Security update for trivy (important)

openSUSE Security Update: Security update for trivy Announcement ID: openSUSE-SU-2025:0302-1 Rating: important References: #1232948 #1235265 #1246151 Cross-References: CVE-2024-45338 CVE-2024-51744 CVE-2025-53547 CVSS scores: CVE-2024-45338 (SUSE): 8.2 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2024-51744 (SUSE): 2.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVE-2025-53547 (SUSE): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:H/VA:H/SC:L/SI:H/SA:H Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes three vulnerabilities is now available. Description: This update for trivy fixes the following issues: CVE-2025-53547: Fixed code execution in Helm Chart (boo#1246151) Update to version 0.64.1: release: v0.64.1 [release/v0.64] (#9122) fix(misconf): skip rewriting expr if attr is nil [backport: release/v0.64] (#9127) fix(cli): Add more non-sensitive flags to telemetry [backport: release/v0.64] (#9124) fix(rootio): check full version to detect root.io packages [backport: release/v0.64] (#9120) fix(alma): parse epochs from rpmqa file [backport: release/v0.64] (#9119) release: v0.64.0 [main] (#8955) docs(python): fix type with METADATA file name (#9090) feat: reject unsupported artifact types in remote image retrieval (#9052) chore(deps): bumpgithub.com/go-viper/mapstructure/v2from 2.2.1 to …Read More