SUSE-SU-2025:1332-1
- Source
- https://www.suse.com/support/update/announcement/2025/suse-su-20251332-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:1332-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2025:1332-1
- Related
- Published
- 2025-04-17T01:37:13Z
- Modified
- 2025-04-17T12:30:39.708739Z
- Upstream
- Summary
- Security update for rekor
- Details
-
This update for rekor fixes the following issues:
- CVE-2023-45288: rekor: golang.org/x/net/http2: Fixed close connections when receiving too many headers (bsc#1236519)
- CVE-2024-6104: rekor: hashicorp/go-retryablehttp: Fixed sensitive information disclosure inside log file (bsc#1227053)
- CVE-2025-22868: rekor: golang.org/x/oauth2/jws: Fixed unexpected memory consumption during token parsing (bsc#1239191)
- CVE-2025-22869: rekor: golang.org/x/crypto/ssh: Fixed denial of service in the Key Exchange (bsc#1239327)
- CVE-2025-27144: rekor: gopkg.in/go-jose/go-jose.v2,github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: Fixed denial of service in Go JOSE's parsing (bsc#1237638)
- CVE-2025-30204: rekor: github.com/golang-jwt/jwt/v5: Fixed jwt-go allowing excessive memory allocation during header parsing (bsc#1240468)
Other fixes:
Update to version 1.3.10:
- Features
- Added --client-signing-algorithms flag (#1974)
- Fixes / Misc
- emit unpopulated values when marshalling (#2438)
- pkg/api: better logs when algorithm registry rejects a key (#2429)
- chore: improve mysql readiness checks (#2397)
- Added --client-signing-algorithms flag (#1974)
- Features
Update to version 1.3.9 (jsc#SLE-23476):
- Cache checkpoint for inactive shards (#2332)
- Support per-shard signing keys (#2330)
Update to version 1.3.8:
- Bug Fixes
- fix zizmor issues (#2298)
- remove unneeded value in log message (#2282)
- Quality Enhancements
- chore: relax go directive to permit 1.22.x
- fetch minisign from homebrew instead of custom ppa (#2329)
- fix(ci): simplify GOVERSION extraction
- chore(deps): bump actions pins to latest
- Updates go and golangci-lint (#2302)
- update builder to use go1.23.4 (#2301)
- clean up spaces
- log request body on 500 error to aid debugging (#2283)
- Bug Fixes
Update to version 1.3.7:
- New Features
- log request body on 500 error to aid debugging (#2283)
- Add support for signing with Tink keyset (#2228)
- Add public key hash check in Signed Note verification (#2214)
- update Trillian TLS configuration (#2202)
- Add TLS support for Trillian server (#2164)
- Replace docker-compose with plugin if available (#2153)
- Add flags to backfill script (#2146)
- Unset DisableKeepalive for backfill HTTP client (#2137)
- Add script to delete indexes from Redis (#2120)
- Run CREATE statement in backfill script (#2109)
- Add MySQL support to backfill script (#2081)
- Run e2e tests on mysql and redis index backends (#2079)
- Bug Fixes
- remove unneeded value in log message (#2282)
- Add error message when computing consistency proof (#2278)
- fix validation error handling on API (#2217)
- fix error in pretty-printed inclusion proof from verify subcommand (#2210)
- Fix index scripts (#2203)
- fix failing sharding test
- Better error handling in backfill script (#2148)
- Batch entries in cleanup script (#2158)
- Add missing workflow for index cleanup test (#2121)
- hashedrekord: fix schema $id (#2092)
- New Features
- References
-
- https://www.suse.com/support/update/announcement/2025/suse-su-20251332-1/
- https://bugzilla.suse.com/1227053
- https://bugzilla.suse.com/1236519
- https://bugzilla.suse.com/1237638
- https://bugzilla.suse.com/1239191
- https://bugzilla.suse.com/1239327
- https://bugzilla.suse.com/1240468
- https://www.suse.com/security/cve/CVE-2023-45288
- https://www.suse.com/security/cve/CVE-2024-6104
- https://www.suse.com/security/cve/CVE-2025-22868
- https://www.suse.com/security/cve/CVE-2025-22869
- https://www.suse.com/security/cve/CVE-2025-27144
- https://www.suse.com/security/cve/CVE-2025-30204
Affected packages
SUSE:Linux Enterprise Module for Basesystem 15 SP6 / rekor
Package
- Name
- rekor
- Purl
- pkg:rpm/suse/rekor&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6
SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS / rekor
Package
- Name
- rekor
- Purl
- pkg:rpm/suse/rekor&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS
SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS / rekor
Package
- Name
- rekor
- Purl
- pkg:rpm/suse/rekor&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS
SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOS / rekor
Package
- Name
- rekor
- Purl
- pkg:rpm/suse/rekor&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS
SUSE:Linux Enterprise High Performance Computing 15 SP5-LTSS / rekor
Package
- Name
- rekor
- Purl
- pkg:rpm/suse/rekor&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS
SUSE:Linux Enterprise Server 15 SP4-LTSS / rekor
Package
- Name
- rekor
- Purl
- pkg:rpm/suse/rekor&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS
SUSE:Linux Enterprise Server 15 SP5-LTSS / rekor
Package
- Name
- rekor
- Purl
- pkg:rpm/suse/rekor&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS
SUSE:Linux Enterprise Server for SAP Applications 15 SP4 / rekor
Package
- Name
- rekor
- Purl
- pkg:rpm/suse/rekor&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4
SUSE:Linux Enterprise Server for SAP Applications 15 SP5 / rekor
Package
- Name
- rekor
- Purl
- pkg:rpm/suse/rekor&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5
SUSE:Manager Proxy 4.3 / rekor
Package
- Name
- rekor
- Purl
- pkg:rpm/suse/rekor&distro=SUSE%20Manager%20Proxy%204.3
SUSE:Manager Server 4.3 / rekor
Package
- Name
- rekor
- Purl
- pkg:rpm/suse/rekor&distro=SUSE%20Manager%20Server%204.3