SUSE SLES15: terraform-provider-aws / terraform-provider-azurerm / etc (SUSE-SU-2026:3056-1)

high Nessus Plugin ID 327306

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:3056-1 advisory.

This update for terraform-provider-aws, terraform-provider-azurerm, terraform-provider-external, terraform-provider-google, terraform-provider-helm, terraform-provider-kubernetes, terraform-provider- local, terraform-provider-null, terraform-provider-random, terraform-provider-tls fixes the following issues

- CVE-2022-41723: go1.19,go1.20: net/http2: quadratic complexity in HPACK decoding (bsc#1208300).
- CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction (bsc#1241728).
- CVE-2025-32386: helm: specially crafted chart archive can cause OOM termination (bsc#1241030).
- CVE-2025-32387: helm: specially crafted JSON schema can cause a stack overflow (bsc#1241033).
- CVE-2025-47911: golang.org/x/net/html: various algorithms have quadratic complexity when parsing HTML documents (bsc#1251365).
- CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253508 bsc#1253517).
- CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read (bsc#1253980 bsc#1253983).
- CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption (bsc#1253797 bsc#1253799).
- CVE-2025-58190: golang.org/x/net/html: specially crafted input can cause excessive memory consumption by `html.ParseFragment` (bsc#1251559).
- CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html:
multiple issues when parsing HTML files (bsc#1267058).
- CVE-2026-25934: github.com/go-git/go-git/v5: improper verification of data integrity values for `.pack` and `.idx` files can lead to the consumption of corrupted files (bsc#1258096).
- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 `:path` pseudo-header (bsc#1260139 bsc#1260149 bsc#1260180).
- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation bypass and privilege escalation (bsc#1266477 bsc#1266482 bsc#1266541 bsc#1266547).
- CVE-2026-39827,CVE-2026-39828,CVE-2026-39829,CVE-2026-39830,CVE-2026-39831,CVE-2026-39832,CVE-2026-39833, CVE-2026-39834,CVE-2026-39835,CVE-2026-42508,CVE-2026-46595,CVE-2026-46597,CVE-2026-46598:
golang.org/x/crypto/ssh: multiple issues in the crypto/ssh library (bsc#1266051 bsc#1266057 bsc#1266086 bsc#1266112 bsc#1266122 bsc#1266127 bsc#1266132 bsc#1266150 bsc#1266160).
- CVE-2026-41506: github.com/go-git/go-git/v5: HTTP authentication credential leak when following redirects during smart-HTTP clone and fetch operations (bsc#1264862 bsc#1264888 bsc#1264938).
- CVE-2026-41602: github.com/apache/thrift: `TFramedTransport` frame size headers can lead to a `uint32` integer overflow (bsc#1263515).
- CVE-2026-41603: github.com/apache/thrift: improper hostname verification in `TSSLTransportFactory` can lead to host mismatch (bsc#1263606).
- CVE-2026-41604: github.com/apache/thrift: swift input with an invalid field range can lead to an out-of- bounds read and application crash (bsc#1263445).
- CVE-2026-41605: github.com/apache/thrift: compact protocol messages with large integer values can lead to integer overflow (bsc#1263411).
- CVE-2026-41606: github.com/apache/thrift: crafted nested messages in `c_glib` dispatch can lead to uncontrolled recursion and denial of service (bsc#1263357).
- CVE-2026-41607: github.com/apache/thrift: crafted message with improper length validation can lead to an out-of-bounds read and potential information disclosure (bsc#1263313).
- CVE-2026-41636: github.com/apache/thrift: uncontrolled recursion in Node.js bindings can lead to denial of service via stack exhaustion (bsc#1263247).
- CVE-2026-44740: github.com/go-git/go-billy/v5: improper input handling in many components can lead to DoS via infinite loops, panics or resource consumption (bsc#1267271 bsc#1267273 bsc#1267276).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1208300

