openSUSE Local Security Checks : openSUSE Security Advisory (openSUSE-SU-2025:0056-1)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.18.1.2025.0056.1

Categoría: openSUSE Local Security Checks

Título: openSUSE Security Advisory (openSUSE-SU-2025:0056-1)

Resumen: The remote host is missing an update for the 'trivy' package(s) announced via the openSUSE-SU-2025:0056-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'trivy' package(s) announced via the openSUSE-SU-2025:0056-1 advisory.

Vulnerability Insight:
This update for trivy fixes the following issues:

Update to version 0.58.2 (

boo#1234512, CVE-2024-45337,
boo#1235265, CVE-2024-45338):

* fix(misconf): allow null values only for tf variables [backport: release/v0.58] (#8238)
* fix(suse): SUSE - update OSType constants and references for compatility [backport: release/v0.58] (#8237)
* fix: CVE-2025-21613 and CVE-2025-21614 : go-git: argument injection via the URL field [backport: release/v0.58] (#8215)
* fix(sbom): attach nested packages to Application [backport: release/v0.58] (#8168)
* fix(python): skip dev group's deps for poetry [backport: release/v0.58] (#8158)
* fix(sbom): use root package for `unknown` dependencies (if exists) [backport: release/v0.58] (#8156)
* chore(deps): bump `golang.org/x/net` from `v0.32.0` to `v0.33.0` [backport: release/v0.58] (#8142)
* chore(deps): bump `github.com/CycloneDX/cyclonedx-go` from `v0.9.1` to `v0.9.2` [backport: release/v0.58] (#8136)
* fix(redhat): correct rewriting of recommendations for the same vulnerability [backport: release/v0.58] (#8135)
* fix(oracle): add architectures support for advisories [backport: release/v0.58] (#8125)
* fix(sbom): fix wrong overwriting of applications obtained from different sbom files but having same app type [backport: release/v0.58] (#8124)
* chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 [backport: release/v0.58] (#8122)
* fix: handle `BLOW_UNKNOWN` error to download DBs [backport: release/v0.58] (#8121)
* fix(java): correctly overwrite version from depManagement if dependency uses `project.*` props [backport: release/v0.58] (#8119)
* release: v0.58.0 [main] (#7874)
* fix(misconf): wrap AWS EnvVar to iac types (#7407)
* chore(deps): Upgrade trivy-checks (#8018)
* refactor(misconf): Remove unused options (#7896)
* docs: add terminology page to explain Trivy concepts (#7996)
* feat: add `workspaceRelationship` (#7889)
* refactor(sbom): simplify relationship generation (#7985)
* docs: improve databases documentation (#7732)
* refactor: remove support for custom Terraform checks (#7901)
* docs: drop AWS account scanning (#7997)
* fix(aws): change CPU and Memory type of ContainerDefinition to a string (#7995)
* fix(cli): Handle empty ignore files more gracefully (#7962)
* fix(misconf): load full Terraform module (#7925)
* fix(misconf): properly resolve local Terraform cache (#7983)
* refactor(k8s): add v prefix for Go packages (#7839)
* test: replace Go checks with Rego (#7867)
* feat(misconf): log causes of HCL file parsing errors (#7634)
* chore(deps): bump the aws group across 1 directory with 7 updates (#7991)
* chore(deps): bump github.com/moby/buildkit from 0.17.0 to 0.17.2 in the docker group across 1 directory (#7990)
* chore(deps): update csaf module dependency from csaf-poc to gocsaf (#7992)
* chore: downgrade the failed block expand message to debug (#7964)
* fix(misconf): do not ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'trivy' package(s) on openSUSE Leap 15.6.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2024-34155
Common Vulnerability Exposure (CVE) ID: CVE-2024-34156
Common Vulnerability Exposure (CVE) ID: CVE-2024-34158
Common Vulnerability Exposure (CVE) ID: CVE-2024-3817
https://discuss.hashicorp.com/t/hcsec-2024-09-hashicorp-go-getter-vulnerable-to-argument-injection-when-fetching-remote-default-git-branches/66040
Common Vulnerability Exposure (CVE) ID: CVE-2024-45337
Common Vulnerability Exposure (CVE) ID: CVE-2024-45338
Common Vulnerability Exposure (CVE) ID: CVE-2025-21613
Common Vulnerability Exposure (CVE) ID: CVE-2025-21614

