Cosign and OpenJDK updates for SUSE

SUSE 5495 Published by

SUSE Linux has received a security update for Cosign and two security updates for OpenJDK:

openSUSE-SU-2025:15355-1: moderate: cosign-2.5.3-1.1 on GA media
openSUSE-SU-2025:15358-1: moderate: java-24-openjdk-24.0.2.0-1.1 on GA media
openSUSE-SU-2025:15357-1: moderate: java-17-openjdk-17.0.16.0-1.1 on GA media




openSUSE-SU-2025:15355-1: moderate: cosign-2.5.3-1.1 on GA media


# cosign-2.5.3-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15355-1
Rating: moderate

Cross-References:

* CVE-2025-46569

CVSS scores:

* CVE-2025-46569 ( SUSE ): 8.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
* CVE-2025-46569 ( SUSE ): 7.6 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Affected Products:

* openSUSE Tumbleweed

An update that solves one vulnerability can now be installed.

## Description:

These are all security issues fixed in the cosign-2.5.3-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* cosign 2.5.3-1.1
* cosign-bash-completion 2.5.3-1.1
* cosign-fish-completion 2.5.3-1.1
* cosign-zsh-completion 2.5.3-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-46569.html



openSUSE-SU-2025:15358-1: moderate: java-24-openjdk-24.0.2.0-1.1 on GA media


# java-24-openjdk-24.0.2.0-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15358-1
Rating: moderate

Cross-References:

* CVE-2025-30749
* CVE-2025-30754
* CVE-2025-30761
* CVE-2025-50059
* CVE-2025-50106

CVSS scores:

* CVE-2025-30749 ( SUSE ): 7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-30749 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-30754 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-30754 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-30761 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2025-50059 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
* CVE-2025-50106 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 5 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the java-24-openjdk-24.0.2.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* java-24-openjdk 24.0.2.0-1.1
* java-24-openjdk-demo 24.0.2.0-1.1
* java-24-openjdk-devel 24.0.2.0-1.1
* java-24-openjdk-headless 24.0.2.0-1.1
* java-24-openjdk-javadoc 24.0.2.0-1.1
* java-24-openjdk-jmods 24.0.2.0-1.1
* java-24-openjdk-src 24.0.2.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-30749.html
* https://www.suse.com/security/cve/CVE-2025-30754.html
* https://www.suse.com/security/cve/CVE-2025-30761.html
* https://www.suse.com/security/cve/CVE-2025-50059.html
* https://www.suse.com/security/cve/CVE-2025-50106.html



openSUSE-SU-2025:15357-1: moderate: java-17-openjdk-17.0.16.0-1.1 on GA media


# java-17-openjdk-17.0.16.0-1.1 on GA media

Announcement ID: openSUSE-SU-2025:15357-1
Rating: moderate

Cross-References:

* CVE-2025-30749
* CVE-2025-30754
* CVE-2025-50059
* CVE-2025-50106

CVSS scores:

* CVE-2025-30749 ( SUSE ): 7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2025-30749 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-30754 ( SUSE ): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-30754 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-50059 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
* CVE-2025-50106 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Tumbleweed

An update that solves 4 vulnerabilities can now be installed.

## Description:

These are all security issues fixed in the java-17-openjdk-17.0.16.0-1.1 package on the GA media of openSUSE Tumbleweed.

## Package List:

* openSUSE Tumbleweed:
* java-17-openjdk 17.0.16.0-1.1
* java-17-openjdk-demo 17.0.16.0-1.1
* java-17-openjdk-devel 17.0.16.0-1.1
* java-17-openjdk-headless 17.0.16.0-1.1
* java-17-openjdk-javadoc 17.0.16.0-1.1
* java-17-openjdk-jmods 17.0.16.0-1.1
* java-17-openjdk-src 17.0.16.0-1.1

## References:

* https://www.suse.com/security/cve/CVE-2025-30749.html
* https://www.suse.com/security/cve/CVE-2025-30754.html
* https://www.suse.com/security/cve/CVE-2025-50059.html
* https://www.suse.com/security/cve/CVE-2025-50106.html


Pypy, Chromium, Screen, Unbound updates for Fedora

AngularJS security update for Debian 12

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...