Detections
Analytics

openSUSE 15 : Security update 5.0.6 for Multi-Linux Manager Client Tools (SUSE-SU-2025:4458-1)

high Nessus Plugin ID 279353

Language:

Synopsis

The remote openSUSE host is missing one or more security updates.

Description

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4458-1 advisory.

 dracut-saltboot:

 - Update to version 1.0.0
 * Reboot on salt key timeout (bsc#1237495)
 * Fixed parsing files with space in the name (bsc#1252100)

 grafana was updated from version 11.5.5 to 11.5.10:

 - Security issues fixed:

 * CVE-2025-47911: Fix parsing HTML documents (bsc#1251454)
 * CVE-2025-58190: Fix excessive memory consumption (bsc#1251657)
 * CVE-2025-64751: Drop experimental implementation of authorization Zanzana server/client (bsc#1254113)
 * CVE-2025-11065: Fixed sensitive information leak in logs (version 11.5.9) (bsc#1250616)
 * CVE-2025-6023: Fixed cross-site-scripting via scripted dashboards (version 11.5.7) (bsc#1246735)
 * CVE-2025-6197: Fixed open redirect in organization switching (version 11.5.7) (bsc#1246736)
 * CVE-2025-3415: Fixed exposure of DingDing alerting integration URL to Viewer level users (version 11.5.6) (bsc#1245302)


Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected dracut-saltboot, spacecmd and / or supportutils-plugin-susemanager-client packages.

See Also

https://bugzilla.suse.com/1227577

https://bugzilla.suse.com/1227579

https://bugzilla.suse.com/1237495

https://bugzilla.suse.com/1243611

https://bugzilla.suse.com/1243704

https://bugzilla.suse.com/1244027

https://bugzilla.suse.com/1244127

https://bugzilla.suse.com/1244534

https://bugzilla.suse.com/1245099

https://bugzilla.suse.com/1245302

https://bugzilla.suse.com/1246068

https://bugzilla.suse.com/1246320

https://bugzilla.suse.com/1246553

https://bugzilla.suse.com/1246586

https://bugzilla.suse.com/1246662

https://bugzilla.suse.com/1246735

https://bugzilla.suse.com/1246736

https://bugzilla.suse.com/1246738

https://bugzilla.suse.com/1246789

https://bugzilla.suse.com/1246882

https://bugzilla.suse.com/1246906

https://bugzilla.suse.com/1246925

https://bugzilla.suse.com/1247688

https://bugzilla.suse.com/1247721

https://bugzilla.suse.com/1250616

https://bugzilla.suse.com/1251044

https://bugzilla.suse.com/1251138

https://bugzilla.suse.com/1252100

http://www.nessus.org/u?b07956ff

https://www.suse.com/security/cve/CVE-2025-11065

https://www.suse.com/security/cve/CVE-2025-3415

https://www.suse.com/security/cve/CVE-2025-6023

https://www.suse.com/security/cve/CVE-2025-6197

Plugin Details

Severity: High

ID: 279353

File Name: suse_SU-2025-4458-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 12/19/2025

Updated: 12/19/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.2

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:P/A:P

CVSS Score Source: CVE-2025-6023

CVSS v3

Risk Factor: High

Base Score: 7.6

Temporal Score: 6.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 12/18/2025

Vulnerability Publication Date: 6/18/2025

Reference Information

CVE: CVE-2025-11065, CVE-2025-3415, CVE-2025-6023, CVE-2025-6197

SuSE: SUSE-SU-2025:4458-1