Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2025:02289-1 moderate: Docker credential leakage fix

suse
Calendar Grey July 11, 2025
Dist Suse Esm H88
An update for Kubernetes addresses several security flaws in Fedora, enhancing the integrity and efficiency of the system.
* bsc#1239765 * bsc#1240150 * bsc#1241830 * bsc#1242114 * bsc#1243833

Summary

## This update for docker fixes the following issues: Update to Docker 28.2.2-ce (bsc#1243833, bsc#1242114): * CVE-2025-0495: Fixed credential leakage to telemetry endpoints when credentials allowed to be set as attribute values in cache-to/cache-from configuration.(bsc#1239765) * CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction (bsc#1241830). Other fixes: * Update to docker-buildx v0.22.0. * Always clear SUSEConnect suse_* secrets when starting containers (bsc#1244035). * Disable transparent SUSEConnect support for SLE-16. (jsc#PED-12534) * Now that the only blocker for docker-buildx support was removed for SLE-16, enable docker-buildx for SLE-16 as well. (jsc#PED-8905)

Topics%20covered

Topics Covered

security advisory moderate security issue SuSE docker content scope error

References

* bsc#1239765

* bsc#1240150

* bsc#1241830

* bsc#1242114

* bsc#1243833

* bsc#1244035

* jsc#PED-12534

* jsc#PED-8905

Cross-

* CVE-2025-0495

* CVE-2025-22872

CVSS scores:

* CVE-2025-0495 ( SUSE ): 4.1

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N

* CVE-2025-0495 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

* CVE-2025-0495 ( NVD ): 4.1

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2025-22872 ( SUSE ): 6.3

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

* CVE-2025-22872 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

Announcement ID: SUSE-SU-2025:02289-1
Release Date: 2025-07-11T11:13:10Z
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate security issue SuSE docker content scope error

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here