Detections
Analytics

openSUSE 16 Security Update : perl-CryptX (openSUSE-SU-2026:20936-1)

high Nessus Plugin ID 320994

Synopsis

The remote openSUSE host is missing one or more security updates.

Description

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20936-1 advisory.

 Changes in perl-CryptX:

 - updated to 0.89.0 (0.089) see /usr/share/doc/packages/perl-CryptX/Changes

 0.089 2026-05-10
 - new: Crypt::ASN1
 - new: Crypt::AuthEnc::SIV
 - new: Crypt::AuthEnc::XChaCha20Poly1305
 - new: Crypt::Cipher::SM4
 - new: Crypt::Digest::TurboSHAKE
 - new: Crypt::Digest::KangarooTwelve
 - new: Crypt::PK::Ed448
 - new: Crypt::PK::X448
 - new: Crypt::Stream::XChaCha
 - new: Crypt::Stream::XSalsa20
 - Crypt::PK::Ed25519 - new functions: sign_message_ctx, verify_message_ctx, sign_message_ph, verify_message_ph
 - Crypt::Digest: object digest accessors now finalize the object; use reset() before reuse
 - Crypt::Mac + Crypt::AuthEnc: finalized-object lifecycle is now enforced consistently
 - security/hardening fixes across Digest/Mac/AuthEnc/Mode/Stream/PK/PRNG
 - fixes related to wycheproof test suite
 - documentation cleanup & improvements
 - support for RFC 8702 RSA-PSS-SHAKE128/256 and ECDSA-SHAKE128/256
 - support for FRP256v1 elliptic-curve
 - bundled libtomcrypt update branch:develop (commit: 8b5af49b 2026-05-06)
 - CVE-2026-41565 bsc#1266804

 0.088 2026-04-23
 - Crypt::KeyDerivation - new functions: pbkdf1_openssl, bcrypt_pbkdf, scrypt_pbkdf, argon2_pbkdf
 - Crypt::Misc - new functions: random_v7uuid, is_uuid
 - bundled libtomcrypt update branch:develop (commit: 2e441a17 2026-04-15)
 - bundled libtommath update branch:develop (commit: ae40a87 2026-04-20)
 - security fix CVE-2026-41564 https://github.com/DCIT/perl- CryptX/security/advisories/GHSA-24c2-gp6c-24c6 bsc#1262697
 - CVE-2026-41565 bsc#1266804

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected perl-CryptX package.

See Also

https://bugzilla.suse.com/1244472

https://bugzilla.suse.com/1262697

https://bugzilla.suse.com/1266804

https://www.suse.com/security/cve/CVE-2026-41564

https://www.suse.com/security/cve/CVE-2026-41565

Plugin Details

Severity: High

ID: 320994

File Name: openSUSE-2026-20936-1.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 6/14/2026

Updated: 6/14/2026

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2026-41565

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2026-41564

Vulnerability Information

CPE: cpe:/o:novell:opensuse:16.0, p-cpe:/a:novell:opensuse:perl-cryptx

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 6/10/2026

Vulnerability Publication Date: 4/23/2026

Reference Information

CVE: CVE-2026-41564, CVE-2026-41565