Alerts This Week
Warning Icon 1 1,394
Alerts This Week
Warning Icon 1 1,394

SUSE Linux Enterprise Server 16.1 Upgrade Essential Data Security Patch

suse
Calendar Grey April 1, 2026
Dist Suse Esm H88
This update addresses nine vulnerabilities in Cosign with moderate severity, enhancing system security for SUSE servers.
An update that solves nine vulnerabilities can now be installed.

Summary

## This update for cosign fixes the following issues: Update to version 3.0.5: * CVE-2026-24122: Fixed improper validation of certificates that outlive expired CA certificates (bsc#1258542) * CVE-2026-26958: Fixed filippo.io/edwards25519: failure to initialize receiver in MultiScalarMult can produce invalid results and lead to undefined behavior (bsc#1258612) * CVE-2026-24137: Fixed github.com/sigstore/sigstore/pkg/tuf: legacy TUF client allows for arbitrary file writes with target cache path traversal (bsc#1257139) * CVE-2026-22772: Fixed github.com/sigstore/fulcio: bypass MetaIssuer URL validation bypass can trigger SSRF to arbitrary internal services (bsc#1256562) * CVE-2026-23991: Fixed github.com/theupdateframework/go-tuf/v2: denial of

References

* bsc#1250620

* bsc#1253913

* bsc#1256496

* bsc#1256562

* bsc#1257080

* bsc#1257085

* bsc#1257139

* bsc#1258542

* bsc#1258612

Cross-

* CVE-2025-11065

* CVE-2025-58181

* CVE-2026-22703

* CVE-2026-22772

* CVE-2026-23991

* CVE-2026-23992

* CVE-2026-24122

* CVE-2026-24137

* CVE-2026-26958

CVSS scores:

* CVE-2025-11065 ( SUSE ): 5.7

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

* CVE-2025-11065 ( SUSE ): 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

* CVE-2025-11065 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

* CVE-2025-58181 ( SUSE ): 6.9

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

* CVE-2025-58181 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Announcement ID: SUSE-SU-2026:20904-1
Release Date: 2026-03-18T11:29:30Z
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here