Detections
Analytics
openSUSE 16 Security Update : google-guest-agent (openSUSE-SU-2026:20609-1)
critical Nessus Plugin ID 310080
Synopsis
The remote openSUSE host is missing one or more security updates.Description
The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20609-1 advisory.Update to version 20250506.01 (bsc#1243254, bsc#1243505).
Security issues fixed:
- CVE-2024-45337: golang.org/x/crypto/ssh: misuse of the ServerConfig.PublicKeyCallback callback can lead to authorization bypass in applications (bsc#1234563).
- CVE-2023-45288: golang.org/x/net/http2: no limit set for number of HTTP/2 CONTINUATION frames that can be read for an HTTP/2 request can lead to excessive CPU consumption and a DoS (bsc#1236533).
Other updates and bugfixes:
- Version 20250506.01:
* Make sure agent added connections are activated by NM (#534)
- Version 20250506.00:
* Wrap NSS cache refresh in a goroutine (#533)
- Version 20250502.01:
* Wicked: Only reload interfaces for which configurations are written or changed. (#524)
- Version 20250502.00:
* Add AuthorizedKeysCompat to windows packaging (#530)
* Remove error messages from gce_workload_cert_refresh and metadata script runner (#527)
* Update guest-logging-go dependency (#526)
* Add 'created-by' metadata, and pass it as option to logging library (#508)
* Revert oslogin: Correctly handle newlines at the end of modified files (#520) (#523)
* Re-enable disabled services if the core plugin was enabled (#522)
* Enable guest services on package upgrade (#519)
* oslogin: Correctly handle newlines at the end of modified files (#520)
* Fix core plugin path (#518)
* Fix package build issues (#517)
* Fix dependencies ran go mod tidy -v (#515)
* Fix debian build path (#514)
* Bundle compat metadata script runner binary in package (#513)
* Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)
* Update startup/shutdown services to launch compat manager (#503)
* Bundle new gce metadata script runner binary in agent package (#502)
* Revert Revert bundling new binaries in the package (#509) (#511)
- Version 20250418.00:
* Re-enable disabled services if the core plugin was enabled (#521)
- Version 20250414.00:
* Add AuthorizedKeysCompat to windows packaging (#530)
* Remove error messages from gce_workload_cert_refresh and metadata script runner (#527)
* Update guest-logging-go dependency (#526)
* Add 'created-by' metadata, and pass it as option to logging library (#508)
* Revert oslogin: Correctly handle newlines at the end of modified files (#520) (#523)
* Re-enable disabled services if the core plugin was enabled (#522)
* Enable guest services on package upgrade (#519)
* oslogin: Correctly handle newlines at the end of modified files (#520)
* Fix core plugin path (#518)
* Fix package build issues (#517)
* Fix dependencies ran go mod tidy -v (#515)
* Fix debian build path (#514)
* Bundle compat metadata script runner binary in package (#513)
* Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)
* Update startup/shutdown services to launch compat manager (#503)
* Bundle new gce metadata script runner binary in agent package (#502)
* Revert Revert bundling new binaries in the package (#509) (#511)
- Version 20250327.01 (bsc#1239763, bsc#1239866):
* Remove error messages from gce_workload_cert_refresh and metadata script runner (#527)
- Version 20250327.00:
* Update guest-logging-go dependency (#526)
* Add 'created-by' metadata, and pass it as option to logging library (#508)
* Revert oslogin: Correctly handle newlines at the end of modified files (#520) (#523)
* Re-enable disabled services if the core plugin was enabled (#522)
* Enable guest services on package upgrade (#519)
* oslogin: Correctly handle newlines at the end of modified files (#520)
* Fix core plugin path (#518)
* Fix package build issues (#517)
* Fix dependencies ran go mod tidy -v (#515)
* Fix debian build path (#514)
* Bundle compat metadata script runner binary in package (#513)
* Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)
* Update startup/shutdown services to launch compat manager (#503)
* Bundle new gce metadata script runner binary in agent package (#502)
* Revert Revert bundling new binaries in the package (#509) (#511)
- Version 20250326.00:
* Re-enable disabled services if the core plugin was enabled (#521)
- Version 20250324.00:
* Enable guest services on package upgrade (#519)
* oslogin: Correctly handle newlines at the end of modified files (#520)
* Fix core plugin path (#518)
* Fix package build issues (#517)
* Fix dependencies ran go mod tidy -v (#515)
* Fix debian build path (#514)
* Bundle compat metadata script runner binary in package (#513)
* Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)
* Update startup/shutdown services to launch compat manager (#503)
