Back

openSUSE Updates Address Critical Vulnerabilities in osslsigncode

Severity: High (Score: 70.5)

Sources: Linuxsecurity

Summary

openSUSE has released an update for osslsigncode to address multiple critical vulnerabilities, including CVE-2025-70888, which was published on 2026-03-25. The update fixes integer overflows, double-free vulnerabilities, and memory corruption issues that could lead to denial of service (DoS) attacks. Affected systems include openSUSE Backports SLE-15-SP6 and SLE-15-SP7 for various architectures. Users are advised to apply the patch immediately using recommended installation methods such as YaST online_update or 'zypper patch'. The vulnerabilities could potentially allow attackers to exploit the software if not patched. The update also includes enhancements such as keyUsage validation for signer certificates and support for JavaScript signing. Overall, the patch addresses significant security concerns that could impact the integrity of signed applications. Key Points: • CVE-2025-70888 addresses critical vulnerabilities in osslsigncode. • The update includes fixes for integer overflows and memory corruption issues. • Users are urged to apply the patch immediately to mitigate potential attacks.

Key Entities

  • Denial of Service (attack_type)
  • CVE-2025-70888 (cve)
  • 156.2.3.1 (ipv4)
  • 157.2.3.1 (ipv4)
  • MacOS (platform)
  • OpenSUSE (company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed