openSUSE Cosign Moderate Attestation Verification Issue SUSE-2026-2365-1

suse

June 11, 2026

An update that solves one vulnerability can now be installed.

Summary

## This update for cosign fixes the following issue * CVE-2026-39395: Incorrect attestation verification due to malformed payloads or mismatched predicate types (bsc#1261859). Changes for cosign: * update to 3.0.6: * Fix DSSE predicate check (GHSA-w6c6-c85g-mmv6) (#4801) * Handle whitespace-only certificate annotation (#4760) * fix(sign): closing SignerVerifier too early when signing with a security key (#4761) * Disallow --new-bundle-format and --rfc3161-timestamp (#4762) * support managed keys in conformance testing (#4728) * Add support for GCE metadata server env var (#4732) * fix: preserve per-layer annotations in WriteAttestationsReferrer (#4709) * Fix parsing of in-toto for string predicates * Mark batch of flags for deprecation (#4698)

Topics Covered

security advisory moderate update OpenSUSE attestation cosign

References

* bsc#1261859

Cross-

* CVE-2026-39395

CVSS scores:

* CVE-2026-39395 ( SUSE ): 6.9

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

* CVE-2026-39395 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

* CVE-2026-39395 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

* CVE-2026-39395 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected Products:

* Basesystem Module 15-SP7

* openSUSE Leap 15.4

* SUSE Linux Enterprise Desktop 15 SP7

* SUSE Linux Enterprise Real Time 15 SP7

* SUSE Linux Enterprise Server 15 SP7

* SUSE Linux Enterprise Server for SAP Applications 15 SP7

An update that solves one vulnerability can now be installed.

* https://www.suse.com/security/cve/CVE-2026-39395.html

* https://bugzilla.suse.com/show_bug.cgi?id=1261859

Severity

moderate

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2026:2365-1

Release Date: 2026-06-11T07:58:20Z

Rating: moderate

Topics Covered

security advisory moderate update OpenSUSE attestation cosign

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

openSUSE Cosign Moderate Attestation Verification Issue SUSE-2026-2365-1

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

openSUSE Cosign Moderate Attestation Verification Issue SUSE-2026-2365-1

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!