* bsc#1227056 * bsc#1236483 * bsc#1237613 Cross-References: . # Security update for skopeo Announcement ID: SUSE-SU-2025:20363-1 Release Date: 2025-05-28T08:56:39Z Rating: important References: * bsc#1227056 * bsc#1236483 * bsc#1237613 Cross-References: * CVE-2023-45288 * CVE-2024-6104 * CVE-2025-27144 CVSS scores: * CVE-2023-45288 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2023-45288 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-6104 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N * CVE-2024-6104 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2025-27144 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-27144 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-27144 ( NVD ): 6.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * SUSE Linux Micro 6.1 An update that solves three vulnerabilities can now be installed. ## Description: This update for skopeo fixes the following issues: * CVE-2024-6104: url might write sensitive information to log file (bsc#1227056). * CVE-2023-45288: close connections when receiving too many headers (bsc#1236483). * CVE-2025-27144: Go JOSE's Parsing Vulnerable to Denial of Service (bsc#1237613). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-125=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * skopeo-1.15.1-slfo.1.1_2.1 * skopeo-debuginfo-1.15.1-slfo.1.1_2.1 ## References: * https://www.suse.com/security/cve/CVE-2023-45288.html * https://www.suse.com/security/cve/CVE-2024-6104.html * https://www.suse.com/security/cve/CVE-2025-27144.html * https://bugzilla.suse.com/show_bug.cgi?id=1227056 * https://bugzilla.suse.com/show_bug.cgi?id=1236483 * https://bugzilla.suse.com/show_bug.cgi?id=1237613 . A crucial security update has been released for SUSE involving skopeo, targeting serious vulnerabilities including Service Denial risks and potential exposure of sensitive log files.. SUSE Skopeo Update Security Denial Of Service Log Exposure. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.