ID E8483115-8B8E-11EA-BDCF-001B217B3468 Type freebsd Reporter FreeBSD Modified 2020-04-30T00:00:00
Description
Gitlab reports:
Path Traversal in NuGet Package Registry
Workhorse Bypass Leads to File Disclosure
OAuth Application Client Secrets Revealed
Code Owners Approval Rules Are Not Updated for Existing Merge Requests When Source Branch Changes
Code Owners Protection Not Enforced from Web UI
Repository Mirror Passwords Exposed To Maintainers
Admin Audit Log Page Denial of Service
Private Project ID Revealed Through Group API
Elasticsearch Credentials Logged to ELK
GitHub Personal Access Token Exposed on Integrations Page
Update Nokogiri dependency
Update OpenSSL Dependency
Update git
{"nessus": [{"lastseen": "2020-12-12T10:50:43", "description": "Gitlab reports :\n\nPath Traversal in NuGet Package Registry\n\nWorkhorse Bypass Leads to File Disclosure\n\nOAuth Application Client Secrets Revealed\n\nCode Owners Approval Rules Are Not Updated for Existing Merge Requests\nWhen Source Branch Changes\n\nCode Owners Protection Not Enforced from Web UI\n\nRepository Mirror Passwords Exposed To Maintainers\n\nAdmin Audit Log Page Denial of Service\n\nPrivate Project ID Revealed Through Group API\n\nElasticsearch Credentials Logged to ELK\n\nGitHub Personal Access Token Exposed on Integrations Page\n\nUpdate Nokogiri dependency\n\nUpdate OpenSSL Dependency\n\nUpdate git", "edition": 5, "cvss3": {"score": 5.3, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}, "published": "2020-05-04T00:00:00", "title": "FreeBSD : Gitlab -- Multiple Vulnerabilities (e8483115-8b8e-11ea-bdcf-001b217b3468)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11008", "CVE-2020-10187", "CVE-2020-7595", "CVE-2020-12448", "CVE-2020-1967"], "modified": "2020-05-04T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:gitlab-ce"], "id": "FREEBSD_PKG_E84831158B8E11EABDCF001B217B3468.NASL", "href": "https://www.tenable.com/plugins/nessus/136304", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136304);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/11\");\n\n script_cve_id(\"CVE-2020-10187\", \"CVE-2020-11008\", \"CVE-2020-12448\", \"CVE-2020-1967\", \"CVE-2020-7595\");\n script_xref(name:\"IAVA\", value:\"2020-A-0186-S\");\n\n script_name(english:\"FreeBSD : Gitlab -- Multiple Vulnerabilities (e8483115-8b8e-11ea-bdcf-001b217b3468)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Gitlab reports :\n\nPath Traversal in NuGet Package Registry\n\nWorkhorse Bypass Leads to File Disclosure\n\nOAuth Application Client Secrets Revealed\n\nCode Owners Approval Rules Are Not Updated for Existing Merge Requests\nWhen Source Branch Changes\n\nCode Owners Protection Not Enforced from Web UI\n\nRepository Mirror Passwords Exposed To Maintainers\n\nAdmin Audit Log Page Denial of Service\n\nPrivate Project ID Revealed Through Group API\n\nElasticsearch Credentials Logged to ELK\n\nGitHub Personal Access Token Exposed on Integrations Page\n\nUpdate Nokogiri dependency\n\nUpdate OpenSSL Dependency\n\nUpdate git\"\n );\n # https://about.gitlab.com/releases/2020/04/30/security-release-12-10-2-released/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dac5e06d\"\n );\n # https://vuxml.freebsd.org/freebsd/e8483115-8b8e-11ea-bdcf-001b217b3468.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a57444f0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12448\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:gitlab-ce\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"gitlab-ce>=12.10.0<12.10.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"gitlab-ce>=12.9.0<12.9.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"gitlab-ce>=8.4.0<12.8.10\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-09-14T15:46:54", "description": "The version of Apple Xcode installed on the remote macOS or Mac OS X host is prior to 11.5. It is, therefore, affected\nby an information disclosure vulnerability whereby Git can be tricked into sending private credentials to a host\ncontrolled by an attacker. An attacker can exploit this vulnerability by persuading a victim to open a crafted\nmalicious `git clone` URL.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 4, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-08-20T00:00:00", "title": "Apple Xcode < 11.5 Git Credentials Disclosure (macOS)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11008"], "modified": "2020-08-20T00:00:00", "cpe": ["cpe:/a:apple:xcode"], "id": "MACOS_XCODE_11_5.NASL", "href": "https://www.tenable.com/plugins/nessus/139727", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139727);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/08\");\n\n script_cve_id(\"CVE-2020-11008\");\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2020-05-19\");\n script_xref(name:\"APPLE-SA\", value:\"HT211183\");\n\n script_name(english:\"Apple Xcode < 11.5 Git Credentials Disclosure (macOS)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An IDE application installed on the remote macOS or Mac OS X host is affected by a credentials disclosure vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Apple Xcode installed on the remote macOS or Mac OS X host is prior to 11.5. It is, therefore, affected\nby an information disclosure vulnerability whereby Git can be tricked into sending private credentials to a host\ncontrolled by an attacker. An attacker can exploit this vulnerability by persuading a victim to open a crafted\nmalicious `git clone` URL.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT211183\");\n # https://lists.apple.com/archives/security-announce/2020/May/msg00000.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?748cd761\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Apple Xcode version 11.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11008\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:xcode\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_xcode_installed.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Apple Xcode\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nget_kb_item_or_exit('Host/local_checks_enabled');\n\nos = get_kb_item('Host/MacOSX/Version');\nif (empty_or_null(os))\n audit(AUDIT_OS_NOT, 'macOS or Mac OS X');\n\napp_info = vcf::get_app_info(app:'Apple Xcode');\n\nvcf::check_granularity(app_info:app_info, sig_segments:2);\n\nconstraints = [\n { 'fixed_version' : '11.5' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-06T00:59:20", "description": "New git packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix a security issue.", "edition": 3, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-04-22T00:00:00", "title": "Slackware 14.0 / 14.1 / 14.2 / current : git (SSA:2020-112-01)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11008"], "modified": "2020-04-22T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:14.2", "cpe:/o:slackware:slackware_linux:14.1", "p-cpe:/a:slackware:slackware_linux:git", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux"], "id": "SLACKWARE_SSA_2020-112-01.NASL", "href": "https://www.tenable.com/plugins/nessus/135892", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2020-112-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135892);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/04\");\n\n script_cve_id(\"CVE-2020-11008\");\n script_xref(name:\"SSA\", value:\"2020-112-01\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / 14.2 / current : git (SSA:2020-112-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New git packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix a security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2020&m=slackware-security.449248\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a70ac386\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11008\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"git\", pkgver:\"2.17.5\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"git\", pkgver:\"2.17.5\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"git\", pkgver:\"2.17.5\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"git\", pkgver:\"2.17.5\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"git\", pkgver:\"2.17.5\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"git\", pkgver:\"2.17.5\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"git\", pkgver:\"2.26.2\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"git\", pkgver:\"2.26.2\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-03-24T09:24:43", "description": "The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2020:1980 advisory.\n\n - git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak\n (CVE-2020-11008)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 3, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2021-02-01T00:00:00", "title": "CentOS 8 : git (CESA-2020:1980)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11008"], "modified": "2021-02-01T00:00:00", "cpe": ["p-cpe:/a:centos:centos:git", "p-cpe:/a:centos:centos:gitk", "p-cpe:/a:centos:centos:git-email", "p-cpe:/a:centos:centos:git-core-doc", "p-cpe:/a:centos:centos:perl-Git-SVN", "p-cpe:/a:centos:centos:perl-Git", "p-cpe:/a:centos:centos:git-gui", "cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:gitweb", "p-cpe:/a:centos:centos:git-all", "p-cpe:/a:centos:centos:git-daemon", "p-cpe:/a:centos:centos:git-subtree", "p-cpe:/a:centos:centos:git-svn", "p-cpe:/a:centos:centos:git-instaweb", "p-cpe:/a:centos:centos:git-core"], "id": "CENTOS8_RHSA-2020-1980.NASL", "href": "https://www.tenable.com/plugins/nessus/145960", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2020:1980. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145960);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/23\");\n\n script_cve_id(\"CVE-2020-11008\");\n script_xref(name:\"RHSA\", value:\"2020:1980\");\n\n script_name(english:\"CentOS 8 : git (CESA-2020:1980)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2020:1980 advisory.\n\n - git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak\n (CVE-2020-11008)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1980\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11008\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-core-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-instaweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-subtree\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perl-Git-SVN\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'git-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-all-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-all-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-doc-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-doc-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-daemon-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-daemon-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-email-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-email-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-gui-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-gui-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-instaweb-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-instaweb-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-subtree-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-subtree-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-svn-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-svn-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitk-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitk-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitweb-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitweb-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-SVN-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-SVN-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'git / git-all / git-core / git-core-doc / git-daemon / git-email / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-06-06T12:31:05", "description": "Security Fix(es) :\n\n - git: Crafted URL containing new lines, empty host or\n lacks a scheme can cause credential leak\n (CVE-2020-11008)", "edition": 2, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-06-01T00:00:00", "title": "Scientific Linux Security Update : git on SL7.x x86_64 (20200529)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11008"], "modified": "2020-06-01T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:git-gnome-keyring", "p-cpe:/a:fermilab:scientific_linux:perl-Git-SVN", "p-cpe:/a:fermilab:scientific_linux:git-svn", "p-cpe:/a:fermilab:scientific_linux:emacs-git-el", "p-cpe:/a:fermilab:scientific_linux:git-p4", "p-cpe:/a:fermilab:scientific_linux:git-email", "p-cpe:/a:fermilab:scientific_linux:gitk", "p-cpe:/a:fermilab:scientific_linux:git-bzr", "p-cpe:/a:fermilab:scientific_linux:git-hg", "p-cpe:/a:fermilab:scientific_linux:git-all", "p-cpe:/a:fermilab:scientific_linux:git-debuginfo", "p-cpe:/a:fermilab:scientific_linux:git-daemon", "p-cpe:/a:fermilab:scientific_linux:git", "p-cpe:/a:fermilab:scientific_linux:git-instaweb", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:git-gui", "p-cpe:/a:fermilab:scientific_linux:perl-Git", "p-cpe:/a:fermilab:scientific_linux:gitweb", "p-cpe:/a:fermilab:scientific_linux:emacs-git", "p-cpe:/a:fermilab:scientific_linux:git-cvs"], "id": "SL_20200529_GIT_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/136991", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136991);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/05\");\n\n script_cve_id(\"CVE-2020-11008\");\n\n script_name(english:\"Scientific Linux Security Update : git on SL7.x x86_64 (20200529)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - git: Crafted URL containing new lines, empty host or\n lacks a scheme can cause credential leak\n (CVE-2020-11008)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2005&L=SCIENTIFIC-LINUX-ERRATA&P=12834\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4c266ec5\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-gnome-keyring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-hg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-instaweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", reference:\"emacs-git-1.8.3.1-23.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"emacs-git-el-1.8.3.1-23.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"git-1.8.3.1-23.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-all-1.8.3.1-23.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-bzr-1.8.3.1-23.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-cvs-1.8.3.1-23.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"git-daemon-1.8.3.1-23.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"git-debuginfo-1.8.3.1-23.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-email-1.8.3.1-23.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"git-gnome-keyring-1.8.3.1-23.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-gui-1.8.3.1-23.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-hg-1.8.3.1-23.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-instaweb-1.8.3.1-23.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"git-p4-1.8.3.1-23.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"git-svn-1.8.3.1-23.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"gitk-1.8.3.1-23.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"gitweb-1.8.3.1-23.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"perl-Git-1.8.3.1-23.el7_8\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"perl-Git-SVN-1.8.3.1-23.el7_8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"emacs-git / emacs-git-el / git / git-all / git-bzr / git-cvs / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-03-25T13:44:29", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2337 advisory.\n\n - git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak (CVE-2020-11008)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "edition": 5, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-08-07T00:00:00", "title": "RHEL 7 : git (RHSA-2020:2337)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11008"], "modified": "2020-08-07T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:git-svn", "p-cpe:/a:redhat:enterprise_linux:perl-Git", "p-cpe:/a:redhat:enterprise_linux:git-all", "p-cpe:/a:redhat:enterprise_linux:emacs-git-el", "p-cpe:/a:redhat:enterprise_linux:git", "p-cpe:/a:redhat:enterprise_linux:perl-Git-SVN", "p-cpe:/a:redhat:enterprise_linux:git-gui", "p-cpe:/a:redhat:enterprise_linux:git-gnome-keyring", "p-cpe:/a:redhat:enterprise_linux:gitk", "p-cpe:/a:redhat:enterprise_linux:git-cvs", "p-cpe:/a:redhat:enterprise_linux:gitweb", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:git-instaweb", "p-cpe:/a:redhat:enterprise_linux:git-hg", "p-cpe:/a:redhat:enterprise_linux:git-p4", "p-cpe:/a:redhat:enterprise_linux:git-bzr", "p-cpe:/a:redhat:enterprise_linux:git-daemon", "p-cpe:/a:redhat:enterprise_linux:git-email", "p-cpe:/a:redhat:enterprise_linux:emacs-git"], "id": "REDHAT-RHSA-2020-2337.NASL", "href": "https://www.tenable.com/plugins/nessus/139378", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2337. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139378);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/24\");\n\n script_cve_id(\"CVE-2020-11008\");\n script_xref(name:\"RHSA\", value:\"2020:2337\");\n\n script_name(english:\"RHEL 7 : git (RHSA-2020:2337)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2337 advisory.