openSUSE: Trivy Important Code Execution Fix 2025:0302-1

opensuse

August 19, 2025

An update that fixes three vulnerabilities is now available

Description

This update for trivy fixes the following issues:

- CVE-2025-53547: Fixed code execution in Helm Chart (boo#1246151)

- Update to version 0.64.1:

* release: v0.64.1 [release/v0.64] (#9122)

* fix(misconf): skip rewriting expr if attr is nil [backport:

release/v0.64] (#9127)

* fix(cli): Add more non-sensitive flags to telemetry [backport:

release/v0.64] (#9124)

* fix(rootio): check full version to detect `root.io` packages

[backport: release/v0.64] (#9120)

* fix(alma): parse epochs from rpmqa file [backport: release/v0.64]

(#9119)

* release: v0.64.0 [main] (#8955)

* docs(python): fix type with METADATA file name (#9090)

* feat: reject unsupported artifact types in remote image retrieval

(#9052)

* chore(deps): bump github.com/go-viper/mapstructure/v2 from 2.2.1 to

2.3.0 (#9088)

* refactor(misconf): rewrite Rego module filtering using functional

filters (#9061)

*...

Read the Full Advisory

Topics Covered

security advisory code execution important OpenSUSE Trivy fixed

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2025-302=1

Package List

- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):

trivy-0.64.1-bp157.2.3.1

References

https://www.suse.com/security/cve/CVE-2024-45338.html

https://www.suse.com/security/cve/CVE-2024-51744.html

https://www.suse.com/security/cve/CVE-2025-53547.html

https://bugzilla.suse.com/1232948

https://bugzilla.suse.com/1235265

https://bugzilla.suse.com/1246151

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: openSUSE-SU-2025:0302-1

Rating: important

Affected Products: openSUSE Backports SLE-15-SP7 .

Topics Covered

security advisory code execution important OpenSUSE Trivy fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

openSUSE: Trivy Important Code Execution Fix 2025:0302-1

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

openSUSE: Trivy Important Code Execution Fix 2025:0302-1

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!