Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2025:20019-1 important: skopeo vulnerabilities patched

suse
Calendar Grey June 4, 2025
Dist Suse Esm H88
New version of skopeo released, targeting critical bugs; encompasses security updates and installation guidelines.
* bsc#1219563 * bsc#1224123 Cross-References: * CVE-2024-28180

Summary

## This update for skopeo fixes the following issues: * Update to version 1.14.4: * CVE-2024-3727: digest type does not guarantee valid type (bsc#1224123) * Packit: update packit targets * Bump gopkg.in/go-jose to v2.6.3 * Bump ocicrypt and go-jose CVE-2024-28180 * Freeze the fedora-minimal image reference at Fedora 38 * Bump c/common to v0.57.4 * Bump google.golang.org/protobuf to v1.33.0 * Bump Skopeo to v1.14.3-dev * Update to version 1.14.2: * Bump c/image to v5.29.2, c/common to v0.57.3 (fixes bsc#1219563) * Update to version 1.14.1: * fix(deps): update module github.com/containers/common to v0.57.2 * fix(deps): update module github.com/containers/image/v5 to v5.29.1 * chore(deps): update dependency containers/automation_images to v20240102 * Fix libsubid detection

Topics%20covered

Topics Covered

security advisory important CVE reference patch instructions skopeo digest type

References

* bsc#1219563

* bsc#1224123

Cross-

* CVE-2024-28180

* CVE-2024-3727

CVSS scores:

* CVE-2024-28180 ( SUSE ): 2.3

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

* CVE-2024-28180 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

* CVE-2024-28180 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

* CVE-2024-3727 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

* CVE-2024-3727 ( NVD ): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products:

* SUSE Linux Micro 6.0

An update that solves two vulnerabilities can now be installed.

##

* https://www.suse.com/security/cve/CVE-2024-28180.html

* https://www.suse.com/security/cve/CVE-2024-3727.html

* https://bugzilla.suse.com/show_bug.cgi?id=1219563

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:20019-1
Release Date: 2025-02-03T08:48:40Z
Rating: important

Topics%20covered

Topics Covered

security advisory important CVE reference patch instructions skopeo digest type

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here