\n\n - git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak (CVE-2020-11008)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2337\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1826001\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11008\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs-git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:emacs-git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-bzr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-gnome-keyring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-hg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-instaweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-p4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Git-SVN\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'enterprise_linux_7_client': [\n 'rhel-7-desktop-debug-rpms',\n 'rhel-7-desktop-fastrack-debug-rpms',\n 'rhel-7-desktop-fastrack-rpms',\n 'rhel-7-desktop-fastrack-source-rpms',\n 'rhel-7-desktop-optional-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-rpms',\n 'rhel-7-desktop-optional-fastrack-source-rpms',\n 'rhel-7-desktop-optional-rpms',\n 'rhel-7-desktop-optional-source-rpms',\n 'rhel-7-desktop-rpms',\n 'rhel-7-desktop-source-rpms'\n ],\n 'enterprise_linux_7_computenode': [\n 'rhel-7-for-hpc-node-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-fastrack-rpms',\n 'rhel-7-for-hpc-node-fastrack-source-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-source-rpms',\n 'rhel-7-hpc-node-debug-rpms',\n 'rhel-7-hpc-node-optional-debug-rpms',\n 'rhel-7-hpc-node-optional-rpms',\n 'rhel-7-hpc-node-optional-source-rpms',\n 'rhel-7-hpc-node-rpms',\n 'rhel-7-hpc-node-source-rpms'\n ],\n 'enterprise_linux_7_server': [\n 'rhel-7-for-system-z-a-debug-rpms',\n 'rhel-7-for-system-z-a-optional-debug-rpms',\n 'rhel-7-for-system-z-a-optional-rpms',\n 'rhel-7-for-system-z-a-optional-source-rpms',\n 'rhel-7-for-system-z-a-rpms',\n 'rhel-7-for-system-z-a-source-rpms',\n 'rhel-7-for-system-z-debug-rpms',\n 'rhel-7-for-system-z-fastrack-debug-rpms',\n 'rhel-7-for-system-z-fastrack-rpms',\n 'rhel-7-for-system-z-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-rpms',\n 'rhel-7-for-system-z-optional-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-rpms',\n 'rhel-7-for-system-z-optional-source-rpms',\n 'rhel-7-for-system-z-rpms',\n 'rhel-7-for-system-z-source-rpms',\n 'rhel-7-server-debug-rpms',\n 'rhel-7-server-fastrack-debug-rpms',\n 'rhel-7-server-fastrack-rpms',\n 'rhel-7-server-fastrack-source-rpms',\n 'rhel-7-server-optional-debug-rpms',\n 'rhel-7-server-optional-fastrack-debug-rpms',\n 'rhel-7-server-optional-fastrack-rpms',\n 'rhel-7-server-optional-fastrack-source-rpms',\n 'rhel-7-server-optional-rpms',\n 'rhel-7-server-optional-source-rpms',\n 'rhel-7-server-rpms',\n 'rhel-7-server-source-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-source-rpms',\n 'rhel-ha-for-rhel-7-server-debug-rpms',\n 'rhel-ha-for-rhel-7-server-rpms',\n 'rhel-ha-for-rhel-7-server-source-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-source-rpms',\n 'rhel-rs-for-rhel-7-server-debug-rpms',\n 'rhel-rs-for-rhel-7-server-rpms',\n 'rhel-rs-for-rhel-7-server-source-rpms'\n ],\n 'enterprise_linux_7_workstation': [\n 'rhel-7-workstation-debug-rpms',\n 'rhel-7-workstation-fastrack-debug-rpms',\n 'rhel-7-workstation-fastrack-rpms',\n 'rhel-7-workstation-fastrack-source-rpms',\n 'rhel-7-workstation-optional-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-rpms',\n 'rhel-7-workstation-optional-fastrack-source-rpms',\n 'rhel-7-workstation-optional-rpms',\n 'rhel-7-workstation-optional-source-rpms',\n 'rhel-7-workstation-rpms',\n 'rhel-7-workstation-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:2337');\n}\n\npkgs = [\n {'reference':'emacs-git-1.8.3.1-23.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'emacs-git-el-1.8.3.1-23.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'git-1.8.3.1-23.el7_8', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'git-1.8.3.1-23.el7_8', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'git-all-1.8.3.1-23.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'git-bzr-1.8.3.1-23.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'git-cvs-1.8.3.1-23.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'git-daemon-1.8.3.1-23.el7_8', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'git-daemon-1.8.3.1-23.el7_8', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'git-email-1.8.3.1-23.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'git-gnome-keyring-1.8.3.1-23.el7_8', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'git-gnome-keyring-1.8.3.1-23.el7_8', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'git-gui-1.8.3.1-23.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'git-hg-1.8.3.1-23.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'git-instaweb-1.8.3.1-23.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'git-p4-1.8.3.1-23.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'git-svn-1.8.3.1-23.el7_8', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'git-svn-1.8.3.1-23.el7_8', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'gitk-1.8.3.1-23.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'gitweb-1.8.3.1-23.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'perl-Git-1.8.3.1-23.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']},\n {'reference':'perl-Git-SVN-1.8.3.1-23.el7_8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'emacs-git / emacs-git-el / git / git-all / git-bzr / git-cvs / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-03-25T13:43:37", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1980 advisory.\n\n - git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak (CVE-2020-11008)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "edition": 5, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-04-30T00:00:00", "title": "RHEL 8 : git (RHSA-2020:1980)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11008"], "modified": "2020-04-30T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:git-svn", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:perl-Git", "p-cpe:/a:redhat:enterprise_linux:git-all", "cpe:/o:redhat:rhel_eus:8.4", "p-cpe:/a:redhat:enterprise_linux:git", "p-cpe:/a:redhat:enterprise_linux:git-subtree", "p-cpe:/a:redhat:enterprise_linux:perl-Git-SVN", "p-cpe:/a:redhat:enterprise_linux:git-gui", "p-cpe:/a:redhat:enterprise_linux:gitk", "p-cpe:/a:redhat:enterprise_linux:git-core-doc", "p-cpe:/a:redhat:enterprise_linux:git-debugsource", "cpe:/o:redhat:rhel_e4s:8.2", "p-cpe:/a:redhat:enterprise_linux:gitweb", "p-cpe:/a:redhat:enterprise_linux:git-instaweb", "p-cpe:/a:redhat:enterprise_linux:git-daemon", "p-cpe:/a:redhat:enterprise_linux:git-email", "cpe:/o:redhat:rhel_aus:8.2", "p-cpe:/a:redhat:enterprise_linux:git-core", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_eus:8.2"], "id": "REDHAT-RHSA-2020-1980.NASL", "href": "https://www.tenable.com/plugins/nessus/136181", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1980. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136181);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/24\");\n\n script_cve_id(\"CVE-2020-11008\");\n script_xref(name:\"RHSA\", value:\"2020:1980\");\n\n script_name(english:\"RHEL 8 : git (RHSA-2020:1980)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1980 advisory.\n\n - git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak (CVE-2020-11008)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1980\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1826001\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11008\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-core-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-instaweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-subtree\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Git-SVN\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ],\n 'rhel_eus_8_2_appstream': [\n 'rhel-8-for-aarch64-appstream-eus-debug-rpms',\n 'rhel-8-for-aarch64-appstream-eus-rpms',\n 'rhel-8-for-aarch64-appstream-eus-source-rpms',\n 'rhel-8-for-s390x-appstream-eus-debug-rpms',\n 'rhel-8-for-s390x-appstream-eus-rpms',\n 'rhel-8-for-s390x-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-aus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-aus-rpms',\n 'rhel-8-for-x86_64-appstream-aus-source-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-debug-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-rpms',\n 'rhel-8-for-x86_64-appstream-e4s-source-rpms',\n 'rhel-8-for-x86_64-appstream-eus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-eus-rpms',\n 'rhel-8-for-x86_64-appstream-eus-source-rpms',\n 'rhel-8-for-x86_64-appstream-tus-debug-rpms',\n 'rhel-8-for-x86_64-appstream-tus-rpms',\n 'rhel-8-for-x86_64-appstream-tus-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:1980');\n}\n\npkgs = [\n {'reference':'git-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'git-2.18.4-2.el8_2', 'cpu':'s390x', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'git-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'git-all-2.18.4-2.el8_2', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'git-core-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'git-core-2.18.4-2.el8_2', 'cpu':'s390x', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'git-core-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'git-core-doc-2.18.4-2.el8_2', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'git-daemon-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'git-daemon-2.18.4-2.el8_2', 'cpu':'s390x', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'git-daemon-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'git-debugsource-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'git-debugsource-2.18.4-2.el8_2', 'cpu':'s390x', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'git-debugsource-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'git-email-2.18.4-2.el8_2', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'git-gui-2.18.4-2.el8_2', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'git-instaweb-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'git-instaweb-2.18.4-2.el8_2', 'cpu':'s390x', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'git-instaweb-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'git-subtree-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'git-subtree-2.18.4-2.el8_2', 'cpu':'s390x', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'git-subtree-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'git-svn-2.18.4-2.el8_2', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'git-svn-2.18.4-2.el8_2', 'cpu':'s390x', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'git-svn-2.18.4-2.el8_2', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'gitk-2.18.4-2.el8_2', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'gitweb-2.18.4-2.el8_2', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'perl-Git-2.18.4-2.el8_2', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']},\n {'reference':'perl-Git-SVN-2.18.4-2.el8_2', 'release':'8', 'el_string':'el8_2', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'rhel_eus_8_2_appstream']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'git / git-all / git-core / git-core-doc / git-daemon / git-debugsource / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-21T16:52:27", "description": "An update of the git package has been released.", "edition": 2, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-05-18T00:00:00", "title": "Photon OS 2.0: Git PHSA-2020-2.0-0243", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11008"], "modified": "2020-05-18T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:git", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2020-2_0-0243_GIT.NASL", "href": "https://www.tenable.com/plugins/nessus/136697", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-2.0-0243. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136697);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/19\");\n\n script_cve_id(\"CVE-2020-11008\");\n\n script_name(english:\"Photon OS 2.0: Git PHSA-2020-2.0-0243\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the git package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-243.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11008\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"git-2.23.3-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"git-lang-2.23.3-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-09-14T17:30:38", "description": "From Red Hat Security Advisory 2020:1980 :\n\nThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:1980 advisory.\n\n - git: Crafted URL containing new lines, empty host or\n lacks a scheme can cause credential leak\n (CVE-2020-11008)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 4, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-05-11T00:00:00", "title": "Oracle Linux 8 : git (ELSA-2020-1980)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11008"], "modified": "2020-05-11T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:git-gui", "p-cpe:/a:oracle:linux:gitweb", "p-cpe:/a:oracle:linux:gitk", "p-cpe:/a:oracle:linux:git", "p-cpe:/a:oracle:linux:git-svn", "p-cpe:/a:oracle:linux:git-core", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:git-instaweb", "p-cpe:/a:oracle:linux:git-email", "p-cpe:/a:oracle:linux:git-daemon", "p-cpe:/a:oracle:linux:git-all", "p-cpe:/a:oracle:linux:perl-Git", "p-cpe:/a:oracle:linux:git-core-doc", "p-cpe:/a:oracle:linux:git-subtree", "p-cpe:/a:oracle:linux:perl-Git-SVN"], "id": "ORACLELINUX_ELSA-2020-1980.NASL", "href": "https://www.tenable.com/plugins/nessus/136446", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1980 and \n# Oracle Linux Security Advisory ELSA-2020-1980 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136446);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/05\");\n\n script_cve_id(\"CVE-2020-11008\");\n script_xref(name:\"RHSA\", value:\"2020:1980\");\n\n script_name(english:\"Oracle Linux 8 : git (ELSA-2020-1980)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"From Red Hat Security Advisory 2020:1980 :\n\nThe remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:1980 advisory.\n\n - git: Crafted URL containing new lines, empty host or\n lacks a scheme can cause credential leak\n (CVE-2020-11008)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2020-May/009896.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-core-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-instaweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-subtree\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 8\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"git-2.18.4-2.el8_2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"git-all-2.18.4-2.el8_2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"git-core-2.18.4-2.el8_2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"git-core-doc-2.18.4-2.el8_2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"git-daemon-2.18.4-2.el8_2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"git-email-2.18.4-2.el8_2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"git-gui-2.18.4-2.el8_2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"git-instaweb-2.18.4-2.el8_2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"git-subtree-2.18.4-2.el8_2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"git-svn-2.18.4-2.el8_2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"gitk-2.18.4-2.el8_2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"gitweb-2.18.4-2.el8_2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"perl-Git-2.18.4-2.el8_2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"perl-Git-SVN-2.18.4-2.el8_2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git / git-all / git-core / git-core-doc / git-daemon / git-email / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T09:42:26", "description": "Carlo Arenas discovered a flaw in git, a fast, scalable, distributed\nrevision control system. With a crafted URL that contains a newline or\nempty host, or lacks a scheme, the credential helper machinery can be\nfooled into providing credential information that is not appropriate\nfor the protocol in use and host being contacted.\n\nFor Debian 8 'Jessie', this problem has been fixed in version\n1:2.1.4-2.1+deb8u10.\n\nWe recommend that you upgrade your git packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 6, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-04-24T00:00:00", "title": "Debian DLA-2182-1 : git security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11008"], "modified": "2020-04-24T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:git-core", "p-cpe:/a:debian:debian_linux:git-man", "p-cpe:/a:debian:debian_linux:git-el", "cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:git-email", "p-cpe:/a:debian:debian_linux:git-daemon-run", "p-cpe:/a:debian:debian_linux:git-svn", "p-cpe:/a:debian:debian_linux:gitk", "p-cpe:/a:debian:debian_linux:git-mediawiki", "p-cpe:/a:debian:debian_linux:gitweb", "p-cpe:/a:debian:debian_linux:git-gui", "p-cpe:/a:debian:debian_linux:git-doc", "p-cpe:/a:debian:debian_linux:git", "p-cpe:/a:debian:debian_linux:git-cvs", "p-cpe:/a:debian:debian_linux:git-all", "p-cpe:/a:debian:debian_linux:git-arch", "p-cpe:/a:debian:debian_linux:git-daemon-sysvinit"], "id": "DEBIAN_DLA-2182.NASL", "href": "https://www.tenable.com/plugins/nessus/135939", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2182-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135939);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2020-11008\");\n\n script_name(english:\"Debian DLA-2182-1 : git security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Carlo Arenas discovered a flaw in git, a fast, scalable, distributed\nrevision control system. With a crafted URL that contains a newline or\nempty host, or lacks a scheme, the credential helper machinery can be\nfooled into providing credential information that is not appropriate\nfor the protocol in use and host being contacted.\n\nFor Debian 8 'Jessie', this problem has been fixed in version\n1:2.1.4-2.1+deb8u10.