suse · CVE-2015-9258

Quick triage

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2015-9258 severity moderate: SUSE including 1 source package names (docker), 4 product×package rows across 4 product lines (Magnum Orchestration 7, SUSE Container as a Service Platform 2.0, SUSE Linux Enterprise Module for Containers 12, SUSE OpenStack Cloud 6): Known Not Affected 4.

Description:

In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might (for example) be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed25519 elliptic-curve data.