Detections
Analytics

openSUSE 16 Security Update : docker (openSUSE-SU-2026:20057-1)

medium Nessus Plugin ID 291339

Synopsis

The remote openSUSE host is missing a security update.

Description

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20057-1 advisory.

 Changes in docker:

 - Update to Docker 28.5.1-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/28/#2851>

 - Update to Docker 28.5.0-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/28/#2850>

 - Update to docker-buildx v0.29.0. Upstream changelog:
 <https://github.com/docker/buildx/releases/tag/v0.29.0>

 - Remove git-core recommends on SLE. Most SLE systems have installRecommends=yes by default and thus end up installing git with Docker.
 bsc#1250508

 This feature is mostly intended for developers (docker build git://) so most users already have the dependency installed, and the error when git is missing is fairly straightforward (so they can easily figure out what they need to install).

 - Update to docker-buildx v0.28.0. Upstream changelog:
 <https://github.com/docker/buildx/releases/tag/v0.28.0>

 - Update to Docker 28.4.0-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/28/#2840>
 * Fixes a nil pointer panic in docker push. bsc#1248373

 - Update warnings and errors related to docker buildx ... so that they reference our openSUSE docker-buildx packages.

 - Enable building docker-buildx for SLE15 systems with SUSEConnect secret injection enabled. PED-12534 PED-8905 bsc#1247594

 As docker-buildx does not support our SUSEConnect secret injection (and some users depend docker build working transparently), patch the docker CLI so that docker build will no longer automatically call docker buildx build, effectively making DOCKER_BUILDKIT=0 the default configuration. Users can manually use docker buildx ... commands or set DOCKER_BUILDKIT=1 in order to opt-in to using docker-buildx.

 Users can silence the docker build warning by setting DOCKER_BUILDKIT=0 explicitly.

 In order to inject SCC credentials with docker-buildx, users should use

 RUN --mount=type=secret,id=SCCcredentials zypper -n ...

 in their Dockerfiles, and

 docker buildx build --secret id=SCCcredentials,src=/etc/zypp/credentials.d/SCCcredentials,type=file .

 when doing their builds.

 - Update to Docker 28.3.3-ce. See upstream changelog online at <https://docs.docker.com/engine/release-notes/28/#2833> CVE-2025-54388 bsc#1247367

 - Update to docker-buildx v0.26.1. Upstream changelog:
 <https://github.com/docker/buildx/releases/tag/v0.26.1>

 - Update to docker-buildx v0.26.0. Upstream changelog:
 <https://github.com/docker/buildx/releases/tag/v0.26.0>

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1247367

https://bugzilla.suse.com/1247594

https://bugzilla.suse.com/1248373

https://bugzilla.suse.com/1250508

https://www.suse.com/security/cve/CVE-2025-54388

Plugin Details

Severity: Medium

ID: 291339

File Name: openSUSE-2026-20057-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 1/19/2026

Updated: 1/19/2026

Supported Sensors: Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.5

CVSS v2

Risk Factor: Medium

Base Score: 4.8

Temporal Score: 3.5

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2025-54388

CVSS v3

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 4

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS v4

Risk Factor: Medium

Base Score: 5.1

Threat Score: 1.2

Threat Vector: CVSS:4.0/E:U

Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Vulnerability Information

CPE: cpe:/o:novell:opensuse:16.0, p-cpe:/a:novell:opensuse:docker-fish-completion, p-cpe:/a:novell:opensuse:docker-rootless-extras, p-cpe:/a:novell:opensuse:docker-bash-completion, p-cpe:/a:novell:opensuse:docker, p-cpe:/a:novell:opensuse:docker-zsh-completion, p-cpe:/a:novell:opensuse:docker-buildx

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 1/17/2026

Vulnerability Publication Date: 7/29/2025

Reference Information

CVE: CVE-2025-54388

IAVA: 2025-A-0560