\n\nWe recommend that you upgrade your git packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/04/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/git\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11008\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-arch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-daemon-run\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-daemon-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-mediawiki\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"git\", reference:\"1:2.1.4-2.1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-all\", reference:\"1:2.1.4-2.1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-arch\", reference:\"1:2.1.4-2.1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-core\", reference:\"1:2.1.4-2.1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-cvs\", reference:\"1:2.1.4-2.1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-daemon-run\", reference:\"1:2.1.4-2.1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-daemon-sysvinit\", reference:\"1:2.1.4-2.1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-doc\", reference:\"1:2.1.4-2.1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-el\", reference:\"1:2.1.4-2.1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-email\", reference:\"1:2.1.4-2.1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-gui\", reference:\"1:2.1.4-2.1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-man\", reference:\"1:2.1.4-2.1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-mediawiki\", reference:\"1:2.1.4-2.1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-svn\", reference:\"1:2.1.4-2.1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"gitk\", reference:\"1:2.1.4-2.1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"gitweb\", reference:\"1:2.1.4-2.1+deb8u10\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2021-04-23T01:09:22", "description": "Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their authorized applications in a JSON format (usually GET /oauth/authorized_applications.json). An application is vulnerable if the authorized applications controller is enabled.", "edition": 8, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-05-04T14:15:00", "title": "CVE-2020-10187", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-10187"], "modified": "2020-05-08T15:28:00", "cpe": [], "id": "CVE-2020-10187", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10187", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2021-04-23T01:09:22", "description": "GitLab EE 12.8 and later allows Exposure of Sensitive Information to an Unauthorized Actor via NuGet.", "edition": 9, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 1.4}, "published": "2020-05-07T17:15:00", "title": "CVE-2020-12448", "type": "cve", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-12448"], "modified": "2020-05-11T15:05:00", "cpe": [], "id": "CVE-2020-12448", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12448", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": []}, {"lastseen": "2021-04-23T01:09:51", "description": "xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.", "edition": 17, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-01-21T23:15:00", "title": "CVE-2020-7595", "type": "cve", "cwe": ["CWE-835"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-7595"], "modified": "2021-04-21T17:32:00", "cpe": ["cpe:/a:oracle:real_user_experience_insight:13.3.1.0", "cpe:/a:netapp:snapdrive:-", "cpe:/a:netapp:smi-s_provider:-", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:netapp:h700e_firmware:-", "cpe:/o:fedoraproject:fedora:30", "cpe:/o:canonical:ubuntu_linux:12.04", "cpe:/a:netapp:symantec_netbackup:-", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:netapp:h300s_firmware:-", "cpe:/o:netapp:h410c_firmware:-", "cpe:/o:fedoraproject:fedora:32", "cpe:/a:netapp:steelstore_cloud_integrated_storage:-", "cpe:/o:netapp:h500s_firmware:-", "cpe:/a:netapp:clustered_data_ontap:-", "cpe:/o:canonical:ubuntu_linux:19.10", "cpe:/o:netapp:h500e_firmware:-", "cpe:/a:xmlsoft:libxml2:2.9.10", "cpe:/o:fedoraproject:fedora:31", "cpe:/o:netapp:h300e_firmware:-", "cpe:/o:netapp:h410s_firmware:-", "cpe:/o:netapp:h700s_firmware:-", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2020-7595", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7595", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:xmlsoft:libxml2:2.9.10:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*", "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:real_user_experience_insight:13.3.1.0:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:symantec_netbackup:-:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*"]}, {"lastseen": "2021-04-23T01:09:22", "description": "Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external \"credential helper\" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a \"blank\" pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's \"store\" helper - Git's \"cache\" helper - the \"osxkeychain\" helper that ships in Git's \"contrib\" directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability.", "edition": 15, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-04-21T19:15:00", "title": "CVE-2020-11008", "type": "cve", "cwe": ["CWE-522"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-11008"], "modified": "2020-05-22T19:15:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:canonical:ubuntu_linux:19.10", "cpe:/o:fedoraproject:fedora:31"], "id": "CVE-2020-11008", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11008", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*"]}, {"lastseen": "2021-04-23T01:09:39", "description": "Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the \"signature_algorithms_cert\" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).", "edition": 27, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-04-21T14:15:00", "title": "CVE-2020-1967", "type": "cve", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1967"], "modified": "2021-02-09T15:14:00", "cpe": ["cpe:/a:netapp:oncommand_workflow_automation:-", "cpe:/a:netapp:smi-s_provider:-", "cpe:/a:oracle:mysql_connectors:8.0.20", "cpe:/o:debian:debian_linux:10.0", "cpe:/a:oracle:enterprise_manager_for_storage_management:13.3.0.0", "cpe:/a:netapp:e-series_performance_analyzer:-", "cpe:/a:oracle:mysql_enterprise_monitor:8.0.20", "cpe:/o:fedoraproject:fedora:30", "cpe:/o:netapp:brocade_fabric_operating_system_firmware:-", "cpe:/a:oracle:http_server:12.2.1.4.0", "cpe:/o:opensuse:leap:15.1", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.58", "cpe:/a:oracle:mysql:5.6.48", "cpe:/a:netapp:oncommand_insight:-", "cpe:/a:oracle:mysql_enterprise_monitor:4.0.12", "cpe:/o:fedoraproject:fedora:32", "cpe:/a:netapp:snapcenter:-", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.56", "cpe:/a:oracle:mysql:8.0.20", "cpe:/a:netapp:active_iq_unified_manager:*", "cpe:/a:oracle:mysql_workbench:8.0.21", "cpe:/a:netapp:steelstore_cloud_integrated_storage:-", "cpe:/o:opensuse:leap:15.2", "cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.57", "cpe:/a:oracle:enterprise_manager_for_storage_management:13.4.0.0", "cpe:/a:openssl:openssl:1.1.1f", "cpe:/a:oracle:mysql:5.7.30", "cpe:/o:freebsd:freebsd:12.1", "cpe:/o:fedoraproject:fedora:31", "cpe:/a:oracle:enterprise_manager_ops_center:12.4.0", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2020-1967", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1967", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql_enterprise_monitor:4.0.12:*:*:*:*:*:*:*", "cpe:2.3:o:freebsd:freebsd:12.1:-:*:*:*:*:*:*", "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*", "cpe:2.3:a:openssl:openssl:1.1.1f:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.6.48:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:8.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.30:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:enterprise_manager_for_storage_management:13.3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql_workbench:8.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql_connectors:8.0.20:*:*:*:*:*:*:*"]}], "redhatcve": [{"lastseen": "2021-05-07T17:32:08", "bulletinFamily": "info", "cvelist": ["CVE-2020-7595"], "description": "xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.\n", "modified": "2021-03-21T06:55:27", "published": "2020-02-06T19:14:18", "id": "RH:CVE-2020-7595", "href": "https://access.redhat.com/security/cve/cve-2020-7595", "type": "redhatcve", "title": "CVE-2020-7595", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-05-07T17:31:42", "bulletinFamily": "info", "cvelist": ["CVE-2020-11008"], "description": "A flaw was found in git where credentials can be leaked through the use of a crafted URL. The crafted URL must contain a newline, empty host, or lack a scheme so that the credential helper is fulled into giving the information of a different host to the client. The highest threat from this vulnerability is to data confidentiality.\n", "modified": "2021-03-21T06:56:47", "published": "2020-04-21T01:34:03", "id": "RH:CVE-2020-11008", "href": "https://access.redhat.com/security/cve/cve-2020-11008", "type": "redhatcve", "title": "CVE-2020-11008", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-05-07T17:31:41", "bulletinFamily": "info", "cvelist": ["CVE-2020-1967"], "description": "A NULL pointer dereference flaw was found in the way OpenSSL handled certain TLS handshake messages. This flaw allows an unauthenticated attacker to cause a server application compiled with OpenSSL to crash, causing a denial of service. In some cases a malicious server could also cause a client compiled with OpenSSL to crash.\n", "modified": "2021-04-12T05:49:43", "published": "2020-04-21T13:33:41", "id": "RH:CVE-2020-1967", "href": "https://access.redhat.com/security/cve/cve-2020-1967", "type": "redhatcve", "title": "CVE-2020-1967", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "metasploit": [{"lastseen": "2021-04-17T01:37:15", "description": "\n", "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "Debian: CVE-2020-1967: openssl, openssl1.0 -- security update", "bulletinFamily": "exploit", "cvelist": ["CVE-2020-1967"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/DEBIAN-CVE-2020-1967/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2020-05-01T18:47:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-1967"], "description": "OpenSSL server or client applications are prone to a\n denial-of-service vulnerability.", "modified": "2020-04-22T00:00:00", "published": "2020-04-22T00:00:00", "id": "OPENVAS:1361412562310108753", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108753", "type": "openvas", "title": "OpenSSL: Segmentation fault in SSL_check_chain (CVE-2020-1967) (Linux)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:openssl:openssl\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108753\");\n script_version(\"2020-04-22T06:06:21+0000\");\n script_cve_id(\"CVE-2020-1967\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-22 06:06:21 +0000 (Wed, 22 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-22 06:05:59 +0000 (Wed, 22 Apr 2020)\");\n script_name(\"OpenSSL: Segmentation fault in SSL_check_chain (CVE-2020-1967) (Linux)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_openssl_detect.nasl\", \"gb_openssl_detect_lin.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"openssl/detected\", \"Host/runs_unixoide\");\n\n script_xref(name:\"URL\", value:\"https://www.openssl.org/news/secadv/20200421.txt\");\n script_xref(name:\"URL\", value:\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=eb563247aef3e83dda7679c43f9649270462e5b1\");\n\n script_tag(name:\"summary\", value:\"OpenSSL server or client applications are prone to a\n denial-of-service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Server or client applications that call the SSL_check_chain() function\n during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect\n handling of the 'signature_algorithms_cert' TLS extension. The crash occurs if an invalid or unrecognised\n signature algorithm is received from the peer.\");\n\n script_tag(name:\"impact\", value:\"This could be exploited by a malicious peer in a Denial of\n Service attack.\");\n\n script_tag(name:\"affected\", value:\"OpenSSL versions 1.1.1d, 1.1.1e, and 1.1.1f.\n\n This issue does not impact OpenSSL versions prior to 1.1.1d.\");\n\n script_tag(name:\"solution\", value:\"Update OpenSSL to version 1.1.1g or later. See the references for more details.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif( version_in_range( version:vers, test_version:\"1.1.1d\", test_version2:\"1.1.1f\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"1.1.1g\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-05-01T18:47:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-1967"], "description": "OpenSSL server or client applications are prone to a\n denial-of-service vulnerability.", "modified": "2020-04-22T00:00:00", "published": "2020-04-22T00:00:00", "id": "OPENVAS:1361412562310108752", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108752", "type": "openvas", "title": "OpenSSL: Segmentation fault in SSL_check_chain (CVE-2020-1967) (Windows)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:openssl:openssl\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108752\");\n script_version(\"2020-04-22T06:06:21+0000\");\n script_cve_id(\"CVE-2020-1967\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-22 06:06:21 +0000 (Wed, 22 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-22 06:05:59 +0000 (Wed, 22 Apr 2020)\");\n script_name(\"OpenSSL: Segmentation fault in SSL_check_chain (CVE-2020-1967) (Windows)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_openssl_detect.nasl\", \"gb_openssl_detect_win.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"openssl/detected\", \"Host/runs_windows\");\n\n script_xref(name:\"URL\", value:\"https://www.openssl.org/news/secadv/20200421.txt\");\n script_xref(name:\"URL\", value:\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=eb563247aef3e83dda7679c43f9649270462e5b1\");\n\n script_tag(name:\"summary\", value:\"OpenSSL server or client applications are prone to a\n denial-of-service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Server or client applications that call the SSL_check_chain() function\n during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect\n handling of the 'signature_algorithms_cert' TLS extension. The crash occurs if an invalid or unrecognised\n signature algorithm is received from the peer.\");\n\n script_tag(name:\"impact\", value:\"This could be exploited by a malicious peer in a Denial of\n Service attack.\");\n\n script_tag(name:\"affected\", value:\"OpenSSL versions 1.1.1d, 1.1.1e, and 1.1.1f.\n\n This issue does not impact OpenSSL versions prior to 1.1.1d.\");\n\n script_tag(name:\"solution\", value:\"Update OpenSSL to version 1.1.1g or later. See the references for more details.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif( version_in_range( version:vers, test_version:\"1.1.1d\", test_version2:\"1.1.1f\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"1.1.1g\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-06-08T21:54:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11008"], "description": "The remote host is missing an update for the ", "modified": "2020-06-05T00:00:00", "published": "2020-06-02T00:00:00", "id": "OPENVAS:1361412562310883241", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310883241", "type": "openvas", "title": "CentOS: Security Advisory for emacs-git (CESA-2020:2337)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.883241\");\n script_version(\"2020-06-05T06:49:56+0000\");\n script_cve_id(\"CVE-2020-11008\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-06-05 06:49:56 +0000 (Fri, 05 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-02 03:00:55 +0000 (Tue, 02 Jun 2020)\");\n script_name(\"CentOS: Security Advisory for emacs-git (CESA-2020:2337)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n\n script_xref(name:\"CESA\", value:\"2020:2337\");\n script_xref(name:\"URL\", value:\"https://lists.centos.org/pipermail/centos-announce/2020-June/035743.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'emacs-git'\n package(s) announced via the CESA-2020:2337 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Git is a distributed revision control system with a decentralized\narchitecture. As opposed to centralized version control systems with a\nclient-server model, Git ensures that each working copy of a Git repository\nis an exact copy with complete revision history. This not only allows the\nuser to work on and contribute to projects without the need to have\npermission to push the changes to their official repositories, but also\nmakes it possible for the user to work with no network connection.\n\nSecurity Fix(es):\n\n * git: Crafted URL containing new lines, empty host or lacks a scheme can\ncause credential leak (CVE-2020-11008)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\");\n\n script_tag(name:\"affected\", value:\"'emacs-git' package(s) on CentOS 7.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"CentOS7\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-git\", rpm:\"emacs-git~1.8.3.1~23.el7_8\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"emacs-git-el\", rpm:\"emacs-git-el~1.8.3.1~23.el7_8\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git\", rpm:\"git~1.8.3.1~23.el7_8\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-all\", rpm:\"git-all~1.8.3.1~23.el7_8\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-bzr\", rpm:\"git-bzr~1.8.3.1~23.el7_8\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-cvs\", rpm:\"git-cvs~1.8.3.1~23.el7_8\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-daemon\", rpm:\"git-daemon~1.8.3.1~23.el7_8\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-email\", rpm:\"git-email~1.8.3.1~23.el7_8\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-gnome-keyring\", rpm:\"git-gnome-keyring~1.8.3.1~23.el7_8\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-gui\", rpm:\"git-gui~1.8.3.1~23.el7_8\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-hg\", rpm:\"git-hg~1.8.3.1~23.el7_8\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-instaweb\", rpm:\"git-instaweb~1.8.3.1~23.el7_8\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gitk\", rpm:\"gitk~1.8.3.1~23.el7_8\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-p4\", rpm:\"git-p4~1.8.3.1~23.el7_8\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"git-svn\", rpm:\"git-svn~1.8.3.1~23.el7_8\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gitweb\", rpm:\"gitweb~1.8.3.1~23.el7_8\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Git\", rpm:\"perl-Git~1.8.3.1~23.el7_8\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perl-Git-SVN\", rpm:\"perl-Git-SVN~1.8.3.1~23.el7_8\", rls:\"CentOS7\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-01T19:15:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11008"], "description": "The remote host is missing an update for the ", "modified": "2020-04-21T00:00:00", "published": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310704659", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704659", "type": "openvas", "title": "Debian: Security Advisory for git (DSA-4659-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704659\");\n script_version(\"2020-04-21T03:00:10+0000\");\n script_cve_id(\"CVE-2020-11008\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 03:00:10 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-21 03:00:10 +0000 (Tue, 21 Apr 2020)\");\n script_name(\"Debian: Security Advisory for git (DSA-4659-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(10|9)\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2020/dsa-4659.