Detections
Analytics

openSUSE 16 Security Update : wget2 (openSUSE-SU-2026:20038-1)

high Nessus Plugin ID 287968

Synopsis

The remote openSUSE host is missing one or more security updates.

Description

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20038-1 advisory.

 Changes in wget2:

 - Update to release 2.2.1
 * Fix file overwrite issue with metalink [CVE-2025-69194 bsc#1255728]
 * Fix remote buffer overflow in get_local_filename_real() [CVE-2025-69195 bsc#1255729]
 * Fix a redirect/mirror regression from 400713ca
 * Use the local system timestamp when requested via
 --no-use-server-timestamps
 * Prevent file truncation with --no-clobber
 * Improve messages about why URLs are not being followed
 * Fix metalink with -O/--output-document
 * Fix sorting of metalink mirrors by priority
 * Add --show-progress to improve backwards compatibility to wget
 * Fix buffer overflow in wget_iri_clone() after wget_iri_set_scheme()
 * Allow 'no_' prefix in config options
 * Use libnghttp2 for HTTP/2 testing
 * Set exit status to 8 on 403 response code
 * Fix convert-links
 * Fix --server-response for HTTP/1.1

 - Update to release 2.2.0
 * Don't truncate file when -c and -O are combined
 * Don't log URI userinfo to logs
 * Fix downloading multiple files via HTTP/2
 * Support connecting with HTTP/1.0 proxies
 * Ignore 1xx HTTP responses for HTTP/1.1
 * Disable TCP Fast Open by default
 * Fix segfault when OCSP response is missing
 * Add libproxy support

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected libwget4, wget2 and / or wget2-devel packages.

See Also

https://bugzilla.suse.com/1255728

https://bugzilla.suse.com/1255729

https://www.suse.com/security/cve/CVE-2025-69194

https://www.suse.com/security/cve/CVE-2025-69195

Plugin Details

Severity: High

ID: 287968

File Name: openSUSE-2026-20038-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 1/16/2026

Updated: 1/16/2026

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2025-69194

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:opensuse:16.0, p-cpe:/a:novell:opensuse:libwget4, p-cpe:/a:novell:opensuse:wget2, p-cpe:/a:novell:opensuse:wget2-devel

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/14/2026

Vulnerability Publication Date: 1/6/2026

Reference Information

CVE: CVE-2025-69194, CVE-2025-69195