Detections
Analytics

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : binutils (SUSE-SU-2025:4096-1)

medium Nessus Plugin ID 275490

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4096-1 advisory.

 - Do not enable '-z gcs=implicit' on aarch64 for old codestreams.

 Update to version 2.45:

 * New versioned release of libsframe.so.2
 * s390: tools now support SFrame format 2; recognize 'z17' as CPU name [bsc#1247105, jsc#IBM-1485]
 * sframe sections are now of ELF section type SHT_GNU_SFRAME.
 * sframe secions generated by the assembler have SFRAME_F_FDE_FUNC_START_PCREL set.
 * riscv: Support more extensions: standard: Zicfiss v1.0, Zicfilp v1.0, Zcmp v1.0, Zcmt v1.0, Smrnmi v1.0, S[sm]dbltrp v1.0, S[sm]ctr v1.0, ssqosid v1.0, ssnpm v1.0, smnpm v1.0, smmpm v1.0, sspm v1.0, supm v1.0, sha v1.0, zce v1.0, smcdeleg v1.0, ssccfg v1.0, svvptc v1.0, zilsd v1.0, zclsd v1.0, smrnmi v1.0;
 vendor: CORE-V, xcvbitmanip v1.0 and xcvsimd v1.0;
 SiFive, xsfvqmaccdod v1.0, xsfvqmaccqoqv1.0 and xsfvfnrclipxfqf v1.0;
 T-Head: xtheadvdot v1.0;
 MIPS: xmipscbop v1.0, xmipscmov v1.0, xmipsexectl v1.0, xmipslsp v1.0.
 * Support RISC-V privileged version 1.13, profiles 20/22/23, and .bfloat16 directive.
 * x86: Add support for these ISAs: Intel Diamond Rapids AMX, MOVRS, AVX10.2 (including SM4), MSR_IMM; Zhaoxin PadLock PHE2, RNG2, GMI, XMODX.
 Drop support for AVX10.2 256 bit rounding.
 * arm: Add support for most of Armv9.6, enabled by -march=armv9.6-a and extensions '+cmpbr', '+f8f16mm', '+f8f32mm', '+fprcvt', '+lsfe', '+lsui', '+occmo', '+pops', '+sme2p2', '+ssve-aes', '+sve-aes', '+sve-aes2', '+sve-bfscale', '+sve-f16f32mm' and '+sve2p2'.
 * Predefined symbols 'GAS(version)' and, on non-release builds, 'GAS(date)' are now being made available.
 * Add .errif and .warnif directives.
 * linker:
 - Add --image-base=<ADDR> option to the ELF linker to behave the same as -Ttext-segment for compatibility with LLD.
 - Add support for mixed LTO and non-LTO codes in relocatable output.
 - s390: linker generates .eh_frame and/or .sframe for linker generated .plt sections by default (can be disabled by --no-ld-generated-unwind-info).
 - riscv: add new PLT formats, and GNU property merge rules for zicfiss and zicfilp extensions.
 - gold is no longer included
 - Contains fixes for these non-CVEs (not security bugs per upstreams SECURITY.md):

 * bsc#1236632 aka CVE-2025-0840 aka PR32650
 * bsc#1236977 aka CVE-2025-1149 aka PR32576
 * bsc#1236978 aka CVE-2025-1148 aka PR32576
 * bsc#1236999 aka CVE-2025-1176 aka PR32636
 * bsc#1237000 aka CVE-2025-1153 aka PR32603
 * bsc#1237001 aka CVE-2025-1152 aka PR32576
 * bsc#1237003 aka CVE-2025-1151 aka PR32576
 * bsc#1237005 aka CVE-2025-1150 aka PR32576
 * bsc#1237018 aka CVE-2025-1178 aka PR32638
 * bsc#1237019 aka CVE-2025-1181 aka PR32643
 * bsc#1237020 aka CVE-2025-1180 aka PR32642
 * bsc#1237021 aka CVE-2025-1179 aka PR32640
 * bsc#1237042 aka CVE-2025-1182 aka PR32644
 * bsc#1240870 aka CVE-2025-3198 aka PR32716
 * bsc#1243756 aka CVE-2025-5244 aka PR32858
 * bsc#1243760 aka CVE-2025-5245 aka PR32829
 * bsc#1246481 aka CVE-2025-7545 aka PR33049
 * bsc#1246486 aka CVE-2025-7546 aka PR33050
 * bsc#1247114 aka CVE-2025-8224 aka PR32109
 * bsc#1247117 aka CVE-2025-8225 no PR
 - Add these backport patches:
 * bsc#1236976 aka CVE-2025-1147 aka PR32556
 * bsc#1250632 aka CVE-2025-11083 aka PR33457
 * bsc#1251275 aka CVE-2025-11412 aka PR33452
 * bsc#1251276 aka CVE-2025-11413 aka PR33456
 * bsc#1251277 aka CVE-2025-11414 aka PR33450
 * bsc#1251794 aka CVE-2025-11494 aka PR33499
 * bsc#1251795 aka CVE-2025-11495 aka PR33502

 - Skip PGO with %want_reproducible_builds (bsc#1040589)
 - Fix crash in assembler with -gdwarf-5
 - aarch64-common-pagesize.patch, aarch64 no longer uses 64K page size
 - Add -std=gnu17 to move gcc15 forward, as temporary measure until the binutils version can be updated [bsc#1241916].