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4659-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'git'\n package(s) announced via the DSA-4659-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Carlo Arenas discovered a flaw in git, a fast, scalable, distributed\nrevision control system. With a crafted URL that contains a newline or\nempty host, or lacks a scheme, the credential helper machinery can be\nfooled into providing credential information that is not appropriate for\nthe protocol in use and host being contacted.\");\n\n script_tag(name:\"affected\", value:\"'git' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the oldstable distribution (stretch), this problem has been fixed\nin version 1:2.11.0-3+deb9u7.\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 1:2.20.1-2+deb10u3.\n\nWe recommend that you upgrade your git packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"git\", ver:\"1:2.20.1-2+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-all\", ver:\"1:2.20.1-2+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-cvs\", ver:\"1:2.20.1-2+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-daemon-run\", ver:\"1:2.20.1-2+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-daemon-sysvinit\", ver:\"1:2.20.1-2+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-doc\", ver:\"1:2.20.1-2+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-el\", ver:\"1:2.20.1-2+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-email\", ver:\"1:2.20.1-2+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-gui\", ver:\"1:2.20.1-2+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-man\", ver:\"1:2.20.1-2+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-mediawiki\", ver:\"1:2.20.1-2+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-svn\", ver:\"1:2.20.1-2+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"gitk\", ver:\"1:2.20.1-2+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"gitweb\", ver:\"1:2.20.1-2+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git\", ver:\"1:2.11.0-3+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-all\", ver:\"1:2.11.0-3+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-arch\", ver:\"1:2.11.0-3+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-core\", ver:\"1:2.11.0-3+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-cvs\", ver:\"1:2.11.0-3+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-daemon-run\", ver:\"1:2.11.0-3+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-daemon-sysvinit\", ver:\"1:2.11.0-3+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-doc\", ver:\"1:2.11.0-3+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-el\", ver:\"1:2.11.0-3+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-email\", ver:\"1:2.11.0-3+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-gui\", ver:\"1:2.11.0-3+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-man\", ver:\"1:2.11.0-3+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-mediawiki\", ver:\"1:2.11.0-3+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-svn\", ver:\"1:2.11.0-3+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"gitk\", ver:\"1:2.11.0-3+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"gitweb\", ver:\"1:2.11.0-3+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-01T19:13:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11008"], "description": "The remote host is missing an update for the ", "modified": "2020-04-26T00:00:00", "published": "2020-04-22T00:00:00", "id": "OPENVAS:1361412562310844397", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844397", "type": "openvas", "title": "Ubuntu: Security Advisory for git (USN-4334-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844397\");\n script_version(\"2020-04-26T06:11:04+0000\");\n script_cve_id(\"CVE-2020-11008\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-04-26 06:11:04 +0000 (Sun, 26 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-22 03:01:09 +0000 (Wed, 22 Apr 2020)\");\n script_name(\"Ubuntu: Security Advisory for git (USN-4334-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU19\\.10|UBUNTU18\\.04 LTS|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4334-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-April/005396.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'git'\n package(s) announced via the USN-4334-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Carlo Arenas discovered that Git incorrectly handled certain URLs\ncontaining newlines, empty hosts, or lacking a scheme. A remote attacker\ncould possibly use this issue to trick Git into returning credential\ninformation for a wrong host.\");\n\n script_tag(name:\"affected\", value:\"'git' package(s) on Ubuntu 19.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU19.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"git\", ver:\"1:2.20.1-2ubuntu1.19.10.3\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"git\", ver:\"1:2.17.1-1ubuntu0.7\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"git\", ver:\"1:2.7.4-0ubuntu1.9\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-01T19:14:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-11008"], "description": "The remote host is missing an update for the ", "modified": "2020-04-24T00:00:00", "published": "2020-04-24T00:00:00", "id": "OPENVAS:1361412562310892182", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892182", "type": "openvas", "title": "Debian LTS: Security Advisory for git (DLA-2182-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892182\");\n script_version(\"2020-04-24T03:00:07+0000\");\n script_cve_id(\"CVE-2020-11008\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-04-24 03:00:07 +0000 (Fri, 24 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-24 03:00:07 +0000 (Fri, 24 Apr 2020)\");\n script_name(\"Debian LTS: Security Advisory for git (DLA-2182-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2020/04/msg00015.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-2182-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'git'\n package(s) announced via the DLA-2182-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Carlo Arenas discovered a flaw in git, a fast, scalable, distributed\nrevision control system. With a crafted URL that contains a newline or\nempty host, or lacks a scheme, the credential helper machinery can be\nfooled into providing credential information that is not appropriate for\nthe protocol in use and host being contacted.\");\n\n script_tag(name:\"affected\", value:\"'git' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', this problem has been fixed in version\n1:2.1.4-2.1+deb8u10.\n\nWe recommend that you upgrade your git packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"git\", ver:\"1:2.1.4-2.1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-all\", ver:\"1:2.1.4-2.1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-arch\", ver:\"1:2.1.4-2.1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-core\", ver:\"1:2.1.4-2.1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-cvs\", ver:\"1:2.1.4-2.1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-daemon-run\", ver:\"1:2.1.4-2.1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-daemon-sysvinit\", ver:\"1:2.1.4-2.1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-doc\", ver:\"1:2.1.4-2.1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-el\", ver:\"1:2.1.4-2.1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-email\", ver:\"1:2.1.4-2.1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-gui\", ver:\"1:2.1.4-2.1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-man\", ver:\"1:2.1.4-2.1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-mediawiki\", ver:\"1:2.1.4-2.1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-svn\", ver:\"1:2.1.4-2.1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"gitk\", ver:\"1:2.1.4-2.1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"gitweb\", ver:\"1:2.1.4-2.1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-07-21T19:55:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-7595"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-07-03T00:00:00", "published": "2020-07-03T00:00:00", "id": "OPENVAS:1361412562311220201768", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201768", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2020-1768)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1768\");\n script_version(\"2020-07-03T06:22:57+0000\");\n script_cve_id(\"CVE-2020-7595\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-07-03 06:22:57 +0000 (Fri, 03 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-03 06:22:57 +0000 (Fri, 03 Jul 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2020-1768)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.6\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1768\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1768\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libxml2' package(s) announced via the EulerOS-SA-2020-1768 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.(CVE-2020-7595)\");\n\n script_tag(name:\"affected\", value:\"'libxml2' package(s) on Huawei EulerOS Virtualization 3.0.6.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.6.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.1~6.3.h24.eulerosv2r7\", rls:\"EULEROSVIRT-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.1~6.3.h24.eulerosv2r7\", rls:\"EULEROSVIRT-3.0.6.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.9.1~6.3.h24.eulerosv2r7\", rls:\"EULEROSVIRT-3.0.6.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-24T16:53:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-7595"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-03-24T00:00:00", "published": "2020-03-24T00:00:00", "id": "OPENVAS:1361412562311220201310", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201310", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2020-1310)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1310\");\n script_version(\"2020-03-24T07:30:02+0000\");\n script_cve_id(\"CVE-2020-7595\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-24 07:30:02 +0000 (Tue, 24 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-24 07:30:02 +0000 (Tue, 24 Mar 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2020-1310)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1310\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1310\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libxml2' package(s) announced via the EulerOS-SA-2020-1310 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.(CVE-2020-7595)\");\n\n script_tag(name:\"affected\", value:\"'libxml2' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.1~6.3.h23.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.1~6.3.h23.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.9.1~6.3.h23.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-06-04T15:49:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-1967"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-06-03T00:00:00", "published": "2020-06-03T00:00:00", "id": "OPENVAS:1361412562311220201613", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201613", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for openssl111d (EulerOS-SA-2020-1613)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1613\");\n script_version(\"2020-06-03T06:06:05+0000\");\n script_cve_id(\"CVE-2020-1967\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-03 06:06:05 +0000 (Wed, 03 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-03 06:06:05 +0000 (Wed, 03 Jun 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for openssl111d (EulerOS-SA-2020-1613)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1613\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1613\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'openssl111d' package(s) announced via the EulerOS-SA-2020-1613 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the 'signature_algorithms_cert' TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).(CVE-2020-1967)\");\n\n script_tag(name:\"affected\", value:\"'openssl111d' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl111d\", rpm:\"openssl111d~1.1.1d~2.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl111d-devel\", rpm:\"openssl111d-devel~1.1.1d~2.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl111d-libs\", rpm:\"openssl111d-libs~1.1.1d~2.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl111d-static\", rpm:\"openssl111d-static~1.1.1d~2.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-21T19:27:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-1967"], "description": "The remote host is missing an update for the ", "modified": "2020-07-09T00:00:00", "published": "2020-07-07T00:00:00", "id": "OPENVAS:1361412562310853254", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310853254", "type": "openvas", "title": "openSUSE: Security Advisory for rust, (openSUSE-SU-2020:0933-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.853254\");\n script_version(\"2020-07-09T12:15:58+0000\");\n script_cve_id(\"CVE-2020-1967\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-07-09 12:15:58 +0000 (Thu, 09 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-07 03:01:09 +0000 (Tue, 07 Jul 2020)\");\n script_name(\"openSUSE: Security Advisory for rust, (openSUSE-SU-2020:0933-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2020:0933-1\");\n script_xref(name:\"URL\", value:\"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rust, '\n package(s) announced via the openSUSE-SU-2020:0933-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for rust, rust-cbindgen fixes the following issues:\n\n rust was updated for use by Firefox 76ESR.\n\n - Fixed miscompilations with rustc 1.43 that lead to LTO failures\n (bsc#1173202)\n\n Update to version 1.43.1\n\n - Updated openssl-src to 1.1.1g for CVE-2020-1967.\n\n - Fixed the stabilization of AVX-512 features.\n\n - Fixed `cargo package --list` not working with unpublished dependencies.\n\n Update to version 1.43.0\n\n + Language:\n\n - Fixed using binary operations with `&{number}` (e.g. `&1.0`) not having\n the type inferred correctly.\n\n - Attributes such as `#[cfg()]` can now be used on `if` expressions.\n\n - Syntax only changes:\n\n * Allow `type Foo: Ord` syntactically.\n\n * Fuse associated and extern items up to defaultness.\n\n * Syntactically allow `self` in all `fn` contexts.\n\n * Merge `fn` syntax + cleanup item parsing.\n\n * `item` macro fragments can be interpolated into `trait`s, `impl`s, and\n `extern` blocks. For example, you may now write: ```rust macro_rules!\n mac_trait { ($i:item) => { trait T { $i } } } mac_trait! { fn foo() {}\n } ```\n\n * These are still rejected *semantically*, so you will likely receive an\n error but these changes can be seen and parsed by macros and\n conditional compilation.\n\n + Compiler\n\n - You can now pass multiple lint flags to rustc to override the previous\n flags.\n\n For example, `rustc -D unused -A unused-variables` denies everything in\n the `unused` lint group except `unused-variables` which is explicitly\n allowed. However, passing `rustc -A unused-variables -D unused` denies\n everything in the `unused` lint group **including** `unused-variables`\n since the allow flag is specified before the deny flag (and therefore\n overridden).\n\n - rustc will now prefer your system MinGW libraries over its bundled\n libraries if they are available on `windows-gnu`.\n\n - rustc now buffers errors/warnings printed in JSON.\n\n Libraries:\n\n - `Arc<[T, N]>`, `Box<[T, N]>`, and `Rc<[T, N]>`, now implement\n `TryFrom<Arc<[T]>>`, `TryFrom<Box<[T]>>`, and `TryFrom<Rc<[T]>>`\n respectively.\n **Note** These conversions are only available when `N` is `0..=32`.\n\n - You can now use associated constants on floats and integers directly,\n rather than having to import the module. e.g. You can now write\n `u32::MAX` or `f32::NAN` with no imports.\n\n - `u8::is_ascii` is now `const`.\n\n - `String` now implements `AsMut<str>`.\n\n - Added the `primitive` module to `std` and `core`. This module reexports\n Rust's primitive types. This is mainly useful in macros where you want\n avoid these types being shadowed.\n\n - Relaxed some of the trait bounds on `HashMap` and `HashSe ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'rust, ' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"cargo\", rpm:\"cargo~1.43.1~lp151.5.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"clippy\", rpm:\"clippy~1.43.1~lp151.5.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rls\", rpm:\"rls~1.43.1~lp151.5.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rust\", rpm:\"rust~1.43.1~lp151.5.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rust-analysis\", rpm:\"rust-analysis~1.43.1~lp151.5.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rust-doc\", rpm:\"rust-doc~1.43.1~lp151.5.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rust-gdb\", rpm:\"rust-gdb~1.43.1~lp151.5.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rust-std-static\", rpm:\"rust-std-static~1.43.1~lp151.5.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rustfmt\", rpm:\"rustfmt~1.43.1~lp151.5.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cargo-doc\", rpm:\"cargo-doc~1.43.1~lp151.5.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rust-src\", rpm:\"rust-src~1.43.1~lp151.5.13.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ust-cbindgen\", rpm:\"ust-cbindgen~0.14.1~lp151.8.2\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "github": [{"lastseen": "2020-05-09T12:06:33", "bulletinFamily": "software", "cvelist": ["CVE-2020-10187"], "description": "### Impact\nInformation disclosure vulnerability. Allows an attacker to see all `Doorkeeper::Application` model attribute values (including secrets) using authorized applications controller if it's enabled (GET /oauth/authorized_applications.json).\n\n### Patches\n\nThese versions have the fix:\n\n* 5.0.3\n* 5.1.1\n* 5.2.5\n* 5.3.2\n\n### Workarounds\nPatch `Doorkeeper::Application` model `#as_json(options = {})` method and define only those attributes you want to expose.\n\nAdditional recommended hardening is to enable application secrets hashing ([guide](https://doorkeeper.gitbook.io/guides/security/token-and-application-secrets)), available since Doorkeeper 5.1. This would render the exposed secret useless.\n\n### References\n\n- Commit with fix: https://github.com/doorkeeper-gem/doorkeeper/commit/25d038022c2fcad45af5b73f9d003cf38ff491f6\n- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10187", "edition": 2, "modified": "2020-05-07T21:11:07", "published": "2020-05-07T21:11:07", "id": "GHSA-J7VX-8MQJ-CQP9", "href": "https://github.com/advisories/GHSA-j7vx-8mqj-cqp9", "title": "Exposure of Sensitive Information to an Unauthorized Actor in Doorkeeper", "type": "github", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-04-06T23:39:16", "bulletinFamily": "software", "cvelist": ["CVE-2020-7595"], "description": "xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.