* Bundle new gce metadata script runner binary in agent package (#502)
* Revert Revert bundling new binaries in the package (#509) (#511)
* Revert bundling new binaries in the package (#509)
* Fix typo in windows build script (#501)
* Include core plugin binary for all packages (#500)
* Start packaging compat manager (#498)
* Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)
* scripts: introduce a wrapper to locally build deb package (#490)
* Introduce compat-manager systemd unit (#497)
- Version 20250317.00:
* Revert Revert bundling new binaries in the package (#509) (#511)
* Revert bundling new binaries in the package (#509)
* Fix typo in windows build script (#501)
* Include core plugin binary for all packages (#500)
* Start packaging compat manager (#498)
* Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)
* scripts: introduce a wrapper to locally build deb package (#490)
* Introduce compat-manager systemd unit (#497)
- Version 20250312.00:
* Revert bundling new binaries in the package (#509)
* Fix typo in windows build script (#501)
* Include core plugin binary for all packages (#500)
* Start packaging compat manager (#498)
* Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)
* scripts: introduce a wrapper to locally build deb package (#490)
* Introduce compat-manager systemd unit (#497)
- Version 20250305.00:
* Revert bundling new binaries in the package (#509)
* Fix typo in windows build script (#501)
* Include core plugin binary for all packages (#500)
* Start packaging compat manager (#498)
* Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)
* scripts: introduce a wrapper to locally build deb package (#490)
* Introduce compat-manager systemd unit (#497)
- Version 20250304.01:
* Fix typo in windows build script (#501)
- Version 20250214.01:
* Include core plugin binary for all packages (#500)
- Version 20250212.00:
* Start packaging compat manager (#498)
* Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)
- Version 20250211.00:
* scripts: introduce a wrapper to locally build deb package (#490)
* Introduce compat-manager systemd unit (#497)
- Version 20250207.00:
* vlan: toggle vlan configuration in debian packaging (#495)
* vlan: move config out of unstable section (#494)
* Add clarification to comments regarding invalid NICs and the `invalid` tag. (#493)
* Include interfaces in lists even if it has an invalid MAC. (#489)
* Fix windows package build failures (#491)
* vlan: don't index based on the vlan ID (#486)
* Revert PR #482 (#488)
* Remove Amy and Zach from OWNERS (#487)
* Skip interfaces in interfaceNames() instead of erroring if there is an (#482)
* Fix Debian packaging if guest agent manager is not checked out (#485)
- Version 20250204.02:
* force concourse to move version forward.
- Version 20250204.01:
* vlan: toggle vlan configuration in debian packaging (#495)
- Version 20250204.00:
* vlan: move config out of unstable section (#494)
* Add clarification to comments regarding invalid NICs and the `invalid` tag. (#493)
- Version 20250203.01:
* Include interfaces in lists even if it has an invalid MAC. (#489)
- Version 20250203.00:
* Fix windows package build failures (#491)
* vlan: don't index based on the vlan ID (#486)
* Revert PR #482 (#488)
* Remove Amy and Zach from OWNERS (#487)
* Skip interfaces in interfaceNames() instead of erroring if there is an (#482)
* Fix Debian packaging if guest agent manager is not checked out (#485)
- Version 20250122.00:
* networkd(vlan): remove the interface in addition to config (#468)
* Implement support for vlan dynamic removal, update dhclient to remove only if configured (#465)
* Update logging library (#479)
* Remove Pat from owners file. (#478)
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected google-guest-agent package.See Also
https://bugzilla.suse.com/1234563
https://bugzilla.suse.com/1236533
https://bugzilla.suse.com/1239763
https://bugzilla.suse.com/1239866
https://bugzilla.suse.com/1243254
https://bugzilla.suse.com/1243505
Plugin Details
Severity: Critical
ID: 310080
File Name: openSUSE-2026-20609-1.nasl
Version: 1.1
Type: Local
Agent: unix
Family: SuSE Local Security Checks
Published: 4/24/2026
Updated: 4/24/2026
Supported Sensors: Nessus Agent, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.0
CVSS v2
Risk Factor: High
Base Score: 9.4
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N
CVSS Score Source: CVE-2024-45337
CVSS v3
Risk Factor: Critical
Base Score: 9.1
Temporal Score: 8.2
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:novell:opensuse:16.0, p-cpe:/a:novell:opensuse:google-guest-agent
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 4/22/2026
Vulnerability Publication Date: 4/3/2024
Reference Information
CVE: CVE-2023-45288, CVE-2024-45337