Описание
Security update for skopeo
This update for skopeo fixes the following issues:
- CVE-2025-22870: Fixed proxy bypass using IPv6 zone IDs (bsc#1238685).
Список пакетов
SUSE Linux Enterprise Micro 5.5
skopeo-1.14.4-150300.11.22.1
SUSE Linux Enterprise Module for Basesystem 15 SP6
skopeo-1.14.4-150300.11.22.1
skopeo-bash-completion-1.14.4-150300.11.22.1
skopeo-zsh-completion-1.14.4-150300.11.22.1
openSUSE Leap 15.6
skopeo-1.14.4-150300.11.22.1
skopeo-bash-completion-1.14.4-150300.11.22.1
skopeo-fish-completion-1.14.4-150300.11.22.1
skopeo-zsh-completion-1.14.4-150300.11.22.1
Ссылки
- Link for SUSE-SU-2025:1055-1
- E-Mail link for SUSE-SU-2025:1055-1
- SUSE Security Ratings
- SUSE Bug 1238685
- SUSE CVE CVE-2025-22870 page
Описание
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.
Затронутые продукты
SUSE Linux Enterprise Micro 5.5:skopeo-1.14.4-150300.11.22.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:skopeo-1.14.4-150300.11.22.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:skopeo-bash-completion-1.14.4-150300.11.22.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:skopeo-zsh-completion-1.14.4-150300.11.22.1
Ссылки
- CVE-2025-22870
- SUSE Bug 1238572
- SUSE Bug 1238611