\nThe Nokogiri RubyGem has patched it's vendored copy of libxml2 in order to prevent this issue from affecting nokogiri.", "edition": 4, "modified": "2020-02-28T22:22:37", "published": "2020-02-24T19:12:36", "id": "GHSA-7553-JR98-VX47", "href": "https://github.com/advisories/GHSA-7553-jr98-vx47", "title": "libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation", "type": "github", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cloudfoundry": [{"lastseen": "2020-06-03T01:24:16", "bulletinFamily": "software", "cvelist": ["CVE-2020-11008"], "description": "# \n\n## Severity\n\nMedium\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 16.04\n * Canonical Ubuntu 18.04\n\n## Description\n\nCarlo Arenas discovered that Git incorrectly handled certain URLs containing newlines, empty hosts, or lacking a scheme. A remote attacker could possibly use this issue to trick Git into returning credential information for a wrong host.\n\nCVEs contained in this USN include: CVE-2020-11008.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * cflinuxfs3 \n * All versions prior to 0.176.0\n * CF Deployment \n * All versions prior to v13.0.0\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * cflinuxfs3 \n * Upgrade All versions to 0.176.0 or greater\n * CF Deployment \n * Upgrade All versions to v13.0.0 or greater\n\n## References\n\n * [USN Notice](<https://usn.ubuntu.com/4334-1/>)\n * [CVE-2020-11008](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11008>)\n\n## History\n\n2020-04-21: Initial vulnerability report published.\n", "edition": 1, "modified": "2020-05-14T00:00:00", "published": "2020-05-14T00:00:00", "id": "CFOUNDRY:D1D550B51309082EBFC8E66297C71640", "href": "https://www.cloudfoundry.org/blog/usn-4334-1/", "title": "USN-4334-1: Git vulnerability | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "redhat": [{"lastseen": "2020-05-01T15:46:48", "bulletinFamily": "unix", "cvelist": ["CVE-2020-11008"], "description": "Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nThe following packages have been upgraded to a later upstream version: git (2.18.4). (BZ#1826008)\n\nSecurity Fix(es):\n\n* git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak (CVE-2020-11008)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-04-30T14:14:41", "published": "2020-04-30T13:14:07", "id": "RHSA-2020:1980", "href": "https://access.redhat.com/errata/RHSA-2020:1980", "type": "redhat", "title": "(RHSA-2020:1980) Important: git security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-01T15:48:47", "bulletinFamily": "unix", "cvelist": ["CVE-2020-11008"], "description": "Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nThe following packages have been upgraded to a later upstream version: rh-git218-git (2.18.4). (BZ#1826010)\n\nSecurity Fix(es):\n\n* git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak (CVE-2020-11008)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-04-29T23:33:12", "published": "2020-04-29T23:15:43", "id": "RHSA-2020:1975", "href": "https://access.redhat.com/errata/RHSA-2020:1975", "type": "redhat", "title": "(RHSA-2020:1975) Important: rh-git218-git security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-28T19:52:04", "bulletinFamily": "unix", "cvelist": ["CVE-2020-11008"], "description": "Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nSecurity Fix(es):\n\n* git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak (CVE-2020-11008)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-05-28T22:49:25", "published": "2020-05-28T22:12:43", "id": "RHSA-2020:2337", "href": "https://access.redhat.com/errata/RHSA-2020:2337", "type": "redhat", "title": "(RHSA-2020:2337) Important: git security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-01T15:47:31", "bulletinFamily": "unix", "cvelist": ["CVE-2020-11008"], "description": "Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nThe following packages have been upgraded to a later upstream version: git (2.18.4). (BZ#1826006)\n\nSecurity Fix(es):\n\n* git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak (CVE-2020-11008)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-04-30T14:14:36", "published": "2020-04-30T13:12:15", "id": "RHSA-2020:1978", "href": "https://access.redhat.com/errata/RHSA-2020:1978", "type": "redhat", "title": "(RHSA-2020:1978) Important: git security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-01T15:46:37", "bulletinFamily": "unix", "cvelist": ["CVE-2020-11008"], "description": "Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nThe following packages have been upgraded to a later upstream version: git (2.18.4). (BZ#1826007)\n\nSecurity Fix(es):\n\n* git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak (CVE-2020-11008)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-04-30T13:33:15", "published": "2020-04-30T13:14:06", "id": "RHSA-2020:1979", "href": "https://access.redhat.com/errata/RHSA-2020:1979", "type": "redhat", "title": "(RHSA-2020:1979) Important: git security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-08-31T10:07:42", "bulletinFamily": "unix", "cvelist": ["CVE-2020-11008", "CVE-2020-5260"], "description": "Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nSecurity Fix(es):\n\n* git: Crafted URL containing new lines can cause credential leak (CVE-2020-5260)\n\n* git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak (CVE-2020-11008)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-08-31T12:41:02", "published": "2020-08-31T12:20:35", "id": "RHSA-2020:3581", "href": "https://access.redhat.com/errata/RHSA-2020:3581", "type": "redhat", "title": "(RHSA-2020:3581) Important: git security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "oraclelinux": [{"lastseen": "2020-05-08T08:47:19", "bulletinFamily": "unix", "cvelist": ["CVE-2020-11008"], "description": "[2.18.4-2]\n- Update to release 2.18.4\n- Resolves: CVE-2020-11008", "edition": 1, "modified": "2020-05-07T00:00:00", "published": "2020-05-07T00:00:00", "id": "ELSA-2020-1980", "href": "http://linux.oracle.com/errata/ELSA-2020-1980.html", "title": "git security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-29T11:26:35", "bulletinFamily": "unix", "cvelist": ["CVE-2020-11008"], "description": "[1.8.3.1-23]\n- Prevent crafted URL containing new lines, empty host or lacks a scheme\n to cause credential leak.\n Resolves: CVE-2020-11008", "edition": 2, "modified": "2020-05-29T00:00:00", "published": "2020-05-29T00:00:00", "id": "ELSA-2020-2337", "href": "http://linux.oracle.com/errata/ELSA-2020-2337.html", "title": "git security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "debian": [{"lastseen": "2020-09-22T13:09:27", "bulletinFamily": "unix", "cvelist": ["CVE-2020-11008"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4659-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nApril 20, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : git\nCVE ID : CVE-2020-11008\n\nCarlo Arenas discovered a flaw in git, a fast, scalable, distributed\nrevision control system. With a crafted URL that contains a newline or\nempty host, or lacks a scheme, the credential helper machinery can be\nfooled into providing credential information that is not appropriate for\nthe protocol in use and host being contacted.\n\nFor the oldstable distribution (stretch), this problem has been fixed\nin version 1:2.11.0-3+deb9u7.\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 1:2.20.1-2+deb10u3.\n\nWe recommend that you upgrade your git packages.\n\nFor the detailed security status of git please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/git\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 10, "modified": "2020-04-20T18:50:48", "published": "2020-04-20T18:50:48", "id": "DEBIAN:DSA-4659-1:D7192", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2020/msg00062.html", "title": "[SECURITY] [DSA 4659-1] git security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-08-12T01:02:12", "bulletinFamily": "unix", "cvelist": ["CVE-2020-11008"], "description": "Package : git\nVersion : 1:2.1.4-2.1+deb8u10\nCVE ID : CVE-2020-11008\n\n\nCarlo Arenas discovered a flaw in git, a fast, scalable, distributed\nrevision control system. With a crafted URL that contains a newline or\nempty host, or lacks a scheme, the credential helper machinery can be\nfooled into providing credential information that is not appropriate for\nthe protocol in use and host being contacted.\n\nFor Debian 8 "Jessie", this problem has been fixed in version\n1:2.1.4-2.1+deb8u10.\n\nWe recommend that you upgrade your git packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 8, "modified": "2020-04-24T00:39:18", "published": "2020-04-24T00:39:18", "id": "DEBIAN:DLA-2182-1:FA6ED", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202004/msg00015.html", "title": "[SECURITY] [DLA 2182-1] git security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-02-18T01:13:15", "bulletinFamily": "unix", "cvelist": ["CVE-2020-1967"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4661-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nApril 21, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openssl\nCVE ID : CVE-2020-1967\n\nBernd Edlinger discovered that malformed data passed to the\nSSL_check_chain() function during or after a TLS 1.3 handshake could\ncause a NULL dereference, resulting in denial of service.\n\nThe oldstable distribution (stretch) is not affected.\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 1.1.1d-0+deb10u3.\n\nWe recommend that you upgrade your openssl packages.\n\nFor the detailed security status of openssl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openssl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 15, "modified": "2020-04-21T13:58:28", "published": "2020-04-21T13:58:28", "id": "DEBIAN:DSA-4661-1:70270", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2020/msg00064.html", "title": "[SECURITY] [DSA 4661-1] openssl security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "centos": [{"lastseen": "2020-06-01T21:25:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-11008"], "description": "**CentOS Errata and Security Advisory** CESA-2020:2337\n\n\nGit is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nSecurity Fix(es):\n\n* git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak (CVE-2020-11008)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2020-June/035743.html\n\n**Affected packages:**\nemacs-git\nemacs-git-el\ngit\ngit-all\ngit-bzr\ngit-cvs\ngit-daemon\ngit-email\ngit-gnome-keyring\ngit-gui\ngit-hg\ngit-instaweb\ngit-p4\ngit-svn\ngitk\ngitweb\nperl-Git\nperl-Git-SVN\n\n**Upstream details at:**\n", "edition": 1, "modified": "2020-06-01T17:28:40", "published": "2020-06-01T17:28:40", "id": "CESA-2020:2337", "href": "http://lists.centos.org/pipermail/centos-announce/2020-June/035743.html", "title": "emacs, git, gitk, gitweb, perl security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "ubuntu": [{"lastseen": "2020-07-02T11:36:56", "bulletinFamily": "unix", "cvelist": ["CVE-2020-11008"], "description": "Carlo Arenas discovered that Git incorrectly handled certain URLs \ncontaining newlines, empty hosts, or lacking a scheme. A remote attacker \ncould possibly use this issue to trick Git into returning credential \ninformation for a wrong host.", "edition": 3, "modified": "2020-04-21T00:00:00", "published": "2020-04-21T00:00:00", "id": "USN-4334-1", "href": "https://ubuntu.com/security/notices/USN-4334-1", "title": "Git vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "freebsd": [{"lastseen": "2020-06-04T17:21:31", "bulletinFamily": "unix", "cvelist": ["CVE-2020-11008"], "description": "\ngit security advisory reports:\n\nGit uses external \"credential helper\" programs to store and retrieve passwords or\n\t other credentials from secure storage provided by the operating system. Specially-crafted\n\t URLs that are considered illegal as of the recently published Git versions can cause Git\n\t to send a \"blank\" pattern to helpers, missing hostname and protocol fields. Many helpers\n\t will interpret this as matching any URL, and will return some unspecified stored password,\n\t leaking the password to an attacker's server.\n\n", "edition": 1, "modified": "2020-04-20T00:00:00", "published": "2020-04-20T00:00:00", "id": "67765237-8470-11EA-A283-B42E99A1B9C3", "href": "https://vuxml.freebsd.org/freebsd/67765237-8470-11ea-a283-b42e99a1b9c3.html", "title": "malicious URLs can cause git to send a stored credential to wrong server", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-01T20:46:13", "bulletinFamily": "unix", "cvelist": ["CVE-2020-1967"], "description": "\nProblem Description:\nServer or client applications that call the SSL_check_chain()\n\tfunction during or after a TLS 1.3 handshake may crash due to a NULL\n\tpointer dereference as a result of incorrect handling of the\n\t\"signature_algorithms_cert\" TLS extension. The crash occurs if an\n\tinvalid or unrecognized signature algorithm is received from the\n\tpeer.\nImpact:\nA malicious peer could exploit the NULL pointer dereference crash,\n\tcausing a denial of service attack.\n", "edition": 4, "modified": "2020-04-22T00:00:00", "published": "2020-04-21T00:00:00", "id": "012809CE-83F3-11EA-92AB-00163E433440", "href": "https://vuxml.freebsd.org/freebsd/012809ce-83f3-11ea-92ab-00163e433440.html", "title": "OpenSSL remote denial of service vulnerability", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "apple": [{"lastseen": "2020-12-24T20:44:01", "bulletinFamily": "software", "cvelist": ["CVE-2020-11008"], "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## Xcode 11.5\n\nReleased May 20, 2020\n\n**Git**\n\nAvailable for: macOS Catalina 10.15.2 and later\n\nImpact: A crafted git URL that contains a newline in it may cause credential information to be provided for the wrong host\n\nDescription: This issue was addressed by forbidding a newline character in any value passed via the credential protocol.\n\nCVE-2020-11008: Carlo Arenas\n", "edition": 2, "modified": "2020-05-20T05:26:39", "published": "2020-05-20T05:26:39", "id": "APPLE:HT211183", "href": "https://support.apple.com/kb/HT211183", "title": "About the security content of Xcode 11.5 - Apple Support", "type": "apple", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "suse": [{"lastseen": "2020-07-07T13:24:43", "bulletinFamily": "unix", "cvelist": ["CVE-2020-1967"], "description": "This update for rust, rust-cbindgen fixes the following issues:\n\n rust was updated for use by Firefox 76ESR.\n\n - Fixed miscompilations with rustc 1.43 that lead to LTO failures\n (bsc#1173202)\n\n Update to version 1.43.1\n\n - Updated openssl-src to 1.1.1g for CVE-2020-1967.\n - Fixed the stabilization of AVX-512 features.\n - Fixed `cargo package --list` not working with unpublished dependencies.\n\n Update to version 1.43.0\n\n + Language:\n\n - Fixed using binary operations with `&{number}` (e.g. `&1.0`) not having\n the type inferred correctly.\n - Attributes such as `#[cfg()]` can now be used on `if` expressions.\n - Syntax only changes:\n * Allow `type Foo: Ord` syntactically.\n * Fuse associated and extern items up to defaultness.\n * Syntactically allow `self` in all `fn` contexts.\n * Merge `fn` syntax + cleanup item parsing.\n * `item` macro fragments can be interpolated into `trait`s, `impl`s, and\n `extern` blocks. For example, you may now write: ```rust macro_rules!\n mac_trait { ($i:item) => { trait T { $i } } } mac_trait! { fn foo() {}\n } ```\n * These are still rejected *semantically*, so you will likely receive an\n error but these changes can be seen and parsed by macros and\n conditional compilation.\n\n + Compiler\n\n - You can now pass multiple lint flags to rustc to override the previous\n flags.\n\n For example; `rustc -D unused -A unused-variables` denies everything in\n the `unused` lint group except `unused-variables` which is explicitly\n allowed. However, passing `rustc -A unused-variables -D unused` denies\n everything in the `unused` lint group **including** `unused-variables`\n since the allow flag is specified before the deny flag (and therefore\n overridden).\n - rustc will now prefer your system MinGW libraries over its bundled\n libraries if they are available on `windows-gnu`.\n - rustc now buffers errors/warnings printed in JSON.\n\n Libraries:\n\n - `Arc<[T; N]>`, `Box<[T; N]>`, and `Rc<[T; N]>`, now implement\n `TryFrom<Arc<[T]>>`,`TryFrom<Box<[T]>>`, and `TryFrom<Rc<[T]>>`\n respectively.\n **Note** These conversions are only available when `N` is `0..=32`.\n - You can now use associated constants on floats and integers directly,\n rather than having to import the module. e.g. You can now write\n `u32::MAX` or `f32::NAN` with no imports.\n - `u8::is_ascii` is now `const`.\n - `String` now implements `AsMut<str>`.\n - Added the `primitive` module to `std` and `core`. This module reexports\n Rust's primitive types. This is mainly useful in macros where you want\n avoid these types being shadowed.\n - Relaxed some of the trait bounds on `HashMap` and `HashSet`.\n - `string::FromUtf8Error` now implements `Clone + Eq`.\n\n + Stabilized APIs\n\n - `Once::is_completed`\n - `f32::LOG10_2`\n - `f32::LOG2_10`\n - `f64::LOG10_2`\n - `f64::LOG2_10`\n - `iter::once_with`\n\n + Cargo\n\n - You can now set config `[profile]`s in your `.cargo/config`,\n or through your environment.\n - Cargo will now set `CARGO_BIN_EXE_<name>` pointing to a binary's\n executable path when running integration tests or benchmarks. `<name>`\n is the name of your binary as-is e.g. If you wanted the executable\n path for a binary named `my-program`you would use\n `env!("CARGO_BIN_EXE_my-program")`.\n\n + Misc\n\n - Certain checks in the `const_err` lint were deemed unrelated to const\n evaluation, and have been moved to the `unconditional_panic` and\n `arithmetic_overflow` lints.\n\n + Compatibility Notes\n\n - Having trailing syntax in the `assert!` macro is now a hard error.\n This has been a warning since 1.36.0.\n - Fixed `Self` not having the correctly inferred type. This incorrectly\n led to some instances being accepted, and now correctly emits a hard\n error.\n\n Update to version 1.42.0:\n\n + Language\n\n - You can now use the slice pattern syntax with subslices.