The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02592-1 advisory. Update to version 2.5.3 (jsc#SLE-23879): – CVE-2025-46569: Fixed OPA server Data API HTTP path injection of Rego (bsc#1246725) Changelog: Update to 2.5.3: – Add signing-config create command (#4280) – Allow multiple services to be specified for trusted-root create (#4285) – force when copying the latest image to overwrite (#4298) – Fix cert verification logic for trusted-root/SCTs (#4294) – Fix lint error for types package (#4295) – feat: Add OCI 1.1+ experimental support to tree (#4205) – Add validity period end for trusted-root create (#4271) – avoid double-loading trustedroot from file (#4264) Update to 2.5.2: – Do not load trusted root when CT env key is set – docs: improve doc for –no-upload option (#4206) Update to 2.5.1: – Add Rekor v2 support for trusted-root create (#4242) – Add baseUrl and Uri to trusted-root create command – Upgrade to TUF v2 client with trusted root – Don't verify SCT for a private PKI cert (#4225) – Bump TSA library to relax EKU chain validation rules (#4219) – Bump sigstore-go to pick up log index=0 fix (#4162) – remove unused recursive flag on attest command (#4187) Tenable has extracted the preceding description block directly from the SUSE security advisory. Note that Nessus has not tested for this issue but has instead relied only on the…Read More