Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

SUSE Cosign Moderate Issue Advisory - 2026-0777-1 - DoS Exploits

suse
Calendar Grey March 3, 2026
Dist Suse Esm H88
Update for Cosign addresses nine security issues on SUSE, including moderate threats and crucial fixes for known exploits.
An update that solves nine vulnerabilities and contains one feature can now be installed.

Summary

## This update for cosign fixes the following issues: Update to version 3.0.5 (jsc#SLE-23879). Security issues fixed: * CVE-2025-11065: github.com/go-viper/mapstructure/v2: sensitive Information leak in logs (bsc#1250620). * CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption (bsc#1253913). * CVE-2026-22703: Verification accepts any valid Rekor entry under certain conditions (bsc#1256496). * CVE-2026-22772: github.com/sigstore/fulcio: bypass MetaIssuer URL validation bypass can trigger SSRF to arbitrary internal services (bsc#1256562). * CVE-2026-23991: github.com/theupdateframework/go-tuf/v2: denial of service due to invalid TUF metadata JSON returned by TUF repository (bsc#1257080).

References

* bsc#1250620

* bsc#1253913

* bsc#1256496

* bsc#1256562

* bsc#1257080

* bsc#1257085

* bsc#1257139

* bsc#1258542

* bsc#1258612

* jsc#SLE-23879

Cross-

* CVE-2025-11065

* CVE-2025-58181

* CVE-2026-22703

* CVE-2026-22772

* CVE-2026-23991

* CVE-2026-23992

* CVE-2026-24122

* CVE-2026-24137

* CVE-2026-26958

CVSS scores:

* CVE-2025-11065 ( SUSE ): 5.7

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

* CVE-2025-11065 ( SUSE ): 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

* CVE-2025-11065 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

* CVE-2025-58181 ( SUSE ): 6.9

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

* CVE-2025-58181 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Announcement ID: SUSE-SU-2026:0777-1
Release Date: 2026-03-03T13:22:36Z
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here