\n - You can now use #[repr(transparent)] on univariant enums. Meaning that\n you can create an enum that has the exact layout and ABI of the type\n it contains.\n - There are some syntax-only changes:\n * default is syntactically allowed before items in trait definitions.\n * Items in impls (i.e. consts, types, and fns) may syntactically leave\n out their bodies in favor of ;.\n * Bounds on associated types in impls are now syntactically allowed\n (e.g. type Foo: Ord;).\n * ... (the C-variadic type) may occur syntactically directly as the\n type of any function parameter. These are still rejected\n semantically, so you will likely receive an error but these changes\n can be seen and parsed by procedural macros and conditional\n compilation.\n\n + Compiler\n\n - Added tier 2 support for armv7a-none-eabi.\n - Added tier 2 support for riscv64gc-unknown-linux-gnu.\n - Option::{expect,unwrap} and Result::{expect, expect_err, unwrap,\n unwrap_err} now produce panic messages pointing to the location where\n they were called, rather than core's internals. Refer to Rust's\n platform support page for more information on Rust's tiered platform\n support.\n\n + Libraries\n\n - iter::Empty<T> now implements Send and Sync for any T.\n - Pin::{map_unchecked, map_unchecked_mut} no longer require the return\n type to implement Sized.\n - io::Cursor now derives PartialEq and Eq.\n - Layout::new is now const.\n - Added Standard Library support for riscv64gc-unknown-linux-gnu.\n\n + Stabilized APIs\n\n - CondVar::wait_while\n - CondVar::wait_timeout_while\n - DebugMap::key\n - DebugMap::value\n - ManuallyDrop::take\n - matches!\n - ptr::slice_from_raw_parts_mut\n - ptr::slice_from_raw_parts\n\n + Cargo\n\n - You no longer need to include extern crate proc_macro; to be able to\n use proc_macro; in the 2018 edition.\n\n + Compatibility Notes\n\n - Error::description has been deprecated, and its use will now produce a\n warning. It's recommended to use Display/to_string instead.\n\n Update to version 1.41.1:\n\n - Always check types of static items\n - Always check lifetime bounds of `Copy` impls\n - Fix miscompilation in callers of `Layout::repeat`\n\n Update to version 1.41.0:\n\n + Language\n\n - You can now pass type parameters to foreign items when implementing\n traits. E.g. You can now write `impl<T> From<Foo> for Vec<T> {}`.\n - You can now arbitrarily nest receiver types in the `self` position.\n E.g. you can now write `fn foo(self: Box<Box<Self>>) {}`. Previously\n only `Self`, `&Self`, `&mut Self`, `Arc<Self>`, `Rc<Self>`, and\n `Box<Self>` were allowed.\n - You can now use any valid identifier in a `format_args` macro.\n Previously identifiers starting with an underscore were not allowed.\n - Visibility modifiers (e.g. `pub`) are now syntactically allowed on\n trait items and enum variants. These are still rejected semantically,\n but can be seen and parsed by procedural macros and conditional\n compilation.\n\n + Compiler\n\n - Rustc will now warn if you have unused loop `'label`s.\n - Removed support for the `i686-unknown-dragonfly` target.\n - Added tier 3 support\\* for the `riscv64gc-unknown-linux-gnu` target.\n - You can now pass an arguments file passing the `@path` syntax to\n rustc. Note that the format differs somewhat from what is found in\n other tooling; please see the documentation for more information.\n - You can now provide `--extern` flag without a path, indicating that it\n is available from the search path or specified with an `-L` flag.\n\n Refer to Rust's [platform support page][forge-platform-support] for more\n information on Rust's tiered platform support.\n\n + Libraries\n\n - The `core::panic` module is now stable. It was already stable through\n `std`.\n - `NonZero*` numerics now implement `From<NonZero*>` if it's a smaller\n integer width. E.g. `NonZeroU16` now implements `From<NonZeroU8>`.\n - `MaybeUninit<T>` now implements `fmt::Debug`.\n\n + Stabilized APIs\n\n - `Result::map_or`\n - `Result::map_or_else`\n - `std::rc::Weak::weak_count`\n - `std::rc::Weak::strong_count`\n - `std::sync::Weak::weak_count`\n - `std::sync::Weak::strong_count`\n\n + Cargo\n\n - Cargo will now document all the private items for binary crates by\n default.\n - `cargo-install` will now reinstall the package if it detects that it\n is out\n of date.\n - Cargo.lock now uses a more git friendly format that should help to\n reduce merge conflicts.\n - You can now override specific dependencies's build settings. E.g.\n `[profile.dev.package.image] opt-level = 2` sets the `image` crate's\n optimisation level to `2` for debug builds. You can also use\n `[profile.<profile>.build-override]` to override build scripts and\n their dependencies.\n\n + Misc\n\n - You can now specify `edition` in documentation code blocks to compile\n the block for that edition. E.g. `edition2018` tells rustdoc that the\n code sample should be compiled the 2018 edition of Rust.\n - You can now provide custom themes to rustdoc with `--theme`, and check\n the current theme with `--check-theme`.\n - You can use `#[cfg(doc)]` to compile an item when building\n documentation.\n\n + Compatibility Notes\n\n - As previously announced 1.41.0 will be the last tier 1 release for\n 32-bit Apple targets. This means that the source code is still\n available to build, but the targets are no longer being tested and\n release binaries for those platforms will no longer be distributed by\n the Rust project. Please refer to the linked blog post for more\n information.\n\n - Bump version of libssh2 for SLE15; we now need a version with\n libssh2_userauth_publickey_frommemory(), which appeared in libssh2 1.6.0.\n\n Update to version 1.40.0\n\n + Language\n\n - You can now use tuple `struct`s and tuple `enum` variant's\n constructors in `const` contexts. e.g. pub struct Point(i32, i32);\n const ORIGIN: Point = { let constructor = Point; constructor(0, 0) };\n - You can now mark `struct`s, `enum`s, and `enum` variants with the\n `#[non_exhaustive]` attribute to indicate that there may be variants\n or fields added in the future. For example this requires adding a\n wild-card branch (`_ => {}`) to any match statements on a\n non-exhaustive `enum`.\n - You can now use function-like procedural macros in `extern` blocks and\n in type positions. e.g. `type Generated = macro!();`\n - Function-like and attribute procedural macros can now emit\n `macro_rules!` items, so you can now have your macros generate macros.\n - The `meta` pattern matcher in `macro_rules!` now correctly matches the\n modern attribute syntax. For example `(#[$m:meta])` now matches\n `#[attr]`, `#[attr{tokens}]`, `#[attr[tokens]]`, and `#[attr(tokens)]`.\n\n + Compiler\n\n - Added tier 3 support\\* for the `thumbv7neon-unknown-linux-musleabihf`\n target.\n - Added tier 3 support for the `aarch64-unknown-none-softfloat` target.\n - Added tier 3 support for the `mips64-unknown-linux-muslabi64`, and\n `mips64el-unknown-linux-muslabi64` targets.\n\n + Libraries\n\n - The `is_power_of_two` method on unsigned numeric types is now a\n `const` function.\n\n + Stabilized APIs\n\n - BTreeMap::get_key_value\n - HashMap::get_key_value\n - Option::as_deref_mut\n - Option::as_deref\n - Option::flatten\n - UdpSocket::peer_addr\n - f32::to_be_bytes\n - f32::to_le_bytes\n - f32::to_ne_bytes\n - f64::to_be_bytes\n - f64::to_le_bytes\n - f64::to_ne_bytes\n - f32::from_be_bytes\n - f32::from_le_bytes\n - f32::from_ne_bytes\n - f64::from_be_bytes\n - f64::from_le_bytes\n - f64::from_ne_bytes\n - mem::take\n - slice::repeat\n - todo!\n\n + Cargo\n\n - Cargo will now always display warnings, rather than only on fresh\n builds.\n - Feature flags (except `--all-features`) passed to a virtual workspace\n will now produce an error. Previously these flags were ignored.\n - You can now publish `dev-dependencies` without including a `version`.\n\n + Misc\n\n - You can now specify the `#[cfg(doctest)]` attribute to include an item\n only when running documentation tests with `rustdoc`.\n\n + Compatibility Notes\n\n - As previously announced, any previous NLL warnings in the 2015 edition\n are now hard errors.\n - The `include!` macro will now warn if it failed to include the entire\n file. The `include!` macro unintentionally only includes the first\n _expression_ in a file, and this can be unintuitive. This will become\n either a hard error in a future release, or the behavior may be fixed\n to include all expressions as expected.\n - Using `#[inline]` on function prototypes and consts now emits a\n warning under `unused_attribute` lint. Using `#[inline]` anywhere else\n inside traits\n or `extern` blocks now correctly emits a hard error.\n\n Update to version 1.39.0\n\n + Language\n\n - You can now create async functions and blocks with async fn, async\n move {}, and async {} respectively, and you can now call .await on\n async expressions.\n - You can now use certain attributes on function, closure, and function\n pointer parameters.\n - You can now take shared references to bind-by-move patterns in the if\n guards of match arms.\n\n + Compiler\n\n - Added tier 3 support for the i686-unknown-uefi target.\n - Added tier 3 support for the sparc64-unknown-openbsd target.\n - rustc will now trim code snippets in diagnostics to fit in your\n terminal.\n - You can now pass --show-output argument to test binaries to print the\n output of successful tests.\n\n + For more details:\n <a rel=\"nofollow\" href=\"https://github.com/rust-lang/rust/blob/stable/RELEASES.md#version-1390-2019\">https://github.com/rust-lang/rust/blob/stable/RELEASES.md#version-1390-2019</a>\n -11-07\n\n - Switch to bundled version of libgit2 for now. libgit2-sys seems to\n expect using the bundled variant, which just seems to point to a\n snapshot of the master branch and doesn't match any released libgit2\n (bsc#1154817). See: <a rel=\"nofollow\" href=\"https://github.com/rust-lang/rust/issues/63476\">https://github.com/rust-lang/rust/issues/63476</a> and\n <a rel=\"nofollow\" href=\"https://github.com/rust-lang/git2-rs/issues/458\">https://github.com/rust-lang/git2-rs/issues/458</a> for details.\n\n Update to version 1.38.0\n\n + Language\n\n - The `#[global_allocator]` attribute can now be used in submodules.\n - The `#[deprecated]` attribute can now be used on macros.\n\n + Compiler\n\n - Added pipelined compilation support to `rustc`. This will improve\n compilation times in some cases.\n\n + Libraries\n\n - `ascii::EscapeDefault` now implements `Clone` and `Display`.\n - Derive macros for prelude traits (e.g. `Clone`, `Debug`, `Hash`) are\n now available at the same path as the trait. (e.g. The `Clone` derive\n macro is available at `std::clone::Clone`). This also makes all\n built-in macros available in `std`/`core` root. e.g.\n `std::include_bytes!`.\n - `str::Chars` now implements `Debug`.\n - `slice::{concat, connect, join}` now accepts `&[T]` in addition to\n `&T`.\n - `*const T` and `*mut T` now implement `marker::Unpin`.\n - `Arc<[T]>` and `Rc<[T]>` now implement `FromIterator<T>`.\n - Added euclidean remainder and division operations (`div_euclid`,\n `rem_euclid`) to all numeric primitives. Additionally `checked`,\n `overflowing`, and `wrapping` versions are available for all integer\n primitives.\n - `thread::AccessError` now implements `Clone`, `Copy`, `Eq`, `Error`,\n and `PartialEq`.\n - `iter::{StepBy, Peekable, Take}` now implement `DoubleEndedIterator`.\n\n + Stabilized APIs\n\n - `<*const T>::cast`\n - `<*mut T>::cast`\n - `Duration::as_secs_f32`\n - `Duration::as_secs_f64`\n - `Duration::div_f32`\n - `Duration::div_f64`\n - `Duration::from_secs_f32`\n - `Duration::from_secs_f64`\n - `Duration::mul_f32`\n - `Duration::mul_f64`\n - `any::type_name`\n\n + Cargo\n\n - Added pipelined compilation support to `cargo`.\n - You can now pass the `--features` option multiple times to enable\n multiple features.\n\n + Misc\n\n - `rustc` will now warn about some incorrect uses of\n `mem::{uninitialized, zeroed}` that are known to cause undefined\n behaviour.\n\n Update to version 1.37.0\n\n + Language\n\n - #[must_use] will now warn if the type is contained in a tuple, Box,\n or an array and unused.\n - You can now use the `cfg` and `cfg_attr` attributes on generic\n parameters.\n - You can now use enum variants through type alias. e.g. You can write\n the following: ``` type MyOption = Option<u8>; fn\n increment_or_zero(x: MyOption) -> u8 { match x { MyOption::Some(y)\n => y + 1, MyOption::None => 0, } } ```\n - You can now use `_` as an identifier for consts. e.g. You can write\n `const _: u32 = 5;`.\n - You can now use `#[repr(align(X)]` on enums.\n - The `?` Kleene macro operator is now available in the 2015 edition.\n\n + Compiler\n\n - You can now enable Profile-Guided Optimization with the `-C\n profile-generate` and `-C profile-use` flags. For more information\n on how to use profile guided optimization, please refer to the rustc\n book.\n - The `rust-lldb` wrapper script should now work again.\n\n + Libraries\n\n - `mem::MaybeUninit<T>` is now ABI-compatible with `T`.\n\n + Stabilized APIs\n\n - BufReader::buffer\n - BufWriter::buffer\n - Cell::from_mut\n - Cell<[T]>::as_slice_of_cells\n - Cell<slice>::as_slice_of_cells\n - DoubleEndedIterator::nth_back\n - Option::xor\n - Wrapping::reverse_bits\n - i128::reverse_bits\n - i16::reverse_bits\n - i32::reverse_bits\n - i64::reverse_bits\n - i8::reverse_bits\n - isize::reverse_bits\n - slice::copy_within\n - u128::reverse_bits\n - u16::reverse_bits\n - u32::reverse_bits\n - u64::reverse_bits\n - u8::reverse_bits\n - usize::reverse_bits\n\n + Cargo\n\n - Cargo.lock files are now included by default when publishing\n executable crates with executables.\n - You can now specify `default-run="foo"` in `[package]` to specify\n the default executable to use for `cargo run`.\n - cargo-vendor is now provided as a sub-command of cargo\n\n + Compatibility Notes\n\n - Using `...` for inclusive range patterns will now warn by default.\n Please transition your code to using the `..=` syntax for inclusive\n ranges instead.\n - Using a trait object without the `dyn` will now warn by default.\n Please transition your code to use `dyn Trait` for trait objects\n instead. Crab(String), Lobster(String), Person(String), let state =\n Creature::Crab("Ferris"); if let Creature::Crab(name) |\n Creature::Person(name) = state { println!("This creature's name is:\n {}", name); } unsafe { foo() } pub fn new(x: i32, y: i32) -> Self {\n Self(x, y) } pub fn is_origin(&self) -> bool { match self { Self(0,\n 0) => true, _ => false, } } Self: PartialOrd<Self> // can write\n `Self` instead of `List<T>` Nil, Cons(T, Box<Self>) // likewise here\n fn test(&self) { println!("one"); } //~ ERROR duplicate definitions\n with name `test` fn test(&self) { println!("two"); }\n\n * Basic procedural macros allowing custom `#[derive]`, aka "macros 1.1",\n are stable. This allows popular code-generating crates like Serde and\n Diesel to work ergonomically. [RFC 1681].\n * [Tuple structs may be empty. Unary and empty tuple structs may be\n instantiated with curly braces][36868]. Part of [RFC 1506].\n * [A number of minor changes to name resolution have been\n activated][37127]. They add up to more consistent semantics, allowing\n for future evolution of Rust macros. Specified in [RFC 1560], see its\n section on ["changes"] for details of what is different. The breaking\n changes here have been transitioned through the [`legacy_imports`] lint\n since 1.14, with no known regressions.\n * [In `macro_rules`, `path` fragments can now be parsed as type parameter\n bounds][38279]\n * [`?Sized` can be used in `where` clauses][37791]\n * [There is now a limit on the size of monomorphized types and it can be\n modified with the `#![type_size_limit]` crate attribute, similarly to\n the `#![recursion_limit]` attribute][37789]\n * [On Windows, the compiler will apply dllimport attributes when linking\n to extern functions][37973]. Additional attributes and flags can control\n which library kind is linked and its name. [RFC 1717].\n * [Rust-ABI symbols are no longer exported from cdylibs][38117]\n * [The `--test` flag works with procedural macro crates][38107]\n * [Fix `extern "aapcs" fn` ABI][37814]\n * [The `-C no-stack-check` flag is deprecated][37636]. It does nothing.\n * [The `format!` expander recognizes incorrect `printf` and shell-style\n formatting directives and suggests the correct format][37613].\n * [Only report one error for all unused imports in an import list][37456]\n * [Avoid unnecessary `mk_ty` calls in `Ty::super_fold_with`][37705]\n * [Avoid more unnecessary `mk_ty` calls in `Ty::super_fold_with`][37979]\n * [Don't clone in `UnificationTable::probe`][37848]\n * [Remove `scope_auxiliary` to cut RSS by 10%][37764]\n * [Use small vectors in type walker][37760]\n * [Macro expansion performance was improved][37701]\n * [Change `HirVec<P<T>>` to `HirVec<T>` in `hir::Expr`][37642]\n * [Replace FNV with a faster hash function][37229]\n <a rel=\"nofollow\" href=\"https://raw.githubusercontent.com/rust-lang/rust/master/RELEASES.md\">https://raw.githubusercontent.com/rust-lang/rust/master/RELEASES.md</a>\n\n rust-cbindgen is shipped in version 0.14.1.\n\n", "edition": 1, "modified": "2020-07-07T12:13:02", "published": "2020-07-07T12:13:02", "id": "OPENSUSE-SU-2020:0945-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00011.html", "title": "Security update for rust, rust-cbindgen (moderate)", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-06T19:24:36", "bulletinFamily": "unix", "cvelist": ["CVE-2020-1967"], "description": "This update for rust, rust-cbindgen fixes the following issues:\n\n rust was updated for use by Firefox 76ESR.\n\n - Fixed miscompilations with rustc 1.43 that lead to LTO failures\n (bsc#1173202)\n\n Update to version 1.43.1\n\n - Updated openssl-src to 1.1.1g for CVE-2020-1967.\n - Fixed the stabilization of AVX-512 features.\n - Fixed `cargo package --list` not working with unpublished dependencies.\n\n Update to version 1.43.0\n\n + Language:\n\n - Fixed using binary operations with `&{number}` (e.g. `&1.0`) not having\n the type inferred correctly.\n - Attributes such as `#[cfg()]` can now be used on `if` expressions.\n - Syntax only changes:\n * Allow `type Foo: Ord` syntactically.\n * Fuse associated and extern items up to defaultness.\n * Syntactically allow `self` in all `fn` contexts.\n * Merge `fn` syntax + cleanup item parsing.\n * `item` macro fragments can be interpolated into `trait`s, `impl`s, and\n `extern` blocks. For example, you may now write: ```rust macro_rules!\n mac_trait { ($i:item) => { trait T { $i } } } mac_trait! { fn foo() {}\n } ```\n * These are still rejected *semantically*, so you will likely receive an\n error but these changes can be seen and parsed by macros and\n conditional compilation.\n\n + Compiler\n\n - You can now pass multiple lint flags to rustc to override the previous\n flags.\n\n For example; `rustc -D unused -A unused-variables` denies everything in\n the `unused` lint group except `unused-variables` which is explicitly\n allowed. However, passing `rustc -A unused-variables -D unused` denies\n everything in the `unused` lint group **including** `unused-variables`\n since the allow flag is specified before the deny flag (and therefore\n overridden).\n - rustc will now prefer your system MinGW libraries over its bundled\n libraries if they are available on `windows-gnu`.\n - rustc now buffers errors/warnings printed in JSON.\n\n Libraries:\n\n - `Arc<[T; N]>`, `Box<[T; N]>`, and `Rc<[T; N]>`, now implement\n `TryFrom<Arc<[T]>>`,`TryFrom<Box<[T]>>`, and `TryFrom<Rc<[T]>>`\n respectively.\n **Note** These conversions are only available when `N` is `0..=32`.\n - You can now use associated constants on floats and integers directly,\n rather than having to import the module. e.g. You can now write\n `u32::MAX` or `f32::NAN` with no imports.\n - `u8::is_ascii` is now `const`.\n - `String` now implements `AsMut<str>`.\n - Added the `primitive` module to `std` and `core`. This module reexports\n Rust's primitive types. This is mainly useful in macros where you want\n avoid these types being shadowed.\n - Relaxed some of the trait bounds on `HashMap` and `HashSet`.\n - `string::FromUtf8Error` now implements `Clone + Eq`.\n\n + Stabilized APIs\n\n - `Once::is_completed`\n - `f32::LOG10_2`\n - `f32::LOG2_10`\n - `f64::LOG10_2`\n - `f64::LOG2_10`\n - `iter::once_with`\n\n + Cargo\n\n - You can now set config `[profile]`s in your `.cargo/config`,\n or through your environment.\n - Cargo will now set `CARGO_BIN_EXE_<name>` pointing to a binary's\n executable path when running integration tests or benchmarks. `<name>`\n is the name of your binary as-is e.g. If you wanted the executable\n path for a binary named `my-program`you would use\n `env!("CARGO_BIN_EXE_my-program")`.\n\n + Misc\n\n - Certain checks in the `const_err` lint were deemed unrelated to const\n evaluation, and have been moved to the `unconditional_panic` and\n `arithmetic_overflow` lints.\n\n + Compatibility Notes\n\n - Having trailing syntax in the `assert!` macro is now a hard error.\n This has been a warning since 1.36.0.\n - Fixed `Self` not having the correctly inferred type. This incorrectly\n led to some instances being accepted, and now correctly emits a hard\n error.\n\n Update to version 1.42.0:\n\n + Language\n\n - You can now use the slice pattern syntax with subslices.\n - You can now use #[repr(transparent)] on univariant enums. Meaning that\n you can create an enum that has the exact layout and ABI of the type\n it contains.\n - There are some syntax-only changes:\n * default is syntactically allowed before items in trait definitions.\n * Items in impls (i.e. consts, types, and fns) may syntactically leave\n out their bodies in favor of ;.\n * Bounds on associated types in impls are now syntactically allowed\n (e.g. type Foo: Ord;).\n * ... (the C-variadic type) may occur syntactically directly as the\n type of any function parameter. These are still rejected\n semantically, so you will likely receive an error but these changes\n can be seen and parsed by procedural macros and conditional\n compilation.\n\n + Compiler\n\n - Added tier 2 support for armv7a-none-eabi.\n - Added tier 2 support for riscv64gc-unknown-linux-gnu.\n - Option::{expect,unwrap} and Result::{expect, expect_err, unwrap,\n unwrap_err} now produce panic messages pointing to the location where\n they were called, rather than core's internals. Refer to Rust's\n platform support page for more information on Rust's tiered platform\n support.\n\n + Libraries\n\n - iter::Empty<T> now implements Send and Sync for any T.\n - Pin::{map_unchecked, map_unchecked_mut} no longer require the return\n type to implement Sized.\n - io::Cursor now derives PartialEq and Eq.\n - Layout::new is now const.\n - Added Standard Library support for riscv64gc-unknown-linux-gnu.\n\n + Stabilized APIs\n\n - CondVar::wait_while\n - CondVar::wait_timeout_while\n - DebugMap::key\n - DebugMap::value\n - ManuallyDrop::take\n - matches!\n - ptr::slice_from_raw_parts_mut\n - ptr::slice_from_raw_parts\n\n + Cargo\n\n - You no longer need to include extern crate proc_macro; to be able to\n use proc_macro; in the 2018 edition.\n\n + Compatibility Notes\n\n - Error::description has been deprecated, and its use will now produce a\n warning. It's recommended to use Display/to_string instead.\n\n Update to version 1.41.1:\n\n - Always check types of static items\n - Always check lifetime bounds of `Copy` impls\n - Fix miscompilation in callers of `Layout::repeat`\n\n Update to version 1.41.0:\n\n + Language\n\n - You can now pass type parameters to foreign items when implementing\n traits. E.g. You can now write `impl<T> From<Foo> for Vec<T> {}`.\n - You can now arbitrarily nest receiver types in the `self` position.\n E.g. you can now write `fn foo(self: Box<Box<Self>>) {}`. Previously\n only `Self`, `&Self`, `&mut Self`, `Arc<Self>`, `Rc<Self>`, and\n `Box<Self>` were allowed.\n - You can now use any valid identifier in a `format_args` macro.\n Previously identifiers starting with an underscore were not allowed.\n - Visibility modifiers (e.g. `pub`) are now syntactically allowed on\n trait items and enum variants. These are still rejected semantically,\n but can be seen and parsed by procedural macros and conditional\n compilation.\n\n + Compiler\n\n - Rustc will now warn if you have unused loop `'label`s.\n - Removed support for the `i686-unknown-dragonfly` target.\n - Added tier 3 support\\* for the `riscv64gc-unknown-linux-gnu` target.\n - You can now pass an arguments file passing the `@path` syntax to\n rustc. Note that the format differs somewhat from what is found in\n other tooling; please see the documentation for more information.\n - You can now provide `--extern` flag without a path, indicating that it\n is available from the search path or specified with an `-L` flag.\n\n Refer to Rust's [platform support page][forge-platform-support] for more\n information on Rust's tiered platform support.\n\n + Libraries\n\n - The `core::panic` module is now stable. It was already stable through\n `std`.\n - `NonZero*` numerics now implement `From<NonZero*>` if it's a smaller\n integer width. E.g. `NonZeroU16` now implements `From<NonZeroU8>`.\n - `MaybeUninit<T>` now implements `fmt::Debug`.\n\n + Stabilized APIs\n\n - `Result::map_or`\n - `Result::map_or_else`\n - `std::rc::Weak::weak_count`\n - `std::rc::Weak::strong_count`\n - `std::sync::Weak::weak_count`\n - `std::sync::Weak::strong_count`\n\n + Cargo\n\n - Cargo will now document all the private items for binary crates by\n default.\n - `cargo-install` will now reinstall the package if it detects that it\n is out\n of date.\n - Cargo.lock now uses a more git friendly format that should help to\n reduce merge conflicts.\n - You can now override specific dependencies's build settings. E.g.\n `[profile.dev.package.image] opt-level = 2` sets the `image` crate's\n optimisation level to `2` for debug builds. You can also use\n `[profile.<profile>.build-override]` to override build scripts and\n their dependencies.\n\n + Misc\n\n - You can now specify `edition` in documentation code blocks to compile\n the block for that edition. E.g. `edition2018` tells rustdoc that the\n code sample should be compiled the 2018 edition of Rust.\n - You can now provide custom themes to rustdoc with `--theme`, and check\n the current theme with `--check-theme`.\n - You can use `#[cfg(doc)]` to compile an item when building\n documentation.\n\n + Compatibility Notes\n\n - As previously announced 1.41.0 will be the last tier 1 release for\n 32-bit Apple targets. This means that the source code is still\n available to build, but the targets are no longer being tested and\n release binaries for those platforms will no longer be distributed by\n the Rust project. Please refer to the linked blog post for more\n information.\n\n - Bump version of libssh2 for SLE15; we now need a version with\n libssh2_userauth_publickey_frommemory(), which appeared in libssh2 1.6.0.\n\n Update to version 1.40.0\n\n + Language\n\n - You can now use tuple `struct`s and tuple `enum` variant's\n constructors in `const` contexts. e.g. pub struct Point(i32, i32);\n const ORIGIN: Point = { let constructor = Point; constructor(0, 0) };\n - You can now mark `struct`s, `enum`s, and `enum` variants with the\n `#[non_exhaustive]` attribute to indicate that there may be variants\n or fields added in the future. For example this requires adding a\n wild-card branch (`_ => {}`) to any match statements on a\n non-exhaustive `enum`.\n - You can now use function-like procedural macros in `extern` blocks and\n in type positions. e.g. `type Generated = macro!();`\n - Function-like and attribute procedural macros can now emit\n `macro_rules!` items, so you can now have your macros generate macros.\n - The `meta` pattern matcher in `macro_rules!` now correctly matches the\n modern attribute syntax. For example `(#[$m:meta])` now matches\n `#[attr]`, `#[attr{tokens}]`, `#[attr[tokens]]`, and `#[attr(tokens)]`.\n\n + Compiler\n\n - Added tier 3 support\\* for the `thumbv7neon-unknown-linux-musleabihf`\n target.\n - Added tier 3 support for the `aarch64-unknown-none-softfloat` target.\n - Added tier 3 support for the `mips64-unknown-linux-muslabi64`, and\n `mips64el-unknown-linux-muslabi64` targets.\n\n + Libraries\n\n - The `is_power_of_two` method on unsigned numeric types is now a\n `const` function.\n\n + Stabilized APIs\n\n - BTreeMap::get_key_value\n - HashMap::get_key_value\n - Option::as_deref_mut\n - Option::as_deref\n - Option::flatten\n - UdpSocket::peer_addr\n - f32::to_be_bytes\n - f32::to_le_bytes\n - f32::to_ne_bytes\n - f64::to_be_bytes\n - f64::to_le_bytes\n - f64::to_ne_bytes\n - f32::from_be_bytes\n - f32::from_le_bytes\n - f32::from_ne_bytes\n - f64::from_be_bytes\n - f64::from_le_bytes\n - f64::from_ne_bytes\n - mem::take\n - slice::repeat\n - todo!\n\n + Cargo\n\n - Cargo will now always display warnings, rather than only on fresh\n builds.\n - Feature flags (except `--all-features`) passed to a virtual workspace\n will now produce an error. Previously these flags were ignored.\n - You can now publish `dev-dependencies` without including a `version`.\n\n + Misc\n\n - You can now specify the `#[cfg(doctest)]` attribute to include an item\n only when running documentation tests with `rustdoc`.\n\n + Compatibility Notes\n\n - As previously announced, any previous NLL warnings in the 2015 edition\n are now hard errors.\n - The `include!` macro will now warn if it failed to include the entire\n file. The `include!` macro unintentionally only includes the first\n _expression_ in a file, and this can be unintuitive. This will become\n either a hard error in a future release, or the behavior may be fixed\n to include all expressions as expected.\n - Using `#[inline]` on function prototypes and consts now emits a\n warning under `unused_attribute` lint. Using `#[inline]` anywhere else\n inside traits\n or `extern` blocks now correctly emits a hard error.\n\n Update to version 1.39.0\n\n + Language\n\n - You can now create async functions and blocks with async fn, async\n move {}, and async {} respectively, and you can now call .await on\n async expressions.\n - You can now use certain attributes on function, closure, and function\n pointer parameters.\n - You can now take shared references to bind-by-move patterns in the if\n guards of match arms.\n\n + Compiler\n\n - Added tier 3 support for the i686-unknown-uefi target.\n - Added tier 3 support for the sparc64-unknown-openbsd target.\n - rustc will now trim code snippets in diagnostics to fit in your\n terminal.\n - You can now pass --show-output argument to test binaries to print the\n output of successful tests.\n\n + For more details:\n <a rel=\"nofollow\" href=\"https://github.com/rust-lang/rust/blob/stable/RELEASES.md#version-1390-2019\">https://github.com/rust-lang/rust/blob/stable/RELEASES.md#version-1390-2019</a>\n -11-07\n\n - Switch to bundled version of libgit2 for now. libgit2-sys seems to\n expect using the bundled variant, which just seems to point to a\n snapshot of the master branch and doesn't match any released libgit2\n (bsc#1154817). See: <a rel=\"nofollow\" href=\"https://github.com/rust-lang/rust/issues/63476\">https://github.com/rust-lang/rust/issues/63476</a> and\n <a rel=\"nofollow\" href=\"https://github.com/rust-lang/git2-rs/issues/458\">https://github.com/rust-lang/git2-rs/issues/458</a> for details.\n\n Update to version 1.38.0\n\n + Language\n\n - The `#[global_allocator]` attribute can now be used in submodules.\n - The `#[deprecated]` attribute can now be used on macros.\n\n + Compiler\n\n - Added pipelined compilation support to `rustc`. This will improve\n compilation times in some cases.\n\n + Libraries\n\n - `ascii::EscapeDefault` now implements `Clone` and `Display`.\n - Derive macros for prelude traits (e.g. `Clone`, `Debug`, `Hash`) are\n now available at the same path as the trait. (e.g. The `Clone` derive\n macro is available at `std::clone::Clone`). This also makes all\n built-in macros available in `std`/`core` root. e.g.\n `std::include_bytes!`.\n - `str::Chars` now implements `Debug`.\n - `slice::{concat, connect, join}` now accepts `&[T]` in addition to\n `&T`.\n - `*const T` and `*mut T` now implement `marker::Unpin`.\n - `Arc<[T]>` and `Rc<[T]>` now implement `FromIterator<T>`.\n - Added euclidean remainder and division operations (`div_euclid`,\n `rem_euclid`) to all numeric primitives. Additionally `checked`,\n `overflowing`, and `wrapping` versions are available for all integer\n primitives.\n - `thread::AccessError` now implements `Clone`, `Copy`, `Eq`, `Error`,\n and `PartialEq`.\n - `iter::{StepBy, Peekable, Take}` now implement `DoubleEndedIterator`.\n\n + Stabilized APIs\n\n - `<*const T>::cast`\n - `<*mut T>::cast`\n - `Duration::as_secs_f32`\n - `Duration::as_secs_f64`\n - `Duration::div_f32`\n - `Duration::div_f64`\n - `Duration::from_secs_f32`\n - `Duration::from_secs_f64`\n - `Duration::mul_f32`\n - `Duration::mul_f64`\n - `any::type_name`\n\n + Cargo\n\n - Added pipelined compilation support to `cargo`.\n - You can now pass the `--features` option multiple times to enable\n multiple features.\n\n + Misc\n\n - `rustc` will now warn about some incorrect uses of\n `mem::{uninitialized, zeroed}` that are known to cause undefined\n behaviour.\n\n Update to version 1.37.0\n\n + Language\n\n - #[must_use] will now warn if the type is contained in a tuple, Box,\n or an array and unused.\n - You can now use the `cfg` and `cfg_attr` attributes on generic\n parameters.\n - You can now use enum variants through type alias. e.g. You can write\n the following: ``` type MyOption = Option<u8>; fn\n increment_or_zero(x: MyOption) -> u8 { match x { MyOption::Some(y)\n => y + 1, MyOption::None => 0, } } ```\n - You can now use `_` as an identifier for consts. e.g. You can write\n `const _: u32 = 5;`.\n - You can now use `#[repr(align(X)]` on enums.\n - The `?` Kleene macro operator is now available in the 2015 edition.\n\n + Compiler\n\n - You can now enable Profile-Guided Optimization with the `-C\n profile-generate` and `-C profile-use` flags. For more information\n on how to use profile guided optimization, please refer to the rustc\n book.\n - The `rust-lldb` wrapper script should now work again.\n\n + Libraries\n\n - `mem::MaybeUninit<T>` is now ABI-compatible with `T`.\n\n + Stabilized APIs\n\n - BufReader::buffer\n - BufWriter::buffer\n - Cell::from_mut\n - Cell<[T]>::as_slice_of_cells\n - Cell<slice>::as_slice_of_cells\n - DoubleEndedIterator::nth_back\n - Option::xor\n - Wrapping::reverse_bits\n - i128::reverse_bits\n - i16::reverse_bits\n - i32::reverse_bits\n - i64::reverse_bits\n - i8::reverse_bits\n - isize::reverse_bits\n - slice::copy_within\n - u128::reverse_bits\n - u16::reverse_bits\n - u32::reverse_bits\n - u64::reverse_bits\n - u8::reverse_bits\n - usize::reverse_bits\n\n + Cargo\n\n - Cargo.lock files are now included by default when publishing\n executable crates with executables.\n - You can now specify `default-run="foo"` in `[package]` to specify\n the default executable to use for `cargo run`.\n - cargo-vendor is now provided as a sub-command of cargo\n\n + Compatibility Notes\n\n - Using `...` for inclusive range patterns will now warn by default.\n Please transition your code to using the `..=` syntax for inclusive\n ranges instead.\n - Using a trait object without the `dyn` will now warn by default.\n Please transition your code to use `dyn Trait` for trait objects\n instead. Crab(String), Lobster(String), Person(String), let state =\n Creature::Crab("Ferris"); if let Creature::Crab(name) |\n Creature::Person(name) = state { println!("This creature's name is:\n {}", name); } unsafe { foo() } pub fn new(x: i32, y: i32) -> Self {\n Self(x, y) } pub fn is_origin(&self) -> bool { match self { Self(0,\n 0) => true, _ => false, } } Self: PartialOrd<Self> // can write\n `Self` instead of `List<T>` Nil, Cons(T, Box<Self>) // likewise here\n fn test(&self) { println!("one"); } //~ ERROR duplicate definitions\n with name `test` fn test(&self) { println!("two"); }\n\n * Basic procedural macros allowing custom `#[derive]`, aka "macros 1.1",\n are stable. This allows popular code-generating crates like Serde and\n Diesel to work ergonomically. [RFC 1681].\n * [Tuple structs may be empty. Unary and empty tuple structs may be\n instantiated with curly braces][36868]. Part of [RFC 1506].\n * [A number of minor changes to name resolution have been\n activated][37127]. They add up to more consistent semantics, allowing\n for future evolution of Rust macros. Specified in [RFC 1560], see its\n section on ["changes"] for details of what is different. The breaking\n changes here have been transitioned through the [`legacy_imports`] lint\n since 1.14, with no known regressions.