * feat(vm): add `region` option to vm scan to be able to scan any region's ami and ebs snapshots (#3284) * fix(vuln): change severity vendor priority for ghsa-ids and vulns from govuln (#3255) * docs: remove comparisons (#3289) * feat: add support for Wolfi Linux (#3215) * ci: add go.mod to canary workflow (#3288) * feat(python): skip dev dependencies (#3282) * chore: update ubuntu version for Github action runnners (#3257) * fix(go): skip dep without Path for go-binaries (#3254) * feat(rust): add ID for cargo pgks (#3256) * feat: add support for swift cocoapods lock files (#2956) * fix(sbom): use proper constants (#3286) * test(vm): import relevant analyzers (#3285) * feat: support scan remote repository (#3131) * docs: fix typo in fluxcd (#3268) * docs: fix broken "ecosystem" link in readme (#3280) * feat(misconf): Add compliance check support (#3130) * docs: Adding Concourse resource for trivy (#3224) * chore(deps): change golang from 1.19.2 to 1.19 (#3249) * fix(sbom): duplicate dependson (#3261) * chore(go): updates wazero to 1.0.0-pre.4 (#3242) * feat(report): add dependency locations to sarif format (#3210) * fix(rpm): add rocky to osVendors (#3241) * docs: fix a typo (#3236) * feat(dotnet): add dependency parsing for nuget lock files (#3222) * docs: add pre-commit hook to community tools (#3203) * feat(helm): pass arbitrary env vars to trivy (#3208) Update to version 0.35.0: * chore(vm): update xfs filesystem parser for change log (#3230) * feat: add virtual machine scan command (#2910) * docs: reorganize index and readme (#3026) * fix: `slowSizeThreshold` should be less than `defaultSizeThreshold` (#3225) * feat: Export functions for trivy plugin (#3204) * feat(image): add support wildcard for platform os (#3196) * fix: load compliance report from file system (#3161) * fix(suse): use package name to get advisories (#3199) * docs(image): space issues during image scan (#3190) * feat(containerd): scan image by digest (#3075) * fix(vuln): add package name to title (#3183) * fix: present control status instead of compliance percentage in compliance report (#3181) * perf(license): remove go-enry/go-license-detector. (#3187) * fix: workdir command as empty layer (#3087) * docs: reorganize ecosystem section (#3025) * feat(dotnet): add support dependency location for dotnet-core files (#3095) * feat(dotnet): add support dependency location for nuget lock files (#3032) * chore: update code owners for misconfigurations (#3176) * feat: add slow mode (#3084) * docs: fix typo in enable-builin-rules mentions (#3118) * feat: Add maintainer field to OS packages (#3149) * docs: fix some typo (#3171) * docs: fix links on Built-in Policies page (#3124) * fix: Perform filepath.Clean first and then filepath.ToSlash for skipFile/skipDirs settings (#3144) * chore: use newline for semantic pr (#3172) * fix(spdx): rename describes field in spdx (#3102) * chore: handle GOPATH with several paths in make file (#3092) * docs(flag): add "rego" configuration file options (#3165) * chore(go): updates wazero to 1.0.0-pre.3 (#3090) * docs(license): fix typo inside quick start (#3134) * chore: update codeowners for docs (#3135) * fix(cli): exclude --compliance flag from non supported sub-commands (#3158) * fix: remove --security-checks none from image help (#3156) * fix: compliance flag description (#3160) * docs(k8s): fix a typo (#3163) Update to version 0.34.0: * feat(vuln): support dependency graph for RHEL/CentOS (#3094) * feat(vuln): support dependency graph for dpkg and apk (#3093) * perf(license): enable license classifier only with "--license-full" (#3086) * feat(report): add secret scanning to ASFF template (#2860) * feat: Allow override of containerd namespace (#3060) * fix(vuln): In alpine use Name as SrcName (#3079) * fix(secret): Alibaba AccessKey ID (#3083) Update to version 0.33.0: * refactor(k8s): custom reports (#3076) * fix(misconf): Bump in-toto-golang with correct CycloneDX predicate (#3068) * feat(image): add support for passing architecture and OS (#3012) * test: disable containerd integration tests for non-amd64 arch (#3073) * feat(server): Add support for client/server mode to rootfs command (#3021) * feat(vuln): support non-packaged binaries (#3019) * feat: compliance reports (#2951) * fix(flag): disable flag parsing for each plugin command (#3074) * feat(nodejs): add support dependency location for yarn.lock files (#3016) * chore: Switch github.com/liamg dependencies to github.com/aquasecurity (#3069) * feat: add k8s components (#2589) * fix(secret): update the regex for secrets scanning (#2964) * fix: bump trivy-kubernetes (#3064) * docs: fix missing 'image' subcommand (#3051) * chore: Patch golang x/text vulnerability (#3046) * chore: add licensed project logo (#3058) * feat(ubuntu): set Ubuntu 22.10 EOL (#3054) * refactor(analyzer): use strings.TrimSuffix instead of strings.HasSuffix (#3028) * feat(report): Use understandable value for shortDescription in SARIF reports (#3009) * docs(misconf): fix typo (#3043) * feat: add support for scanning azure ARM (#3011) * feat(report): add location.message to SARIF output (#3002) (#3003) * feat(nodejs): add dependency line numbers for npm lock files (#2932) * test(fs): add `--skip-files`, `--skip-dirs` (#2984) * docs: add Woodpecker CI integrations example (#2823) * fix(sbom): ref generation if serialNumber is empty when input is cyclonedx file (#3000) * fix(java): don't stop parsing jar file when wrong inner jar is found (#2989) * fix(sbom): use nuget purl type for dotnet-core (#2990) * perf: retrieve rekor entries in bulk (#2987) * feat(aws): Custom rego policies for AWS scanning (#2994) * docs: jq cli formatting (#2881) * docs(repo): troubleshooting $TMPDIR customization (#2985) * chore: run `go fmt` (#2897) * chore(go): updates wazero to 1.0.0-pre.2 (#2955) * fix(aws): Less function for slice sorting always returns false #2967 * fix(java): fix unmarshal pom exclusions (#2936) Update to version 0.32.1: * fix(java): use fields of dependency from dependencyManagement from upper pom.xml to parse deps (#2943) * chore: expat lib and go binary deps vulns (#2940) * wasm: Removes accidentally exported memory (#2950) * fix(sbom): fix package name separation for gradle (#2906) * docs(readme.md): fix broken integrations link (#2931) * fix(image): handle images with single layer in rescan mergedLayers cache (#2927) * fix(cli): split env values with ',' for slice flags (#2926) * fix(cli): config/helm: also take into account files with `.yml` (#2928) * fix(flag): add file-patterns flag for config subcommand (#2925) Update to version 0.32.0: * docs: add Rekor SBOM attestation scanning (#2893) * chore: narrow the owner scope (#2894) * fix: remove a patch number from the recommendation link (#2891) * fix: enable parsing of UUID-only rekor entry ID (#2887) * docs(sbom): add SPDX scanning (#2885) * docs: restructure docs and add tutorials (#2883) * feat(sbom): scan sbom attestation in the rekor record (#2699) * feat(k8s): support outdated-api (#2877) * fix(c): support revisions in Conan parser (#2878) * feat: dynamic links support for scan results (#2838) * docs: update archlinux commands (#2876) * feat(secret): add line from dockerfile where secret was added to secret result (#2780) * feat(sbom): Add unmarshal for spdx (#2868) * fix: revert asff arn and add documentation (#2852) * docs: batch-import-findings limit (#2851) * feat(sbom): Add marshal for spdx (#2867) * build: checkout before setting up Go (#2873) * docs: azure doc and trivy (#2869) * fix: Scan tarr'd dependencies (#2857) * chore(helm): helm test with ingress (#2630) * feat(report): add secrets to sarif format (#2820) * refactor: add a new interface for initializing analyzers (#2835) * fix: update ProductArn with account id (#2782) * feat(helm): make cache TTL configurable (#2798) * build(): Sign releaser artifacts, not only container manifests (#2789) * chore: improve doc