https://bugzilla.suse.com/1241030

https://bugzilla.suse.com/1241033

https://bugzilla.suse.com/1241728

https://bugzilla.suse.com/1251365

https://bugzilla.suse.com/1251559

https://bugzilla.suse.com/1253508

https://bugzilla.suse.com/1253517

https://bugzilla.suse.com/1253797

https://bugzilla.suse.com/1253799

https://bugzilla.suse.com/1253980

https://bugzilla.suse.com/1253983

https://bugzilla.suse.com/1258096

https://bugzilla.suse.com/1260139

https://bugzilla.suse.com/1260149

https://bugzilla.suse.com/1260180

https://bugzilla.suse.com/1263247

https://bugzilla.suse.com/1263313

https://bugzilla.suse.com/1263357

https://bugzilla.suse.com/1263411

https://bugzilla.suse.com/1263445

https://bugzilla.suse.com/1263515

https://bugzilla.suse.com/1263606

https://bugzilla.suse.com/1264862

https://bugzilla.suse.com/1264888

https://bugzilla.suse.com/1264938

https://bugzilla.suse.com/1266051

https://bugzilla.suse.com/1266057

https://bugzilla.suse.com/1266086

https://bugzilla.suse.com/1266112

https://bugzilla.suse.com/1266122

https://bugzilla.suse.com/1266127

https://bugzilla.suse.com/1266132

https://bugzilla.suse.com/1266150

https://bugzilla.suse.com/1266160

https://bugzilla.suse.com/1266477

https://bugzilla.suse.com/1266482

https://bugzilla.suse.com/1266541

https://bugzilla.suse.com/1266547

https://bugzilla.suse.com/1267058

https://bugzilla.suse.com/1267271

https://bugzilla.suse.com/1267273

https://bugzilla.suse.com/1267276

https://lists.suse.com/pipermail/sle-updates/2026-July/048329.html

https://www.suse.com/security/cve/CVE-2022-41723

https://www.suse.com/security/cve/CVE-2025-22869

https://www.suse.com/security/cve/CVE-2025-22872

https://www.suse.com/security/cve/CVE-2025-32386

https://www.suse.com/security/cve/CVE-2025-32387

https://www.suse.com/security/cve/CVE-2025-47911

https://www.suse.com/security/cve/CVE-2025-47913

https://www.suse.com/security/cve/CVE-2025-47914

https://www.suse.com/security/cve/CVE-2025-58181

https://www.suse.com/security/cve/CVE-2025-58190

https://www.suse.com/security/cve/CVE-2026-25680

https://www.suse.com/security/cve/CVE-2026-25681

https://www.suse.com/security/cve/CVE-2026-25934

https://www.suse.com/security/cve/CVE-2026-27136

https://www.suse.com/security/cve/CVE-2026-33186

https://www.suse.com/security/cve/CVE-2026-33814

https://www.suse.com/security/cve/CVE-2026-39821

https://www.suse.com/security/cve/CVE-2026-39827

https://www.suse.com/security/cve/CVE-2026-39828

https://www.suse.com/security/cve/CVE-2026-39829

https://www.suse.com/security/cve/CVE-2026-39830

https://www.suse.com/security/cve/CVE-2026-39831

https://www.suse.com/security/cve/CVE-2026-39832

https://www.suse.com/security/cve/CVE-2026-39833

https://www.suse.com/security/cve/CVE-2026-39834

https://www.suse.com/security/cve/CVE-2026-39835

https://www.suse.com/security/cve/CVE-2026-41506

https://www.suse.com/security/cve/CVE-2026-41602

https://www.suse.com/security/cve/CVE-2026-41603

https://www.suse.com/security/cve/CVE-2026-41604

https://www.suse.com/security/cve/CVE-2026-41605

https://www.suse.com/security/cve/CVE-2026-41606

https://www.suse.com/security/cve/CVE-2026-41607

https://www.suse.com/security/cve/CVE-2026-41636

https://www.suse.com/security/cve/CVE-2026-42502

https://www.suse.com/security/cve/CVE-2026-42506

https://www.suse.com/security/cve/CVE-2026-42508

https://www.suse.com/security/cve/CVE-2026-44740

https://www.suse.com/security/cve/CVE-2026-46595

https://www.suse.com/security/cve/CVE-2026-46597

https://www.suse.com/security/cve/CVE-2026-46598

Plugin Details

Severity: High

ID: 327306

File Name: suse_SU-2026-3056-1.nasl

Version: 1.1

Type: Local

Agent: unix

Published: 7/16/2026

Updated: 7/16/2026

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

Percentile: 96.81

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2026-41506

CVSS v3

Risk Factor: High

Base Score: 7.4

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS v4

Risk Factor: High

Base Score: 8.7

Threat Score: 7.7

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

CVSS Score Source: CVE-2026-41636

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:terraform-provider-aws, p-cpe:/a:novell:suse_linux:terraform-provider-kubernetes, p-cpe:/a:novell:suse_linux:terraform-provider-azurerm, p-cpe:/a:novell:suse_linux:terraform-provider-google, p-cpe:/a:novell:suse_linux:terraform-provider-tls, p-cpe:/a:novell:suse_linux:terraform-provider-external, p-cpe:/a:novell:suse_linux:terraform-provider-helm, p-cpe:/a:novell:suse_linux:terraform-provider-local, p-cpe:/a:novell:suse_linux:terraform-provider-random, p-cpe:/a:novell:suse_linux:terraform-provider-null, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/15/2026

Vulnerability Publication Date: 2/15/2023

Reference Information

CVE: CVE-2022-41723, CVE-2025-22869, CVE-2025-22872, CVE-2025-32386, CVE-2025-32387, CVE-2025-47911, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58190, CVE-2026-25680, CVE-2026-25681, CVE-2026-25934, CVE-2026-27136, CVE-2026-33186, CVE-2026-33814, CVE-2026-39821, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829, CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833, CVE-2026-39834, CVE-2026-39835, CVE-2026-41506, CVE-2026-41602, CVE-2026-41603, CVE-2026-41604, CVE-2026-41605, CVE-2026-41606, CVE-2026-41607, CVE-2026-41636, CVE-2026-42502, CVE-2026-42506, CVE-2026-42508, CVE-2026-44740, CVE-2026-46595, CVE-2026-46597, CVE-2026-46598

SuSE: SUSE-SU-2026:3056-1