SUSE Linux has issued security updates for the Cosign package and two versions of OpenJDK, aimed at addressing vulnerabilities. The updates are as follows:
1. Cosign Update:
- Announcement ID: openSUSE-SU-2025:15355-1
- Version: cosign-2.5.3-1.1
- Severity: Moderate
- Vulnerability: CVE-2025-46569
- CVSS Score: 8.3 (High)
- Affected Product: openSUSE Tumbleweed
- Update Available: This update resolves one identified vulnerability.
- Package List Includes:
- cosign 2.5.3-1.1
- Bash, Fish, and Zsh completion packages for cosign.
2. OpenJDK 24 Update:
- Announcement ID: openSUSE-SU-2025:15358-1
- Version: java-24-openjdk-24.0.2.0-1.1
- Severity: Moderate
- Vulnerabilities: Multiple (CVE-2025-30749, CVE-2025-30754, CVE-2025-30761, CVE-2025-50059, CVE-2025-50106)
- CVSS Scores: Ranging from 4.8 to 8.6
- Affected Product: openSUSE Tumbleweed
- Update Available: This update resolves five vulnerabilities.
- Package List Includes:
- java-24-openjdk, demo, development, headless, javadoc, jmods, and source packages.
3. OpenJDK 17 Update:
- Announcement ID: openSUSE-SU-2025:15357-1
- Version: java-17-openjdk-17.0.16.0-1.1
- Severity: Moderate
- Vulnerabilities: Multiple (CVE-2025-30749, CVE-2025-30754, CVE-2025-50059, CVE-2025-50106)
- CVSS Scores: Ranging from 4.8 to 8.6
- Affected Product: openSUSE Tumbleweed
- Update Available: This update resolves four vulnerabilities.
- Package List Includes:
- java-17-openjdk, demo, development, headless, javadoc, jmods, and source packages.
Summary of Implications:
The updates are crucial for maintaining the security integrity of systems running openSUSE Tumbleweed. Users are encouraged to promptly apply these updates to mitigate potential risks associated with the identified vulnerabilities. The CVSS scores indicate that some vulnerabilities are rated high, highlighting the importance of these updates in protecting user data and system functionality.
Further Recommendations:
Going forward, SUSE users should regularly check for updates and patches as part of their system maintenance routine. Engaging with the community and staying informed about the latest security advisories will also enhance security posture and ensure that systems remain resilient against emerging threats
1. Cosign Update:
- Announcement ID: openSUSE-SU-2025:15355-1
- Version: cosign-2.5.3-1.1
- Severity: Moderate
- Vulnerability: CVE-2025-46569
- CVSS Score: 8.3 (High)
- Affected Product: openSUSE Tumbleweed
- Update Available: This update resolves one identified vulnerability.
- Package List Includes:
- cosign 2.5.3-1.1
- Bash, Fish, and Zsh completion packages for cosign.
2. OpenJDK 24 Update:
- Announcement ID: openSUSE-SU-2025:15358-1
- Version: java-24-openjdk-24.0.2.0-1.1
- Severity: Moderate
- Vulnerabilities: Multiple (CVE-2025-30749, CVE-2025-30754, CVE-2025-30761, CVE-2025-50059, CVE-2025-50106)
- CVSS Scores: Ranging from 4.8 to 8.6
- Affected Product: openSUSE Tumbleweed
- Update Available: This update resolves five vulnerabilities.
- Package List Includes:
- java-24-openjdk, demo, development, headless, javadoc, jmods, and source packages.
3. OpenJDK 17 Update:
- Announcement ID: openSUSE-SU-2025:15357-1
- Version: java-17-openjdk-17.0.16.0-1.1
- Severity: Moderate
- Vulnerabilities: Multiple (CVE-2025-30749, CVE-2025-30754, CVE-2025-50059, CVE-2025-50106)
- CVSS Scores: Ranging from 4.8 to 8.6
- Affected Product: openSUSE Tumbleweed
- Update Available: This update resolves four vulnerabilities.
- Package List Includes:
- java-17-openjdk, demo, development, headless, javadoc, jmods, and source packages.
Summary of Implications:
The updates are crucial for maintaining the security integrity of systems running openSUSE Tumbleweed. Users are encouraged to promptly apply these updates to mitigate potential risks associated with the identified vulnerabilities. The CVSS scores indicate that some vulnerabilities are rated high, highlighting the importance of these updates in protecting user data and system functionality.
Further Recommendations:
Going forward, SUSE users should regularly check for updates and patches as part of their system maintenance routine. Engaging with the community and staying informed about the latest security advisories will also enhance security posture and ensure that systems remain resilient against emerging threats
Cosign and OpenJDK updates for SUSE
SUSE Linux has received a security update for Cosign and two security updates for OpenJDK:
openSUSE-SU-2025:15355-1: moderate: cosign-2.5.3-1.1 on GA media
openSUSE-SU-2025:15358-1: moderate: java-24-openjdk-24.0.2.0-1.1 on GA media
openSUSE-SU-2025:15357-1: moderate: java-17-openjdk-17.0.16.0-1.1 on GA media