about azure devops (#2795) * docs: don't push patch versions (#2824) * feat: add support for conan.lock file (#2779) * feat: cache merged layers * feat: add support for gradle.lockfile (#2759) * feat: move file patterns to a global level to be able to use it on any analyzer (#2539) * Fix url validaton failures (#2783) * fix(image): add logic to detect empty layers (#2790) * feat(rust): add dependency graph from Rust binaries (#2771) Update to version 0.31.3: * fix: handle empty OS family (#2768) * fix: fix k8s summary report (#2777) * fix: don't skip packages that don't contain vulns, when using --list-all-pkgs flag (#2767) * chore: bump trivy-kubernetes (#2770) * fix(secret): Consider secrets in rpc calls (#2753) * fix(java): check depManagement from upper pom's (#2747) * fix(php): skip `composer.lock` inside `vendor` folder (#2718) * fix: fix k8s rbac filter (#2765) * feat(misconf): skipping misconfigurations by AVD ID (#2743) * chore(deps): Upgrade Alpine to 3.16.2 to fix zlib issue (#2741) * docs: add MacPorts install instructions (#2727) * docs: typo (#2730) Update to version 0.31.2: * fix: Correctly handle recoverable AWS scanning errors (#2726) * docs: Remove reference to SecurityAudit policy for AWS scanning (#2721) Update to version 0.31.1: * fix: upgrade defsec to v0.71.7 for elb scan panic (#2720) Update to version 0.31.0: * fix(flag): add error when there are no supported security checks (#2713) * fix(vuln): continue scanning when no vuln found in the first application (#2712) * revert: add new classes for vulnerabilities (#2701) * feat(secret): detect secrets removed or overwritten in upper layer (#2611) * fix(cli): secret scanning perf link fix (#2607) * chore(deps): bump github.com/spf13/viper from 1.8.1 to 1.12.0 (#2650) * feat: Add AWS Cloud scanning (#2493) * docs: specify the type when verifying an attestation (#2697) * docs(sbom): improve SBOM docs by adding a description for scanning SBOM attestation (#2690) * fix(rpc): scanResponse rpc conversion for custom resources (#2692) * feat(rust): Add support for cargo-auditable (#2675) * feat: Support passing value overrides for configuration checks (#2679) * feat(sbom): add support for scanning a sbom attestation (#2652) * chore(image): skip symlinks and hardlinks from tar scan (#2634) * fix(report): Update junit.tpl (#2677) * fix(cyclonedx): add nil check to metadata.component (#2673) * docs(secret): fix missing and broken links (#2674) * refactor(cyclonedx): implement json.Unmarshaler (#2662) * feat(kubernetes): add option to specify kubeconfig file path (#2576) * docs: follow Debian's "instructions to connect to a third-party repository" (#2511) * feat(alma): set AlmaLinux 9 EOL (#2653) * fix(misconf): Allow quotes in Dockerfile WORKDIR when detecting relative dirs (#2636) * test(misconf): add tests for misconf handler for dockerfiles (#2621) * feat(oracle): set Oracle Linux 9 EOL (#2635) * BREAKING: add new classes for vulnerabilities (#2541) * fix(secret): add newline escaping for asymmetric private key (#2532) * docs: improve formatting (#2572) * feat(helm): allows users to define an existing secret for tokens (#2587) * docs(mariner): use tdnf in fs usage example (#2616) * docs: remove unnecessary double quotation marks (#2609) * fix: Fix --file-patterns flag (#2625) * feat(report): add support for Cosign vulnerability attestation (#2567) * docs(mariner): use v2.0 in examples (#2602) * feat(report): add secrets template for codequality report (#2461)

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP4: zypper in -t patch openSUSE-2023-64=1


Package List

- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64): trivy-0.37.3-bp154.2.9.1


References

https://www.suse.com/security/cve/CVE-2023-25165.html https://bugzilla.suse.com/1208091


Severity
Announcement ID: openSUSE-SU-2023:0064-1
Rating: moderate
Affected Products: openSUSE Backports SLE-15-SP4 .

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved