SUSE SLED15 / SLES15 / openSUSE 15 Security Update : suse-build-key (SUSE-SU-2023:4672-1)

high Nessus Plugin ID 186637

Language:

Synopsis

The remote SUSE host is missing a security update.

Description

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:4672-1 advisory.

This update runs a import-suse-build-key script.

The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777).
- suse-build-key-import.service
- suse-build-key-import.timer

It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys.
After successful import the timer is disabled.

To manually import them you can also run:

# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected suse-build-key package.

See Also

https://bugzilla.suse.com/1216410

https://bugzilla.suse.com/1217215

http://www.nessus.org/u?8a655c4a

Plugin Details

Severity: High

ID: 186637

File Name: suse_SU-2023-4672-1.nasl

Version: 1.2

Type: Local

Agent: unix

Published: 12/7/2023

Updated: 6/25/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:suse-build-key, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 12/6/2023

Vulnerability Publication Date: 12/6/2023

Reference Information

SuSE: SUSE-SU-2023:4672-1