| Description: | Summary:
The remote host is missing an update for the 'rekor' package(s) announced via the SUSE-SU-2024:0460-1 advisory.
Vulnerability Insight:
- Update contact for code of conduct (#1720)
- Fix panic when parsing SSH SK pubkeys (#1712)
- Correct index creation (#1708)
- docs: fixzes a small typo on the readme (#1686)
- chore: fix backfill-redis Makefile target (#1685)
Updated to rekor 1.3.0 (jsc#SLE-23476):
- Update openapi.yaml (#1655)
- pass transient errors through retrieveLogEntry (#1653)
- return full entryID on HTTP 409 responses (#1650)
- feat: Support publishing new log entries to Pub/Sub topics (#1580)
- Change values of Identity.Raw, add fingerprints (#1628)
- Extract all subjects from SANs for x509 verifier (#1632)
- Fix type comment for Identity struct (#1619)
- Refactor Identities API (#1611)
- Refactor Verifiers to return multiple keys (#1601)
- Update checkpoint link (#1597)
- Use correct log index in inclusion proof (#1599)
- remove instrumentation library (#1595)
Updated to rekor 1.2.2 (jsc#SLE-23476):
- pass down error with message instead of nil
- swap killswitch for 'docker-compose restart'
- CVE-2023-48795: Fixed Terrapin attack in embedded golang.org/x/crypto/ssh (bsc#1218207).
Affected Software/OS:
'rekor' package(s) on openSUSE Leap 15.5.
Solution:
Please install the updated package(s).
CVSS Score:
5.4
CVSS Vector:
AV:N/AC:H/Au:N/C:N/I:C/A:N
|
