Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

openSUSE 2024: 0268-1 Moderate Security Update with Trivy Fixes Applied

opensuse
Calendar Grey August 30, 2024
Dist Opensuse Esm H88
A CentOS Security Patch addresses various vulnerabilities in clamav, improving overall stability and safety of the system. Update today!
An update that fixes three vulnerabilities is now available

Description

trivy was updated to fix the following issues:

Update to version 0.54.1:

* fix(flag): incorrect behavior for deprected flag `--clear-cache`

[backport: release/v0.54] (#7285)

* fix(java): Return error when trying to find a remote pom to avoid

segfault [backport: release/v0.54] (#7283)

* fix(plugin): do not call GitHub content API for releases and tags

[backport: release/v0.54] (#7279)

* docs: update ecosystem page reporting with plopsec.com app (#7262)

* feat(vex): retrieve VEX attestations from OCI registries (#7249)

* feat(sbom): add image labels into `SPDX` and `CycloneDX` reports (#7257)

* refactor(flag): return error if both `--download-db-only` and

`--download-java-db-only` are specified (#7259)

* fix(nodejs): detect direct dependencies when using `latest` version for

files `yarn.lock` + `package.json` (#7110)

* chore: show VEX notice for OSS maintainers in CI environments (#7246)

* feat(vuln): add...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate software patch system update openSUSE trivy

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP5:

zypper in -t patch openSUSE-2024-268=1

Package List

- openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64):

trivy-0.54.1-bp155.2.3.1

References

https://www.suse.com/security/cve/CVE-2023-42363.html

https://www.suse.com/security/cve/CVE-2024-35192.html

https://www.suse.com/security/cve/CVE-2024-6257.html

https://bugzilla.suse.com/1224781

https://bugzilla.suse.com/1227022

Announcement ID: openSUSE-SU-2024:0268-1
Rating: moderate
Affected Products: openSUSE Backports SLE-15-SP5 .

Topics%20covered

Topics Covered

security advisory moderate software patch system update openSUSE trivy

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here