openSUSE Local Security Checks : openSUSE Security Advisory (openSUSE-SU-2025:0091-1)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.1.18.1.2025.0091.1

Category: openSUSE Local Security Checks

Title: openSUSE Security Advisory (openSUSE-SU-2025:0091-1)

Summary: The remote host is missing an update for the 'restic' package(s) announced via the openSUSE-SU-2025:0091-1 advisory.

Description: Summary:
The remote host is missing an update for the 'restic' package(s) announced via the openSUSE-SU-2025:0091-1 advisory.

Vulnerability Insight:
This update for restic fixes the following issues:

- Fixed CVE-2025-22868: golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2 (boo#1239264)

- Update to version 0.17.3

- Fix #4971: Fix unusable mount on macOS Sonoma
- Fix #5003: Fix metadata errors during backup of removable disks
on Windows
- Fix #5101: Do not retry load/list operation if SFTP connection
is broken
- Fix #5107: Fix metadata error on Windows for backups using VSS
- Enh #5096: Allow prune --dry-run without lock

- Update to version 0.17.2

- Fix #4004: Support container-level SAS/SAT tokens for Azure
backend
- Fix #5047: Resolve potential error during concurrent cache
cleanup
- Fix #5050: Return error if tag fails to lock repository
- Fix #5057: Exclude irregular files from backups
- Fix #5063: Correctly backup extended metadata when using VSS on
Windows

- Update to version 0.17.1

- Fix #2004: Correctly handle volume names in backup command on
Windows
- Fix #4945: Include missing backup error text with --json
- Fix #4953: Correctly handle long paths on older Windows
versions
- Fix #4957: Fix delayed cancellation of certain commands
- Fix #4958: Don't ignore metadata-setting errors during restore
- Fix #4969: Correctly restore timestamp for files with resource
forks on macOS
- Fix #4975: Prevent backup --stdin-from-command from panicking
- Fix #4980: Skip extended attribute processing on unsupported
Windows volumes
- Fix #5004: Fix spurious 'A Required Privilege Is Not Held by
the Client' error
- Fix #5005: Fix rare failures to retry locking a repository
- Fix #5018: Improve HTTP/2 support for REST backend
- Chg #4953: Also back up files with incomplete metadata
- Enh #4795: Display progress bar for restore --verify
- Enh #4934: Automatically clear removed snapshots from cache
- Enh #4944: Print JSON-formatted errors during restore --json
- Enh #4959: Return exit code 12 for 'bad password' errors
- Enh #4970: Make timeout for stuck requests customizable

- Update to version 0.17.0

- Fix #3600: Handle unreadable xattrs in folders above backup
source
- Fix #4209: Fix slow SFTP upload performance
- Fix #4503: Correct hardlink handling in stats command
- Fix #4568: Prevent forget --keep-tags from deleting
all snapshots
- Fix #4615: Make find not sometimes ignore directories
- Fix #4656: Properly report ID of newly added keys
- Fix #4703: Shutdown cleanly when receiving SIGTERM
- Fix #4709: Correct --no-lock handling of ls and tag commands
- Fix #4760: Fix possible error on concurrent cache cleanup
- Fix #4850: Handle UTF-16 password files in key command
correctly
- Fix #4902: Update snapshot summary on rewrite
- Chg #956: Return exit code 10 and 11 for non-existing and
locked repository
- Chg #4540: Require at least ARMv6 for ARM binaries
- Chg #4602: Deprecate legacy index format and s3legacy
... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'restic' package(s) on openSUSE Leap 15.6.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2025-22868

Copyright Copyright (C) 2025 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.1.18.1.2025.0091.1
Category:	openSUSE Local Security Checks
Title:	openSUSE Security Advisory (openSUSE-SU-2025:0091-1)
Summary:	The remote host is missing an update for the 'restic' package(s) announced via the openSUSE-SU-2025:0091-1 advisory.
Description:	Summary: The remote host is missing an update for the 'restic' package(s) announced via the openSUSE-SU-2025:0091-1 advisory. Vulnerability Insight: This update for restic fixes the following issues: - Fixed CVE-2025-22868: golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2 (boo#1239264) - Update to version 0.17.3 - Fix #4971: Fix unusable mount on macOS Sonoma - Fix #5003: Fix metadata errors during backup of removable disks on Windows - Fix #5101: Do not retry load/list operation if SFTP connection is broken - Fix #5107: Fix metadata error on Windows for backups using VSS - Enh #5096: Allow prune --dry-run without lock - Update to version 0.17.2 - Fix #4004: Support container-level SAS/SAT tokens for Azure backend - Fix #5047: Resolve potential error during concurrent cache cleanup - Fix #5050: Return error if tag fails to lock repository - Fix #5057: Exclude irregular files from backups - Fix #5063: Correctly backup extended metadata when using VSS on Windows - Update to version 0.17.1 - Fix #2004: Correctly handle volume names in backup command on Windows - Fix #4945: Include missing backup error text with --json - Fix #4953: Correctly handle long paths on older Windows versions - Fix #4957: Fix delayed cancellation of certain commands - Fix #4958: Don't ignore metadata-setting errors during restore - Fix #4969: Correctly restore timestamp for files with resource forks on macOS - Fix #4975: Prevent backup --stdin-from-command from panicking - Fix #4980: Skip extended attribute processing on unsupported Windows volumes - Fix #5004: Fix spurious 'A Required Privilege Is Not Held by the Client' error - Fix #5005: Fix rare failures to retry locking a repository - Fix #5018: Improve HTTP/2 support for REST backend - Chg #4953: Also back up files with incomplete metadata - Enh #4795: Display progress bar for restore --verify - Enh #4934: Automatically clear removed snapshots from cache - Enh #4944: Print JSON-formatted errors during restore --json - Enh #4959: Return exit code 12 for 'bad password' errors - Enh #4970: Make timeout for stuck requests customizable - Update to version 0.17.0 - Fix #3600: Handle unreadable xattrs in folders above backup source - Fix #4209: Fix slow SFTP upload performance - Fix #4503: Correct hardlink handling in stats command - Fix #4568: Prevent forget --keep-tags from deleting all snapshots - Fix #4615: Make find not sometimes ignore directories - Fix #4656: Properly report ID of newly added keys - Fix #4703: Shutdown cleanly when receiving SIGTERM - Fix #4709: Correct --no-lock handling of ls and tag commands - Fix #4760: Fix possible error on concurrent cache cleanup - Fix #4850: Handle UTF-16 password files in key command correctly - Fix #4902: Update snapshot summary on rewrite - Chg #956: Return exit code 10 and 11 for non-existing and locked repository - Chg #4540: Require at least ARMv6 for ARM binaries - Chg #4602: Deprecate legacy index format and s3legacy ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'restic' package(s) on openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2025-22868
Copyright	Copyright (C) 2025 Greenbone AG