{"affected":[{"ecosystem_specific":{"binaries":[{"docker-stable":"24.0.9_ce-1.14.1","docker-stable-bash-completion":"24.0.9_ce-1.14.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5","name":"docker-stable","purl":"pkg:rpm/suse/docker-stable&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"24.0.9_ce-1.14.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for docker-stable fixes the following issues:\n\n- CVE-2025-0495: buildx: Fixed credential leakage to telemetry endpoints when\n  credentials allowed to be set as attribute values in cache-to/cache-from configuration (bsc#1239765)\n\nOther fixes:\n\n- Update to docker-buildx v0.22.0. \n- Disable transparent SUSEConnect support for SLE-16. (jsc#PED-12534)\n- Now that the only blocker for docker-buildx support was removed for SLE-16,\n  enable docker-buildx for SLE-16 as well. (jsc#PED-8905)\n","id":"SUSE-SU-2025:1344-1","modified":"2025-04-17T15:14:06Z","published":"2025-04-17T15:14:06Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-20251344-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1239765"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-0495"}],"related":["CVE-2025-0495"],"summary":"Security update for docker-stable","upstream":["CVE-2025-0495"]}