\n * [In `macro_rules`, `path` fragments can now be parsed as type parameter\n bounds][38279]\n * [`?Sized` can be used in `where` clauses][37791]\n * [There is now a limit on the size of monomorphized types and it can be\n modified with the `#![type_size_limit]` crate attribute, similarly to\n the `#![recursion_limit]` attribute][37789]\n * [On Windows, the compiler will apply dllimport attributes when linking\n to extern functions][37973]. Additional attributes and flags can control\n which library kind is linked and its name. [RFC 1717].\n * [Rust-ABI symbols are no longer exported from cdylibs][38117]\n * [The `--test` flag works with procedural macro crates][38107]\n * [Fix `extern "aapcs" fn` ABI][37814]\n * [The `-C no-stack-check` flag is deprecated][37636]. It does nothing.\n * [The `format!` expander recognizes incorrect `printf` and shell-style\n formatting directives and suggests the correct format][37613].\n * [Only report one error for all unused imports in an import list][37456]\n * [Avoid unnecessary `mk_ty` calls in `Ty::super_fold_with`][37705]\n * [Avoid more unnecessary `mk_ty` calls in `Ty::super_fold_with`][37979]\n * [Don't clone in `UnificationTable::probe`][37848]\n * [Remove `scope_auxiliary` to cut RSS by 10%][37764]\n * [Use small vectors in type walker][37760]\n * [Macro expansion performance was improved][37701]\n * [Change `HirVec<P<T>>` to `HirVec<T>` in `hir::Expr`][37642]\n * [Replace FNV with a faster hash function][37229]\n <a rel=\"nofollow\" href=\"https://raw.githubusercontent.com/rust-lang/rust/master/RELEASES.md\">https://raw.githubusercontent.com/rust-lang/rust/master/RELEASES.md</a>\n\n rust-cbindgen is shipped in version 0.14.1.\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2020-07-06T18:13:47", "published": "2020-07-06T18:13:47", "id": "OPENSUSE-SU-2020:0933-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00004.html", "title": "Security update for rust, rust-cbindgen (moderate)", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openssl": [{"lastseen": "2020-09-14T11:35:59", "bulletinFamily": "software", "cvelist": ["CVE-2020-1967"], "description": " Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the \"signature_algorithms_cert\" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Reported by Bernd Edlinger. \n\n * Fixed in OpenSSL 1.1.1g [(git commit)](<https://github.com/openssl/openssl/commit/eb563247aef3e83dda7679c43f9649270462e5b1>) (Affected 1.1.1d-1.1.1f)\n", "edition": 1, "modified": "2020-04-21T00:00:00", "published": "2020-04-21T00:00:00", "id": "OPENSSL:CVE-2020-1967", "href": "https://www.openssl.org/news/secadv/20200421.txt", "title": "Vulnerability in OpenSSL - Segmentation fault in SSL_check_chain ", "type": "openssl", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "mscve": [{"lastseen": "2021-03-18T19:15:45", "bulletinFamily": "microsoft", "cvelist": ["CVE-2020-1967"], "description": "Microsoft is aware of a publicly disclosed remote denial of service vulnerability for OpenSSL version 1.1.1d and newer. Previous versions prior to 1.1.1d are unaffected.\n\nThe vulnerability is fixed in version 1.1.1g. For more information, please see the [OpenSSL security advisory](<https://www.openssl.org/news/secadv/20200421.txt>).\n\nMicrosoft has confirmed Windows is not affected by this vulnerability. We are currently investigating the wider impact and are applying mitigations to services as needed.\n\n## Recommended Actions\n\nIf you are running a Linux VM or have installed any products that use OpenSSL on Azure, please review the version on your system. We recommend that you check the security blog for the distro you are using.\n", "modified": "2020-04-22T07:00:00", "id": "MS:ADV200007", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV200007", "published": "2020-04-21T07:00:00", "type": "mscve", "title": "OpenSSL Remote Denial of Service Vulnerability", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:39", "bulletinFamily": "unix", "cvelist": ["CVE-2020-1967"], "description": "Arch Linux Security Advisory ASA-202004-19\n==========================================\n\nSeverity: High\nDate : 2020-04-22\nCVE-ID : CVE-2020-1967\nPackage : lib32-openssl\nType : denial of service\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1142\n\nSummary\n=======\n\nThe package lib32-openssl before version 1.1.1.g-1 is vulnerable to\ndenial of service.\n\nResolution\n==========\n\nUpgrade to 1.1.1.g-1.\n\n# pacman -Syu \"lib32-openssl>=1.1.1.g-1\"\n\nThe problem has been fixed upstream in version 1.1.1.g.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nA NULL pointer dereference has been found in OpenSSL versions 1.1.1d,\n1.1.1e and 1.1.1f. Server or client applications that call the\nSSL_check_chain() function during or after a TLS 1.3 handshake may\ncrash due to a NULL pointer dereference as a result of incorrect\nhandling of the \"signature_algorithms_cert\" TLS extension. The crash\noccurs if an invalid or unrecognised signature algorithm is received\nfrom the peer. This could be exploited by a malicious peer in a Denial\nof Service attack.\n\nImpact\n======\n\nA malicious server or client may crash an openssl/libssl process by\nproviding a maliciously-crafted SSL handshake\n\nReferences\n==========\n\nhttps://www.openssl.org/news/secadv/20200421.txt\nhttps://github.com/openssl/openssl/commit/eb563247aef3e83dda7679c43f9649270462e5b1\nhttps://security.archlinux.org/CVE-2020-1967", "modified": "2020-04-22T00:00:00", "published": "2020-04-22T00:00:00", "id": "ASA-202004-19", "href": "https://security.archlinux.org/ASA-202004-19", "type": "archlinux", "title": "[ASA-202004-19] lib32-openssl: denial of service", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-22T18:36:39", "bulletinFamily": "unix", "cvelist": ["CVE-2020-1967"], "description": "Arch Linux Security Advisory ASA-202004-18\n==========================================\n\nSeverity: High\nDate : 2020-04-21\nCVE-ID : CVE-2020-1967\nPackage : openssl\nType : denial of service\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1139\n\nSummary\n=======\n\nThe package openssl before version 1.1.1.g-1 is vulnerable to denial of\nservice.\n\nResolution\n==========\n\nUpgrade to 1.1.1.g-1.\n\n# pacman -Syu \"openssl>=1.1.1.g-1\"\n\nThe problem has been fixed upstream in version 1.1.1.g.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nA NULL pointer dereference has been found in OpenSSL versions 1.1.1d,\n1.1.1e and 1.1.1f. Server or client applications that call the\nSSL_check_chain() function during or after a TLS 1.3 handshake may\ncrash due to a NULL pointer dereference as a result of incorrect\nhandling of the \"signature_algorithms_cert\" TLS extension. The crash\noccurs if an invalid or unrecognised signature algorithm is received\nfrom the peer. This could be exploited by a malicious peer in a Denial\nof Service attack.\n\nImpact\n======\n\nA malicious server or client may crash an openssl/libssl process by\nproviding a maliciously-crafted SSL handshake\n\nReferences\n==========\n\nhttps://www.openssl.org/news/secadv/20200421.txt\nhttps://github.com/openssl/openssl/commit/eb563247aef3e83dda7679c43f9649270462e5b1\nhttps://security.archlinux.org/CVE-2020-1967", "modified": "2020-04-21T00:00:00", "published": "2020-04-21T00:00:00", "id": "ASA-202004-18", "href": "https://security.archlinux.org/ASA-202004-18", "type": "archlinux", "title": "[ASA-202004-18] openssl: denial of service", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-22T18:36:39", "bulletinFamily": "unix", "cvelist": ["CVE-2020-11008", "CVE-2020-5260"], "description": "Arch Linux Security Advisory ASA-202004-21\n==========================================\n\nSeverity: High\nDate : 2020-04-22\nCVE-ID : CVE-2020-11008\nPackage : git\nType : information disclosure\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1138\n\nSummary\n=======\n\nThe package git before version 2.26.2-1 is vulnerable to information\ndisclosure.\n\nResolution\n==========\n\nUpgrade to 2.26.2-1.\n\n# pacman -Syu \"git>=2.26.2-1\"\n\nThe problem has been fixed upstream in version 2.26.2.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nA vulnerability has been found in git before 2.26.2. With a crafted URL\nthat contains a newline or empty host, or lacks a scheme, the\ncredential helper machinery can be fooled into providing credential\ninformation that is not appropriate for the protocol in use and host\nbeing contacted.\n\nUnlike the vulnerability CVE-2020-5260 fixed in v2.26.1, the\ncredentials are not for a host of the attacker's choosing; instead,\nthey are for some unspecified host (based on how the configured\ncredential helper handles an absent \"host\" parameter).\n\nThe attack has been made impossible by refusing to work with under-\nspecified credential patterns.\n\nImpact\n======\n\nA remote attacker might be able to retrieve passwords or other\ncredentials by tricking a user into cloning from a crafted URL, either\ndirectly or via Git submodules, or package systems built around Git.\n\nReferences\n==========\n\nhttps://github.com/git/git/security/advisories/GHSA-hjc9-x69f-jqj7\nhttps://github.com/git/git/compare/v2.17.4...v2.17.5\nhttps://security.archlinux.org/CVE-2020-11008", "modified": "2020-04-22T00:00:00", "published": "2020-04-22T00:00:00", "id": "ASA-202004-21", "href": "https://security.archlinux.org/ASA-202004-21", "type": "archlinux", "title": "[ASA-202004-21] git: information disclosure", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "huawei": [{"lastseen": "2020-07-15T15:25:36", "bulletinFamily": "software", "cvelist": ["CVE-2020-1967"], "description": "There is a Denial of Service (DoS) vulnerability in Openssl. Specific function in Openssl may crash during or after the TLS 1.3 handshake due to a NULL pointer dereference. Attacker may send crafted request packet to the target host service to exploit this vulnerability. Successful exploit may cause the affected service crash or deny of service. (Vulnerability ID: HWPSIRT-2020-16617)\nThis vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-1967.\nHuawei has released software updates to fix this vulnerability. This advisory is available at the following link:\nhttp://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200715-01-openssl-en", "edition": 2, "modified": "2020-07-15T00:00:00", "published": "2020-07-15T00:00:00", "id": "HUAWEI-SA-20200715-01-OPENSSL", "href": "https://www.huawei.com/en/psirt/security-advisories/2020/huawei-sa-20200715-01-openssl-en", "title": "Security Advisory - Denial of Service Vulnerability in OpenSSL", "type": "huawei", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:36:07", "bulletinFamily": "unix", "cvelist": ["CVE-2020-5260", "CVE-2020-11008"], "description": "**Issue Overview:**\n\nAffected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to [CVE-2020-5260 __](<https://access.redhat.com/security/cve/CVE-2020-5260>)(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external \"credential helper\" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a \"blank\" pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's \"store\" helper - Git's \"cache\" helper - the \"osxkeychain\" helper that ships in Git's \"contrib\" directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability. ([CVE-2020-11008 __](<https://access.redhat.com/security/cve/CVE-2020-11008>))\n\n \n**Affected Packages:** \n\n\ngit\n\n \n**Issue Correction:** \nRun _yum update git_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n git-2.23.3-1.amzn2.0.1.aarch64 \n git-core-2.23.3-1.amzn2.0.1.aarch64 \n git-daemon-2.23.3-1.amzn2.0.1.aarch64 \n git-subtree-2.23.3-1.amzn2.0.1.aarch64 \n git-debuginfo-2.23.3-1.amzn2.0.1.aarch64 \n \n i686: \n git-2.23.3-1.amzn2.0.1.i686 \n git-core-2.23.3-1.amzn2.0.1.i686 \n git-daemon-2.23.3-1.amzn2.0.1.i686 \n git-subtree-2.23.3-1.amzn2.0.1.i686 \n git-debuginfo-2.23.3-1.amzn2.0.1.i686 \n \n noarch: \n git-all-2.23.3-1.amzn2.0.1.noarch \n git-core-doc-2.23.3-1.amzn2.0.1.noarch \n git-cvs-2.23.3-1.amzn2.0.1.noarch \n git-email-2.23.3-1.amzn2.0.1.noarch \n gitk-2.23.3-1.amzn2.0.1.noarch \n gitweb-2.23.3-1.amzn2.0.1.noarch \n git-gui-2.23.3-1.amzn2.0.1.noarch \n git-instaweb-2.23.3-1.amzn2.0.1.noarch \n git-p4-2.23.3-1.amzn2.0.1.noarch \n perl-Git-2.23.3-1.amzn2.0.1.noarch \n perl-Git-SVN-2.23.3-1.amzn2.0.1.noarch \n git-svn-2.23.3-1.amzn2.0.1.noarch \n \n src: \n git-2.23.3-1.amzn2.0.1.src \n \n x86_64: \n git-2.23.3-1.amzn2.0.1.x86_64 \n git-core-2.23.3-1.amzn2.0.1.x86_64 \n git-daemon-2.23.3-1.amzn2.0.1.x86_64 \n git-subtree-2.23.3-1.amzn2.0.1.x86_64 \n git-debuginfo-2.23.3-1.amzn2.0.1.x86_64 \n \n \n", "edition": 1, "modified": "2020-05-05T01:11:00", "published": "2020-05-05T01:11:00", "id": "ALAS2-2020-1416", "href": "https://alas.aws.amazon.com/AL2/ALAS-2020-1416.html", "title": "Important: git", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-11-10T12:36:07", "bulletinFamily": "unix", "cvelist": ["CVE-2020-5260", "CVE-2020-11008"], "description": "**Issue Overview:**\n\nAffected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to [CVE-2020-5260 __](<https://access.redhat.com/security/cve/CVE-2020-5260>)(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external \"credential helper\" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a \"blank\" pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's \"store\" helper - Git's \"cache\" helper - the \"osxkeychain\" helper that ships in Git's \"contrib\" directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability. ([CVE-2020-11008 __](<https://access.redhat.com/security/cve/CVE-2020-11008>))\n\nAffected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external \"credential helper\" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that contain an encoded newline can inject unintended values into the credential helper protocol stream, causing the credential helper to retrieve the password for one server (e.g., good.example.com) for an HTTP request being made to another server (e.g., evil.example.com), resulting in credentials for the former being sent to the latter. There are no restrictions on the relationship between the two, meaning that an attacker can craft a URL that will present stored credentials for any host to a host of their choosing. The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The problem has been patched in the versions published on April 14th, 2020, going back to v2.17.x. Anyone wishing to backport the change further can do so by applying commit 9a6bbee (the full release includes extra checks for git fsck, but that commit is sufficient to protect clients against the vulnerability). The patched versions are: 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1. ([CVE-2020-5260 __](<https://access.redhat.com/security/cve/CVE-2020-5260>))\n\n \n**Affected Packages:** \n\n\ngit\n\n \n**Issue Correction:** \nRun _yum update git_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n git-subtree-2.18.4-2.71.amzn1.i686 \n git-core-2.18.4-2.71.amzn1.i686 \n git-svn-2.18.4-2.71.amzn1.i686 \n git-debuginfo-2.18.4-2.71.amzn1.i686 \n git-2.18.4-2.71.amzn1.i686 \n git-daemon-2.18.4-2.71.amzn1.i686 \n git-instaweb-2.18.4-2.71.amzn1.i686 \n \n noarch: \n emacs-git-el-2.18.4-2.71.amzn1.noarch \n emacs-git-2.18.4-2.71.amzn1.noarch \n git-bzr-2.18.4-2.71.amzn1.noarch \n git-all-2.18.4-2.71.amzn1.noarch \n gitweb-2.18.4-2.71.amzn1.noarch \n git-cvs-2.18.4-2.71.amzn1.noarch \n git-email-2.18.4-2.71.amzn1.noarch \n git-hg-2.18.4-2.71.amzn1.noarch \n perl-Git-SVN-2.18.4-2.71.amzn1.noarch \n git-core-doc-2.18.4-2.71.amzn1.noarch \n git-p4-2.18.4-2.71.amzn1.noarch \n perl-Git-2.18.4-2.71.amzn1.noarch \n \n src: \n git-2.18.4-2.71.amzn1.src \n \n x86_64: \n git-svn-2.18.4-2.71.amzn1.x86_64 \n git-subtree-2.18.4-2.71.amzn1.x86_64 \n git-debuginfo-2.18.4-2.71.amzn1.x86_64 \n git-core-2.18.4-2.71.amzn1.x86_64 \n git-2.18.4-2.71.amzn1.x86_64 \n git-instaweb-2.18.4-2.71.amzn1.x86_64 \n git-daemon-2.18.4-2.71.amzn1.x86_64 \n \n \n", "edition": 3, "modified": "2020-07-28T17:23:00", "published": "2020-07-28T17:23:00", "id": "ALAS-2020-1413", "href": "https://alas.aws.amazon.com/ALAS-2020-1413.html", "title": "Important: git", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "slackware": [{"lastseen": "2020-10-25T16:35:59", "bulletinFamily": "unix", "cvelist": ["CVE-2020-11008", "CVE-2020-5260"], "description": "New git packages are available for Slackware 14.0, 14.1, 14.2, and -current to\nfix a security issue.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/git-2.17.5-i586-1_slack14.2.txz: Upgraded.\n This update fixes a security issue:\n With a crafted URL that contains a newline or empty host, or lacks\n a scheme, the credential helper machinery can be fooled into\n providing credential information that is not appropriate for the\n protocol in use and host being contacted.\n Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the\n credentials are not for a host of the attacker's choosing; instead,\n they are for some unspecified host (based on how the configured\n credential helper handles an absent \"host\" parameter).\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11008\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/git-2.17.5-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/git-2.17.5-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/git-2.17.5-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/git-2.17.5-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/git-2.17.5-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/git-2.17.5-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/git-2.26.2-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/git-2.26.2-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\n558c3fb44c4b314f7da5c3c807eeecc0 git-2.17.5-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\nbea3f89056978279971e2c5a98321459 git-2.17.5-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n35ca91631aa102f23a8ceac0ace0d574 git-2.17.5-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n0a75156767ea9ff4f0e9d5f965527f52 git-2.17.5-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\nca39eba5ffe65eef6151f5118c7da317 git-2.17.5-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n516cf56c833774225eb352c7d1ab0392 git-2.17.5-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n450a483052c7b3e779bb0519fbb02638 d/git-2.26.2-i586-1.txz\n\nSlackware x86_64 -current package:\n08382f2cb3766063aadabf3c3d36c602 d/git-2.26.2-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg git-2.17.5-i586-1_slack14.2.txz", "modified": "2020-04-22T03:14:47", "published": "2020-04-22T03:14:47", "id": "SSA-2020-112-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2020&m=slackware-security.449248", "type": "slackware", "title": "[slackware-security] git", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}