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://www.suse.com/security/cve/CVE-2025-7545

https://www.suse.com/security/cve/CVE-2025-7546

https://www.suse.com/security/cve/CVE-2025-8224

https://www.suse.com/security/cve/CVE-2025-8225

https://bugzilla.suse.com/1040589

https://bugzilla.suse.com/1236632

https://bugzilla.suse.com/1236976

https://bugzilla.suse.com/1236977

https://bugzilla.suse.com/1236978

https://bugzilla.suse.com/1236999

https://bugzilla.suse.com/1237000

https://bugzilla.suse.com/1237001

https://bugzilla.suse.com/1237003

https://bugzilla.suse.com/1237005

https://bugzilla.suse.com/1237018

https://bugzilla.suse.com/1237019

https://bugzilla.suse.com/1237020

https://bugzilla.suse.com/1237021

https://bugzilla.suse.com/1237042

https://bugzilla.suse.com/1240870

https://bugzilla.suse.com/1241916

https://bugzilla.suse.com/1243756

https://bugzilla.suse.com/1243760

https://bugzilla.suse.com/1246481

https://bugzilla.suse.com/1246486

https://bugzilla.suse.com/1247105

https://bugzilla.suse.com/1247114

https://bugzilla.suse.com/1247117

https://bugzilla.suse.com/1250632

https://bugzilla.suse.com/1251275

https://bugzilla.suse.com/1251276

https://bugzilla.suse.com/1251277

https://bugzilla.suse.com/1251794

https://bugzilla.suse.com/1251795

http://www.nessus.org/u?b1d0b829

https://www.suse.com/security/cve/CVE-2025-0840

https://www.suse.com/security/cve/CVE-2025-11083

https://www.suse.com/security/cve/CVE-2025-11412

https://www.suse.com/security/cve/CVE-2025-11413

https://www.suse.com/security/cve/CVE-2025-11414

https://www.suse.com/security/cve/CVE-2025-1147

https://www.suse.com/security/cve/CVE-2025-1148

https://www.suse.com/security/cve/CVE-2025-1149

https://www.suse.com/security/cve/CVE-2025-11494

https://www.suse.com/security/cve/CVE-2025-11495

https://www.suse.com/security/cve/CVE-2025-1150

https://www.suse.com/security/cve/CVE-2025-1151

https://www.suse.com/security/cve/CVE-2025-1152

https://www.suse.com/security/cve/CVE-2025-1153

https://www.suse.com/security/cve/CVE-2025-1176

https://www.suse.com/security/cve/CVE-2025-1178

https://www.suse.com/security/cve/CVE-2025-1179

https://www.suse.com/security/cve/CVE-2025-1180

https://www.suse.com/security/cve/CVE-2025-1181

https://www.suse.com/security/cve/CVE-2025-1182

https://www.suse.com/security/cve/CVE-2025-3198

https://www.suse.com/security/cve/CVE-2025-5244

https://www.suse.com/security/cve/CVE-2025-5245

Plugin Details

Severity: Medium

ID: 275490

File Name: suse_SU-2025-4096-1.nasl

Version: 1.2

Type: local

Agent: unix

Published: 11/15/2025

Updated: 11/16/2025

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Low

Base Score: 2.6

Temporal Score: 2

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2025-1151

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2025-7546

CVSS v4

Risk Factor: Medium

Base Score: 4.8

Threat Score: 1.9

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2025-8225

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:libucm-devel, p-cpe:/a:novell:suse_linux:libucp-devel, p-cpe:/a:novell:suse_linux:libucp0, p-cpe:/a:novell:suse_linux:binutils-devel, p-cpe:/a:novell:suse_linux:binutils-devel-32bit, p-cpe:/a:novell:suse_linux:perf-devel, p-cpe:/a:novell:suse_linux:openucx-tools, p-cpe:/a:novell:suse_linux:libuct-devel, p-cpe:/a:novell:suse_linux:binutils, p-cpe:/a:novell:suse_linux:libucs-devel, p-cpe:/a:novell:suse_linux:libucs0, p-cpe:/a:novell:suse_linux:perf, p-cpe:/a:novell:suse_linux:libuct0, p-cpe:/a:novell:suse_linux:libctf-nobfd0, p-cpe:/a:novell:suse_linux:libucm0, p-cpe:/a:novell:suse_linux:libctf0, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/14/2025

Vulnerability Publication Date: 1/29/2025

Reference Information

CVE: CVE-2025-0840, CVE-2025-11083, CVE-2025-11412, CVE-2025-11413, CVE-2025-11414, CVE-2025-1147, CVE-2025-1148, CVE-2025-1149, CVE-2025-11494, CVE-2025-11495, CVE-2025-1150, CVE-2025-1151, CVE-2025-1152, CVE-2025-1153, CVE-2025-1176, CVE-2025-1178, CVE-2025-1179, CVE-2025-1180, CVE-2025-1181, CVE-2025-1182, CVE-2025-3198, CVE-2025-5244, CVE-2025-5245, CVE-2025-7545, CVE-2025-7546, CVE-2025-8224, CVE-2025-8225

IAVA: 2025-A-0095-S, 2025-A-0809

SuSE: SUSE-SU-2025:4096-1