Detections
Analytics
SUSE SLES15 / openSUSE 15 Security Update : apptainer (SUSE-SU-2026:0439-1)
high Nessus Plugin ID 298751
Synopsis
The remote SUSE host is missing one or more security updates.Description
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0439-1 advisory.Security fixes:
- CVE-2024-45310: Fixed runc being tricked into creating empty files/directories on host (bsc#1257432)
- CVE-2025-65105: Fixed security bypass due to disabling security options (bsc#1255462)
- CVE-2025-47914: Fixed malformed constraint may cause denial of service in golang.org/x/crypto/ssh/agent (bsc#1253967)
- CVE-2025-58181: Fixed unbounded memory consumption in golang.org/x/crypto/ssh (bsc#1253784)
- CVE-2025-47913: Fixed potential denial of service in golang.org/x/crypto/ssh/agent (bsc#1253506)
- CVE-2025-22872: Fixed incorrect Neutralization of Input During Web Page Generation in x/net (bsc#1241710)
- CVE-2025-22870: Fixed HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net (bsc#1238611)
- CVE-2025-22869: Fixed potential denial of service in golang.org/x/crypto (bsc#1239322)
- CVE-2025-27144: Fixed DoS in go-jose Parsing in github.com/go-jose/go-jose (bsc#1237608)
- CVE-2025-8556: Fixed missing and wrong validation can lead to incorrect results in github.com/cloudflare/circl
Other fixes:
- Update to 1.4.5
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://bugzilla.suse.com/1237608
https://bugzilla.suse.com/1238611
https://bugzilla.suse.com/1239322
https://bugzilla.suse.com/1241710
https://bugzilla.suse.com/1253506
https://bugzilla.suse.com/1253784
https://bugzilla.suse.com/1253967
https://bugzilla.suse.com/1255462
https://bugzilla.suse.com/1257432
http://www.nessus.org/u?5a2daa59
https://www.suse.com/security/cve/CVE-2024-45310
https://www.suse.com/security/cve/CVE-2025-22869
https://www.suse.com/security/cve/CVE-2025-22870
https://www.suse.com/security/cve/CVE-2025-22872
https://www.suse.com/security/cve/CVE-2025-27144
https://www.suse.com/security/cve/CVE-2025-47913
https://www.suse.com/security/cve/CVE-2025-47914
https://www.suse.com/security/cve/CVE-2025-58181
Plugin Details
Severity: High
ID: 298751
File Name: suse_SU-2026-0439-1.nasl
Version: 1.1
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 2/12/2026
Updated: 2/12/2026
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS Score Source: CVE-2025-65105
CVSS v3
Risk Factor: Medium
Base Score: 5.3
Temporal Score: 4.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS v4
Risk Factor: High
Base Score: 8.7
Threat Score: 7.7
Threat Vector: CVSS:4.0/E:P
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVSS Score Source: CVE-2025-27144
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:apptainer-sle15_7, p-cpe:/a:novell:suse_linux:libsquashfuse0, p-cpe:/a:novell:suse_linux:apptainer, p-cpe:/a:novell:suse_linux:squashfuse-tools, p-cpe:/a:novell:suse_linux:apptainer-sle15_6, p-cpe:/a:novell:suse_linux:squashfuse, cpe:/o:novell:suse_linux:15
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 2/11/2026
Vulnerability Publication Date: 9/3/2024
Reference Information
CVE: CVE-2024-45310, CVE-2025-22869, CVE-2025-22870, CVE-2025-22872, CVE-2025-27144, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-65105, CVE-2025-8556
IAVA: 2025-A-0877
SuSE: SUSE-SU-2026:0439-1