SUSE SLES15 / openSUSE 15 Security Update : govulncheck-vulndb (SUSE-SU-2025:0060-1)

critical Nessus Plugin ID 213966

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0060-1 advisory.

- Update to version 0.0.20250108T191942 2025-01-08T19:19:42Z.
Refs jsc#PED-11136 Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2025-3371 GHSA-2r2v-9pf8-6342
* GO-2025-3374 CVE-2025-22130 GHSA-j4jw-m6xr-fv6c

- Update to version 0.0.20250107T160406 2025-01-07T16:04:06Z.
Refs jsc#PED-11136 Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2025-3363 GO-2025-3364 GO-2025-3367 GO-2025-3368
* GO-2024-3355 CVE-2024-54148 GHSA-r7j8-5h9c-f6fx
* GO-2024-3356 CVE-2024-55947 GHSA-qf5v-rp47-55gg
* GO-2024-3357 CVE-2024-56362 GHSA-xwx7-p63r-2rj8
* GO-2024-3358 CVE-2024-45387 GHSA-vq94-9pfv-ccqr
* GO-2024-3359 CVE-2024-28892 GHSA-5qww-56gc-f66c
* GO-2024-3360 CVE-2024-25133 GHSA-wgqq-9qh8-wvqv
* GO-2025-3361 CVE-2024-55196 GHSA-rv83-h68q-c4wq
* GO-2025-3362 CVE-2025-21609 GHSA-8fx8-pffw-w498
* GO-2025-3363 CVE-2024-56514 GHSA-cwrh-575j-8vr3
* GO-2025-3364 CVE-2024-56513 GHSA-mg7w-c9x2-xh7r
* GO-2025-3367 CVE-2025-21614 GHSA-r9px-m959-cxf4
* GO-2025-3368 CVE-2025-21613 GHSA-v725-9546-7q7m

- Update to version 0.0.20241220T214820 2024-12-20T21:48:20Z.
Refs jsc#PED-11136 Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2024-3101 GHSA-75qh-gg76-p2w4
* GO-2024-3339 GHSA-8wcc-m6j2-qxvm

- Update to version 0.0.20241220T203729 2024-12-20T20:37:29Z.
Refs jsc#PED-11136 Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2024-3101 GHSA-75qh-gg76-p2w4
* GO-2024-3109 CVE-2024-43803 GHSA-pqfh-xh7w-7h3p
* GO-2024-3333 CVE-2024-45338 GHSA-w32m-9786-jp63
* GO-2024-3342 GHSA-hxr6-2p24-hf98
* GO-2024-3343 CVE-2024-9779 GHSA-jhh6-6fhp-q2xp
* GO-2024-3344 GHSA-32gq-x56h-299c
* GO-2024-3349 CVE-2024-25131 GHSA-77c2-c35q-254w
* GO-2024-3350 GHSA-5pf6-cq2v-23ww
* GO-2024-3354 CVE-2024-12678 GHSA-hr68-hvgv-xxqf

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected govulncheck-vulndb package.

Plugin Details

Severity: Critical

ID: 213966

File Name: suse_SU-2025-0060-1.nasl

Version: 1.1

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 1/11/2025

Updated: 1/11/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 10.0

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2024-25133

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS v4

Risk Factor: Critical

Base Score: 9.2

Threat Score: 8.2

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2025-21613

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:govulncheck-vulndb

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/10/2025

Vulnerability Publication Date: 9/3/2024

Reference Information

CVE: CVE-2024-12678, CVE-2024-25131, CVE-2024-25133, CVE-2024-28892, CVE-2024-43803, CVE-2024-45338, CVE-2024-45387, CVE-2024-54148, CVE-2024-55196, CVE-2024-55947, CVE-2024-56362, CVE-2024-56513, CVE-2024-56514, CVE-2024-9779, CVE-2025-21609, CVE-2025-21613, CVE-2025-21614, CVE-2025-22130

SuSE: SUSE-SU-2025:0060-1

Detections

Analytics