Copyright Copyright (C) 2025 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.18.1.2025.0056.1
Categoría:	openSUSE Local Security Checks
Título:	openSUSE Security Advisory (openSUSE-SU-2025:0056-1)
Resumen:	The remote host is missing an update for the 'trivy' package(s) announced via the openSUSE-SU-2025:0056-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'trivy' package(s) announced via the openSUSE-SU-2025:0056-1 advisory. Vulnerability Insight: This update for trivy fixes the following issues: Update to version 0.58.2 ( boo#1234512, CVE-2024-45337, boo#1235265, CVE-2024-45338): * fix(misconf): allow null values only for tf variables [backport: release/v0.58] (#8238) * fix(suse): SUSE - update OSType constants and references for compatility [backport: release/v0.58] (#8237) * fix: CVE-2025-21613 and CVE-2025-21614 : go-git: argument injection via the URL field [backport: release/v0.58] (#8215) * fix(sbom): attach nested packages to Application [backport: release/v0.58] (#8168) * fix(python): skip dev group's deps for poetry [backport: release/v0.58] (#8158) * fix(sbom): use root package for `unknown` dependencies (if exists) [backport: release/v0.58] (#8156) * chore(deps): bump `golang.org/x/net` from `v0.32.0` to `v0.33.0` [backport: release/v0.58] (#8142) * chore(deps): bump `github.com/CycloneDX/cyclonedx-go` from `v0.9.1` to `v0.9.2` [backport: release/v0.58] (#8136) * fix(redhat): correct rewriting of recommendations for the same vulnerability [backport: release/v0.58] (#8135) * fix(oracle): add architectures support for advisories [backport: release/v0.58] (#8125) * fix(sbom): fix wrong overwriting of applications obtained from different sbom files but having same app type [backport: release/v0.58] (#8124) * chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 [backport: release/v0.58] (#8122) * fix: handle `BLOW_UNKNOWN` error to download DBs [backport: release/v0.58] (#8121) * fix(java): correctly overwrite version from depManagement if dependency uses `project.` props [backport: release/v0.58] (#8119) release: v0.58.0 [main] (#7874) * fix(misconf): wrap AWS EnvVar to iac types (#7407) * chore(deps): Upgrade trivy-checks (#8018) * refactor(misconf): Remove unused options (#7896) * docs: add terminology page to explain Trivy concepts (#7996) * feat: add `workspaceRelationship` (#7889) * refactor(sbom): simplify relationship generation (#7985) * docs: improve databases documentation (#7732) * refactor: remove support for custom Terraform checks (#7901) * docs: drop AWS account scanning (#7997) * fix(aws): change CPU and Memory type of ContainerDefinition to a string (#7995) * fix(cli): Handle empty ignore files more gracefully (#7962) * fix(misconf): load full Terraform module (#7925) * fix(misconf): properly resolve local Terraform cache (#7983) * refactor(k8s): add v prefix for Go packages (#7839) * test: replace Go checks with Rego (#7867) * feat(misconf): log causes of HCL file parsing errors (#7634) * chore(deps): bump the aws group across 1 directory with 7 updates (#7991) * chore(deps): bump github.com/moby/buildkit from 0.17.0 to 0.17.2 in the docker group across 1 directory (#7990) * chore(deps): update csaf module dependency from csaf-poc to gocsaf (#7992) * chore: downgrade the failed block expand message to debug (#7964) * fix(misconf): do not ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'trivy' package(s) on openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2024-34155 Common Vulnerability Exposure (CVE) ID: CVE-2024-34156 Common Vulnerability Exposure (CVE) ID: CVE-2024-34158 Common Vulnerability Exposure (CVE) ID: CVE-2024-3817 https://discuss.hashicorp.com/t/hcsec-2024-09-hashicorp-go-getter-vulnerable-to-argument-injection-when-fetching-remote-default-git-branches/66040 Common Vulnerability Exposure (CVE) ID: CVE-2024-45337 Common Vulnerability Exposure (CVE) ID: CVE-2024-45338 Common Vulnerability Exposure (CVE) ID: CVE-2025-21613 Common Vulnerability Exposure (CVE) ID: CVE-2025-21614
Copyright	Copyright (C) 2025 Greenbone AG