Detections
Analytics

SUSE SLES15 / openSUSE 15 Security Update : google-osconfig-agent (SUSE-SU-2025:02149-1)

high Nessus Plugin ID 240905

Language:

Synopsis

The remote SUSE host is missing a security update.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2025:02149-1 advisory.

 - Update to version 20250416.02 (bsc#1244304, bsc#1244503)
 * defaultSleeper: tolerate 10% difference to reduce test flakiness
 * Add output of some packagemanagers to the testdata
 - from version 20250416.01
 * Refactor OS Info package
 - from version 20250416.00
 * Report RPM inventory as YUM instead of empty SoftwarePackage when neither Zypper nor YUM are installed.
 - from version 20250414.00
 * Update hash computation algorithm
 - Update to version 20250320.00
 * Bump github.com/envoyproxy/protoc-gen-validate from 1.1.0 to 1.2.1
 - from version 20250318.00
 * Bump go.opentelemetry.io/otel/sdk/metric from 1.32.0 to 1.35.0
 - from version 20250317.02
 * Bump cel.dev/expr from 0.18.0 to 0.22.0
 * Bump github.com/golang/glog from 1.2.3 to 1.2.4 in the go_modules group
 - from version 20250317.01
 * Bump cloud.google.com/go/logging from 1.12.0 to 1.13.0
 - from version 20250317.00
 * Add tests for retryutil package.
 - from version 20250306.00
 * Update OWNERS
 - from version 20250206.01
 * Use separate counters for pre- and post-patch reboots.
 - from version 20250206.00
 * Update owners
 - from version 20250203.00
 * Fix the vet errors for contants in logging
 - from version 20250122.00
 * change available package check
 - from version 20250121.00
 * Fix Inventory reporting e2e tests.
 - from version 20250120.00
 * fix e2e tests
 - Add -buildmode=pie to go build command line (bsc#1239948)
 - merged upstream
 - Renumber patches

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected google-osconfig-agent package.

See Also

https://www.suse.com/security/cve/CVE-2024-45339

https://bugzilla.suse.com/1239948

https://bugzilla.suse.com/1244304

https://bugzilla.suse.com/1244503

https://lists.suse.com/pipermail/sle-updates/2025-June/040526.html

Plugin Details

Severity: High

ID: 240905

File Name: suse_SU-2025-02149-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 6/28/2025

Updated: 6/28/2025

Supported Sensors: Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Medium

Base Score: 6.2

Temporal Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:C/A:C

CVSS Score Source: CVE-2024-45339

CVSS v3

Risk Factor: High

Base Score: 7.1

Temporal Score: 6.2

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS v4

Risk Factor: High

Base Score: 7.2

Threat Score: 4.1

Threat Vector: CVSS:4.0/E:U

Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:google-osconfig-agent, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 6/27/2025

Vulnerability Publication Date: 1/28/2025

Reference Information

CVE: CVE-2024-45339

SuSE: SUSE-SU-2025:02149-1