Detections
Analytics

openSUSE 16 Security Update : trivy (openSUSE-SU-2026:20191-1)

high Nessus Plugin ID 298721

Synopsis

The remote openSUSE host is missing one or more security updates.

Description

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20191-1 advisory.

 Changes in trivy:

 - Update to version 0.69.0 (bsc#1255366, CVE-2025-64702):
 * release: v0.69.0 [main] (#9886)
 * chore: bump trivy-checks to v2 (#9875)
 * chore(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.3.1 to 2.4.1 (#10091)
 * fix(repo): return a nil interface for gitAuth if missing (#10097)
 * fix(java): correctly inherit properties from parent fields for pom.xml files (#9111)
 * fix(rust): implement version inheritance for Cargo mono repos (#10011)
 * feat(activestate): add support ActiveState images (#10081)
 * feat(vex): support per-repo tls configuration (#10030)
 * refactor: allow per-request transport options override (#10083)
 * chore(deps): bump github.com/sigstore/rekor from 1.4.3 to 1.5.0 (#10084)
 * chore(deps): bump github.com/sigstore/sigstore from 1.10.3 to 1.10.4 (#10085)
 * fix(java): correctly propagate repositories from upper POMs to dependencies (#10077)
 * feat(rocky): enable modular package vulnerability detection (#10069)
 * chore(deps): bump github.com/theupdateframework/go-tuf/v2 from 2.3.0 to 2.3.1 (#10079)
 * docs: fix mistake in config file example for skip-dirs/skip-files flag (#10070)
 * feat(report): add Trivy version to JSON output (#10065)
 * fix(rust): add cargo workspace members glob support (#10032)
 * feat: add AnalyzedBy field to track which analyzer detected packages (#10059)
 * fix: use canonical SPDX license IDs from embeded licenses.json (#10053)
 * docs: fix link to Docker Image Specification (#10057)
 * feat(secret): add detection for Symfony default secret key (#9892)
 * refactor(misconf): move common logic to base value and simplify typed values (#9986)
 * fix(java): add hash of GAV+root pom file path for pkgID for packages from pom.xml files (#9880)
 * feat(misconf): use Terraform plan configuration to partially restore schema (#9623)
 * feat(misconf): add action block to Terraform schema (#10035)
 * fix(misconf): correct typos in block and attribute names (#9993)
 * test(misconf): simplify test values using *Test helpers (#9985)
 * fix(misconf): safely parse rotation_period in google_kms_crypto_key (#9980)
 * feat(misconf): support for ARM resources defined as an object (#9959)
 * feat(misconf): support for azurerm_*_web_app (#9944)
 * test: migrate private test helpers to `export_test.go` convention (#10043)
 * chore(deps): bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.6.2 (#10048)
 * fix(secret): improve word boundary detection for Hugging Face tokens (#10046)
 * fix(go): use ldflags version for all pseudo-versions (#10037)
 * chore: switch to ID from AVDID in internal and user-facing fields (#9655)
 * refactor(misconf)!: use ID instead of AVDID for providers mapping (#9752)
 * fix: move enum into items for array-type fields in JSON Schema (#10039)
 * docs: fix incorrect documentation URLs (#10038)
 * feat(sbom): exclude PEP 770 SBOMs in .dist-info/sboms/ (#10033)
 * fix(docker): fix non-det scan results for images with embedded SBOM (#9866)
 * chore(deps): bump the github-actions group with 11 updates (#10001)
 * test: fix assertion after 2026 roll over (#10002)
 * fix(vuln): skip vulns detection for CentOS Stream family without scan failure (#9964)
 * fix(license): normalize licenses for PostAnalyzers (#9941)
 * feat(nodejs): parse licenses from `package-lock.json` file (#9983)
 * chore: update reference links to Go Wiki (#9987)
 * refactor: add xslices.Map and replace lo.Map usages (#9984)
 * fix(image): race condition in image artifact inspection (#9966)
 * feat(flag): add JSON Schema for trivy.yaml configuration file (#9971)
 * refactor(debian): use txtar format for test data (#9957)
 * chore(deps): bump `golang.org/x/tools` to `v0.40.0` + `gopls` to `v0.21.0` (#9973)
 * feat(rootio): Update trivy db to support usage of Severity from root.io feed (#9930)
 * feat(vuln): skip vulnerability scanning for third-party packages in Debian/Ubuntu (#9932)
 * docs: add info that `--file-pattern` flag doesn't disable default behaviuor (#9961)
 * perf(misconf): optimize string concatenation in azure scanner (#9969)
 * chore: add client option to install script (#9962)
 * ci(helm): bump Trivy version to 0.68.2 for Trivy Helm Chart 0.20.1 (#9956)
 * chore(deps): bump github.com/quic-go/quic-go from 0.54.1 to 0.57.0 (#9952)
 * docs: update binary signature verification for sigstore bundles (#9929)
 * chore(deps): bump alpine from `3.22.1` to `3.23.0` (#9935)
 * chore(alpine): add EOL date for alpine 3.23 (#9934)
 * feat(cloudformation): add support for Fn::ForEach (#9508)
 * ci: enable `check-latest` for `setup-go` (#9931)
 * feat(debian): detect third-party packages using maintainer list (#9917)
 * fix(vex): add CVE-2025-66564 as not_affected into Trivy VEX file (#9924)
 * feat(helm): add sslCertDir parameter (#9697)
 * fix(misconf): respect .yml files when Helm charts are detected (#9912)
 * feat(php): add support for dev dependencies in Composer (#9910)
 * chore(deps): bump the common group across 1 directory with 9 updates (#9903)
 * chore(deps): bump github.com/docker/cli from 29.0.3+incompatible to 29.1.1+incompatible in the docker group (#9859)
 * fix: remove trailing tab in statefulset template (#9889)
 * feat(julia): enable vulnerability scanning for the Julia language ecosystem (#9800)
 * feat(misconf): initial ansible scanning support (#9332)
 * feat(misconf): Update Azure Database schema (#9811)
 * ci(helm): bump Trivy version to 0.68.1 for Trivy Helm Chart 0.20.0 (#9869)
 * chore: update the install script (#9874)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected trivy package.

See Also

https://bugzilla.suse.com/1255366

https://www.suse.com/security/cve/CVE-2025-64702

https://www.suse.com/security/cve/CVE-2025-66564

Plugin Details

Severity: High

ID: 298721

File Name: openSUSE-2026-20191-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 2/12/2026

Updated: 2/12/2026

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2025-66564

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:opensuse:16.0, p-cpe:/a:novell:opensuse:trivy

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2/10/2026

Vulnerability Publication Date: 12/4/2025

Reference Information

CVE: CVE-2025-64702, CVE-2025-66564