Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2025:1344-1 moderate: docker-stable credential leak fix

suse
Calendar Grey April 17, 2025
Dist Suse Esm H88
Docker-stable has deployed a patch that tackles a security vulnerability related to credential exposure on SUSE platforms.
* bsc#1239765 * jsc#PED-12534 * jsc#PED-8905 Cross-References:

Summary

## This update for docker-stable fixes the following issues: * CVE-2025-0495: buildx: Fixed credential leakage to telemetry endpoints when credentials allowed to be set as attribute values in cache-to/cache-from configuration (bsc#1239765) Other fixes: * Update to docker-buildx v0.22.0. * Disable transparent SUSEConnect support for SLE-16. (jsc#PED-12534) * Now that the only blocker for docker-buildx support was removed for SLE-16, enable docker-buildx for SLE-16 as well. (jsc#PED-8905) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security

Topics%20covered

Topics Covered

security advisory moderate SUSE credential leak docker pkg update

References

* bsc#1239765

* jsc#PED-12534

* jsc#PED-8905

Cross-

* CVE-2025-0495

CVSS scores:

* CVE-2025-0495 ( SUSE ): 4.1

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N

* CVE-2025-0495 ( SUSE ): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

* CVE-2025-0495 ( NVD ): 4.1

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Affected Products:

* SUSE Linux Enterprise Server 12 SP5

* SUSE Linux Enterprise Server 12 SP5 LTSS Extended Security

* SUSE Linux Enterprise Server for SAP Applications 12 SP5

An update that solves one vulnerability and contains two features can now be

installed.

##

* https://www.suse.com/security/cve/CVE-2025-0495.html

Announcement ID: SUSE-SU-2025:1344-1
Release Date: 2025-04-17T15:14:06Z
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate SUSE credential leak docker pkg update

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here