{"affected":[{"ecosystem_specific":{"binaries":[{"cosign":"2.5.3-150400.3.30.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP6","name":"cosign","purl":"pkg:rpm/suse/cosign&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.5.3-150400.3.30.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cosign":"2.5.3-150400.3.30.1","cosign-bash-completion":"2.5.3-150400.3.30.1","cosign-zsh-completion":"2.5.3-150400.3.30.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP7","name":"cosign","purl":"pkg:rpm/suse/cosign&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.5.3-150400.3.30.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cosign":"2.5.3-150400.3.30.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS","name":"cosign","purl":"pkg:rpm/suse/cosign&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.5.3-150400.3.30.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cosign":"2.5.3-150400.3.30.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS","name":"cosign","purl":"pkg:rpm/suse/cosign&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.5.3-150400.3.30.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cosign":"2.5.3-150400.3.30.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP5-ESPOS","name":"cosign","purl":"pkg:rpm/suse/cosign&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.5.3-150400.3.30.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cosign":"2.5.3-150400.3.30.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP5-LTSS","name":"cosign","purl":"pkg:rpm/suse/cosign&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.5.3-150400.3.30.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cosign":"2.5.3-150400.3.30.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP4-LTSS","name":"cosign","purl":"pkg:rpm/suse/cosign&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.5.3-150400.3.30.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cosign":"2.5.3-150400.3.30.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP5-LTSS","name":"cosign","purl":"pkg:rpm/suse/cosign&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.5.3-150400.3.30.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cosign":"2.5.3-150400.3.30.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP4","name":"cosign","purl":"pkg:rpm/suse/cosign&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.5.3-150400.3.30.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cosign":"2.5.3-150400.3.30.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP5","name":"cosign","purl":"pkg:rpm/suse/cosign&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.5.3-150400.3.30.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cosign":"2.5.3-150400.3.30.1"}]},"package":{"ecosystem":"SUSE:Manager Proxy 4.3","name":"cosign","purl":"pkg:rpm/suse/cosign&distro=SUSE%20Manager%20Proxy%204.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.5.3-150400.3.30.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cosign":"2.5.3-150400.3.30.1"}]},"package":{"ecosystem":"SUSE:Manager Server 4.3","name":"cosign","purl":"pkg:rpm/suse/cosign&distro=SUSE%20Manager%20Server%204.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.5.3-150400.3.30.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"cosign":"2.5.3-150400.3.30.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"cosign","purl":"pkg:rpm/opensuse/cosign&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.5.3-150400.3.30.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for cosign fixes the following issues:\n\nUpdate to version 2.5.3 (jsc#SLE-23879):\n\n- CVE-2025-46569: Fixed OPA server Data API HTTP path injection of Rego (bsc#1246725)\n\nChangelog:\n\nUpdate to 2.5.3:\n\n- Add signing-config create command (#4280)\n- Allow multiple services to be specified for trusted-root create (#4285)\n- force when copying the latest image to overwrite (#4298)\n- Fix cert verification logic for trusted-root/SCTs (#4294)\n- Fix lint error for types package (#4295)\n- feat: Add OCI 1.1+ experimental support to tree (#4205)\n- Add validity period end for trusted-root create (#4271)\n- avoid double-loading trustedroot from file (#4264)\n\nUpdate to 2.5.2:\n\n- Do not load trusted root when CT env key is set\n- docs: improve doc for --no-upload option (#4206)\n\nUpdate to 2.5.1:\n\n- Add Rekor v2 support for trusted-root create (#4242)\n- Add baseUrl and Uri to trusted-root create command\n- Upgrade to TUF v2 client with trusted root\n- Don't verify SCT for a private PKI cert (#4225)\n- Bump TSA library to relax EKU chain validation rules (#4219)\n- Bump sigstore-go to pick up log index=0 fix (#4162)\n- remove unused recursive flag on attest command (#4187)\n","id":"SUSE-SU-2025:02592-1","modified":"2025-08-01T14:44:01Z","published":"2025-08-01T14:44:01Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202502592-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1246725"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-46569"}],"related":["CVE-2025-46569"],"summary":"Security update for cosign","upstream":["CVE-2025-46569"]}