Detections
Analytics

openSUSE 16 Security Update : cheat (openSUSE-SU-2025:20177-1)

medium Nessus Plugin ID 279664

Synopsis

The remote openSUSE host is missing one or more security updates.

Description

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:20177-1 advisory.

 - Security:
 * CVE-2025-47913: Fix client process termination (bsc#1253593)
 * CVE-2025-58181: Fix potential unbounded memory consumption (bsc#1253922)
 * CVE-2025-47914: Fix panic due to an out of bounds read (bsc#1254051)
 * Replace golang.org/x/crypto=golang.org/x/[email protected]
 * Replace golang.org/x/net=golang.org/x/[email protected]
 * Replace golang.org/x/sys=golang.org/x/[email protected]

 - Packaging improvements:
 * Drop Requires: golang-packaging. The recommended Go toolchain dependency expression is BuildRequires: golang(API) >= 1.x or optionally the metapackage BuildRequires: go
 * Use BuildRequires: golang(API) >= 1.19 matching go.mod
 * Build PIE with pattern that may become recommended procedure:
 %%ifnarch ppc64 GOFLAGS=-buildmode=pie %%endif go build A go toolchain buildmode default config would be preferable but none exist at this time.
 * Drop mod=vendor, go1.14+ will detect vendor dir and auto-enable
 * Remove go build -o output binary location and name. Default binary has the same name as package of func main() and is placed in the top level of the build directory.
 * Add basic %check to execute binary --help

 - Packaging improvements:
 * Service go_modules replace dependencies with CVEs
 * Replace github.com/cloudflare/circl=github.com/cloudflare/[email protected] Fix GO-2025-3754 GHSA-2x5j-vhc8-9cwm
 * Replace golang.org/x/net=golang.org/x/[email protected] Fixes GO-2025-3503 CVE-2025-22870
 * Replace golang.org/x/crypto=golang.org/x/[email protected] Fixes GO-2023-2402 CVE-2023-48795 GHSA-45x7-px36-x8w8 Fixes GO-2025-3487 CVE-2025-22869
 * Replace github.com/go-git/go-git/v5=github.com/go-git/go-git/[email protected] Fixes GO-2025-3367 CVE-2025-21614 GHSA-r9px-m959-cxf4 Fixes GO-2025-3368 CVE-2025-21613 GHSA-v725-9546-7q7m
 * Service tar_scm set mode manual from disabled
 * Service tar_scm create archive from git so we can exclude vendor directory upstream committed to git. Committed vendor directory contents have build issues even after go mod tidy.
 * Service tar_scm exclude dir vendor
 * Service set_version set mode manual from disabled
 * Service set_version remove param basename not needed

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected cheat package.

See Also

https://bugzilla.suse.com/1247629

https://bugzilla.suse.com/1253593

https://bugzilla.suse.com/1253922

https://bugzilla.suse.com/1254051

https://www.suse.com/security/cve/CVE-2023-48795

https://www.suse.com/security/cve/CVE-2025-21613

https://www.suse.com/security/cve/CVE-2025-21614

https://www.suse.com/security/cve/CVE-2025-22869

https://www.suse.com/security/cve/CVE-2025-22870

https://www.suse.com/security/cve/CVE-2025-47913

https://www.suse.com/security/cve/CVE-2025-47914

https://www.suse.com/security/cve/CVE-2025-58181

Plugin Details

Severity: Medium

ID: 279664

File Name: openSUSE-2025-20177-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 12/24/2025

Updated: 12/24/2025

Supported Sensors: Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 5.4

Temporal Score: 4.2

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:C/A:N

CVSS Score Source: CVE-2023-48795

CVSS v3

Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.3

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS v4

Risk Factor: Medium

Base Score: 6

Threat Score: 5.3

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Vulnerability Information

CPE: cpe:/o:novell:opensuse:16.0, p-cpe:/a:novell:opensuse:cheat

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/18/2025

Vulnerability Publication Date: 6/13/2023

Reference Information

CVE: CVE-2023-48795, CVE-2025-21613, CVE-2025-21614, CVE-2025-22869, CVE-2025-22870, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181