openSUSE Local Security Checks : openSUSE Security Advisory (openSUSE-SU-2025:0091-1)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.18.1.2025.0091.1

Categoría: openSUSE Local Security Checks

Título: openSUSE Security Advisory (openSUSE-SU-2025:0091-1)

Resumen: The remote host is missing an update for the 'restic' package(s) announced via the openSUSE-SU-2025:0091-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'restic' package(s) announced via the openSUSE-SU-2025:0091-1 advisory.

Vulnerability Insight:
This update for restic fixes the following issues:

- Fixed CVE-2025-22868: golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2 (boo#1239264)

- Update to version 0.17.3

- Fix #4971: Fix unusable mount on macOS Sonoma
- Fix #5003: Fix metadata errors during backup of removable disks
on Windows
- Fix #5101: Do not retry load/list operation if SFTP connection
is broken
- Fix #5107: Fix metadata error on Windows for backups using VSS
- Enh #5096: Allow prune --dry-run without lock

- Update to version 0.17.2

- Fix #4004: Support container-level SAS/SAT tokens for Azure
backend
- Fix #5047: Resolve potential error during concurrent cache
cleanup
- Fix #5050: Return error if tag fails to lock repository
- Fix #5057: Exclude irregular files from backups
- Fix #5063: Correctly backup extended metadata when using VSS on
Windows

- Update to version 0.17.1

- Fix #2004: Correctly handle volume names in backup command on
Windows
- Fix #4945: Include missing backup error text with --json
- Fix #4953: Correctly handle long paths on older Windows
versions
- Fix #4957: Fix delayed cancellation of certain commands
- Fix #4958: Don't ignore metadata-setting errors during restore
- Fix #4969: Correctly restore timestamp for files with resource
forks on macOS
- Fix #4975: Prevent backup --stdin-from-command from panicking
- Fix #4980: Skip extended attribute processing on unsupported
Windows volumes
- Fix #5004: Fix spurious 'A Required Privilege Is Not Held by
the Client' error
- Fix #5005: Fix rare failures to retry locking a repository
- Fix #5018: Improve HTTP/2 support for REST backend
- Chg #4953: Also back up files with incomplete metadata
- Enh #4795: Display progress bar for restore --verify
- Enh #4934: Automatically clear removed snapshots from cache
- Enh #4944: Print JSON-formatted errors during restore --json
- Enh #4959: Return exit code 12 for 'bad password' errors
- Enh #4970: Make timeout for stuck requests customizable

- Update to version 0.17.0

- Fix #3600: Handle unreadable xattrs in folders above backup
source
- Fix #4209: Fix slow SFTP upload performance
- Fix #4503: Correct hardlink handling in stats command
- Fix #4568: Prevent forget --keep-tags from deleting
all snapshots
- Fix #4615: Make find not sometimes ignore directories
- Fix #4656: Properly report ID of newly added keys
- Fix #4703: Shutdown cleanly when receiving SIGTERM
- Fix #4709: Correct --no-lock handling of ls and tag commands
- Fix #4760: Fix possible error on concurrent cache cleanup
- Fix #4850: Handle UTF-16 password files in key command
correctly
- Fix #4902: Update snapshot summary on rewrite
- Chg #956: Return exit code 10 and 11 for non-existing and
locked repository
- Chg #4540: Require at least ARMv6 for ARM binaries
- Chg #4602: Deprecate legacy index format and s3legacy
... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'restic' package(s) on openSUSE Leap 15.6.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2025-22868

Copyright Copyright (C) 2025 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.18.1.2025.0091.1
Categoría:	openSUSE Local Security Checks
Título:	openSUSE Security Advisory (openSUSE-SU-2025:0091-1)
Resumen:	The remote host is missing an update for the 'restic' package(s) announced via the openSUSE-SU-2025:0091-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'restic' package(s) announced via the openSUSE-SU-2025:0091-1 advisory. Vulnerability Insight: This update for restic fixes the following issues: - Fixed CVE-2025-22868: golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2 (boo#1239264) - Update to version 0.17.3 - Fix #4971: Fix unusable mount on macOS Sonoma - Fix #5003: Fix metadata errors during backup of removable disks on Windows - Fix #5101: Do not retry load/list operation if SFTP connection is broken - Fix #5107: Fix metadata error on Windows for backups using VSS - Enh #5096: Allow prune --dry-run without lock - Update to version 0.17.2 - Fix #4004: Support container-level SAS/SAT tokens for Azure backend - Fix #5047: Resolve potential error during concurrent cache cleanup - Fix #5050: Return error if tag fails to lock repository - Fix #5057: Exclude irregular files from backups - Fix #5063: Correctly backup extended metadata when using VSS on Windows - Update to version 0.17.1 - Fix #2004: Correctly handle volume names in backup command on Windows - Fix #4945: Include missing backup error text with --json - Fix #4953: Correctly handle long paths on older Windows versions - Fix #4957: Fix delayed cancellation of certain commands - Fix #4958: Don't ignore metadata-setting errors during restore - Fix #4969: Correctly restore timestamp for files with resource forks on macOS - Fix #4975: Prevent backup --stdin-from-command from panicking - Fix #4980: Skip extended attribute processing on unsupported Windows volumes - Fix #5004: Fix spurious 'A Required Privilege Is Not Held by the Client' error - Fix #5005: Fix rare failures to retry locking a repository - Fix #5018: Improve HTTP/2 support for REST backend - Chg #4953: Also back up files with incomplete metadata - Enh #4795: Display progress bar for restore --verify - Enh #4934: Automatically clear removed snapshots from cache - Enh #4944: Print JSON-formatted errors during restore --json - Enh #4959: Return exit code 12 for 'bad password' errors - Enh #4970: Make timeout for stuck requests customizable - Update to version 0.17.0 - Fix #3600: Handle unreadable xattrs in folders above backup source - Fix #4209: Fix slow SFTP upload performance - Fix #4503: Correct hardlink handling in stats command - Fix #4568: Prevent forget --keep-tags from deleting all snapshots - Fix #4615: Make find not sometimes ignore directories - Fix #4656: Properly report ID of newly added keys - Fix #4703: Shutdown cleanly when receiving SIGTERM - Fix #4709: Correct --no-lock handling of ls and tag commands - Fix #4760: Fix possible error on concurrent cache cleanup - Fix #4850: Handle UTF-16 password files in key command correctly - Fix #4902: Update snapshot summary on rewrite - Chg #956: Return exit code 10 and 11 for non-existing and locked repository - Chg #4540: Require at least ARMv6 for ARM binaries - Chg #4602: Deprecate legacy index format and s3legacy ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'restic' package(s) on openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2025-22868
Copyright	Copyright (C) 2025 Greenbone AG