SUSE SLES15 / openSUSE 15 Security Update : govulncheck-vulndb (SUSE-SU-2025:0429-1)

high Nessus Plugin ID 216199

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0429-1 advisory.

- Update to version 0.0.20250207T224745 2025-02-07T22:47:45Z.
Refs jsc#PED-11136 Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2025-3456 CVE-2025-24786 GHSA-9r4c-jwx3-3j76
* GO-2025-3457 CVE-2025-24787 GHSA-c7w4-9wv8-7x7c
* GO-2025-3458 CVE-2025-24366 GHSA-vj7w-3m8c-6vpx

- Update to version 0.0.20250206T175003 2025-02-06T17:50:03Z.
Refs jsc#PED-11136 Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2023-1867 CVE-2022-47930 GHSA-c58h-qv6g-fw74
* GO-2024-3244 CVE-2024-50354 GHSA-cph5-3pgr-c82g

- Update to version 0.0.20250206T165438 2025-02-06T16:54:38Z.
Refs jsc#PED-11136 Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2025-3428 CVE-2025-22867
* GO-2025-3447 CVE-2025-22866

- Update to version 0.0.20250205T232745 2025-02-05T23:27:45Z.
Refs jsc#PED-11136 Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2025-3408
* GO-2025-3448 GHSA-23qp-3c2m-xx6w
* GO-2025-3449 GHSA-mx2j-7cmv-353c
* GO-2025-3450 GHSA-w7wm-2425-7p2h
* GO-2025-3454 GHSA-mj4v-hp69-27x5
* GO-2025-3455 GHSA-vqv5-385r-2hf8

- Update to version 0.0.20250205T003520 2025-02-05T00:35:20Z.
Refs jsc#PED-11136 Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2025-3451

- Update to version 0.0.20250204T220613 2025-02-04T22:06:13Z.
Refs jsc#PED-11136 Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2025-3431 CVE-2025-24884 GHSA-hcr5-wv4p-h2g2
* GO-2025-3433 CVE-2025-23216 GHSA-47g2-qmh2-749v
* GO-2025-3434 CVE-2025-24376 GHSA-fc89-jghx-8pvg
* GO-2025-3435 CVE-2025-24784 GHSA-756x-m4mj-q96c
* GO-2025-3436 CVE-2025-24883 GHSA-q26p-9cq4-7fc2
* GO-2025-3437 GHSA-274v-mgcv-cm8j
* GO-2025-3438 CVE-2024-11741 GHSA-wxcc-2f3q-4h58
* GO-2025-3442 CVE-2025-24371 GHSA-22qq-3xwm-r5x4
* GO-2025-3443 GHSA-r3r4-g7hq-pq4f
* GO-2025-3444 CVE-2024-35177
* GO-2025-3445 CVE-2024-47770

- Use standard RPM macros to unpack the source and populate a working directory. Fixes build with RPM 4.20.

- Update to version 0.0.20250130T185858 2025-01-30T18:58:58Z.
Refs jsc#PED-11136 Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2024-2842 CVE-2024-3727 GHSA-6wvf-f2vw-3425
* GO-2024-3181 CVE-2024-9313 GHSA-x5q3-c8rm-w787
* GO-2024-3188 CVE-2024-9312 GHSA-4gfw-wf7c-w6g2
* GO-2025-3372 CVE-2024-45339 GHSA-6wxm-mpqj-6jpf
* GO-2025-3373 CVE-2024-45341
* GO-2025-3383 CVE-2024-45340
* GO-2025-3408
* GO-2025-3412 CVE-2024-10846 GHSA-36gq-35j3-p9r9
* GO-2025-3420 CVE-2024-45336
* GO-2025-3421 CVE-2025-22865
* GO-2025-3424 CVE-2025-24369
* GO-2025-3426 CVE-2025-0750 GHSA-hp5j-2585-qx6g
* GO-2025-3427 CVE-2024-13484 GHSA-58fx-7v9q-3g56

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected govulncheck-vulndb package.

Plugin Details

Severity: High

ID: 216199

File Name: suse_SU-2025-0429-1.nasl

Version: 1.1

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 2/12/2025

Updated: 2/12/2025

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: Medium

Base Score: 6.6

Temporal Score: 4.9

Vector: CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:N

CVSS Score Source: CVE-2022-47930

CVSS v3

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS v4

Risk Factor: High

Base Score: 8.7

Threat Score: 6.6

Threat Vector: CVSS:4.0/E:U

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2025-24883

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:govulncheck-vulndb, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2/11/2025

Vulnerability Publication Date: 4/21/2023

Reference Information

CVE: CVE-2022-47930, CVE-2024-10846, CVE-2024-11741, CVE-2024-13484, CVE-2024-35177, CVE-2024-3727, CVE-2024-45336, CVE-2024-45339, CVE-2024-45340, CVE-2024-45341, CVE-2024-47770, CVE-2024-50354, CVE-2024-9312, CVE-2024-9313, CVE-2025-0750, CVE-2025-22865, CVE-2025-22866, CVE-2025-22867, CVE-2025-23216, CVE-2025-24366, CVE-2025-24369, CVE-2025-24371, CVE-2025-24376, CVE-2025-24784, CVE-2025-24786, CVE-2025-24787, CVE-2025-24883, CVE-2025-24884

SuSE: SUSE-SU-2025:0429-1

Detections

Analytics