ID E8483115-8B8E-11EA-BDCF-001B217B3468 Type freebsd Reporter FreeBSD Modified 2020-04-30T00:00:00
Description
Gitlab reports:
Path Traversal in NuGet Package Registry
Workhorse Bypass Leads to File Disclosure
OAuth Application Client Secrets Revealed
Code Owners Approval Rules Are Not Updated for Existing Merge Requests When Source Branch Changes
Code Owners Protection Not Enforced from Web UI
Repository Mirror Passwords Exposed To Maintainers
Admin Audit Log Page Denial of Service
Private Project ID Revealed Through Group API
Elasticsearch Credentials Logged to ELK
GitHub Personal Access Token Exposed on Integrations Page
Update Nokogiri dependency
Update OpenSSL Dependency
Update git
{"nessus": [{"lastseen": "2020-05-15T18:17:17", "bulletinFamily": "scanner", "description": "Gitlab reports :\n\nPath Traversal in NuGet Package Registry\n\nWorkhorse Bypass Leads to File Disclosure\n\nOAuth Application Client Secrets Revealed\n\nCode Owners Approval Rules Are Not Updated for Existing Merge Requests\nWhen Source Branch Changes\n\nCode Owners Protection Not Enforced from Web UI\n\nRepository Mirror Passwords Exposed To Maintainers\n\nAdmin Audit Log Page Denial of Service\n\nPrivate Project ID Revealed Through Group API\n\nElasticsearch Credentials Logged to ELK\n\nGitHub Personal Access Token Exposed on Integrations Page\n\nUpdate Nokogiri dependency\n\nUpdate OpenSSL Dependency\n\nUpdate git", "modified": "2020-05-04T00:00:00", "id": "FREEBSD_PKG_E84831158B8E11EABDCF001B217B3468.NASL", "href": "https://www.tenable.com/plugins/nessus/136304", "published": "2020-05-04T00:00:00", "title": "FreeBSD : Gitlab -- Multiple Vulnerabilities (e8483115-8b8e-11ea-bdcf-001b217b3468)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136304);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/13\");\n\n script_cve_id(\"CVE-2020-10187\", \"CVE-2020-11008\", \"CVE-2020-12448\", \"CVE-2020-1967\", \"CVE-2020-7595\");\n script_xref(name:\"IAVA\", value:\"2020-A-0186\");\n\n script_name(english:\"FreeBSD : Gitlab -- Multiple Vulnerabilities (e8483115-8b8e-11ea-bdcf-001b217b3468)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Gitlab reports :\n\nPath Traversal in NuGet Package Registry\n\nWorkhorse Bypass Leads to File Disclosure\n\nOAuth Application Client Secrets Revealed\n\nCode Owners Approval Rules Are Not Updated for Existing Merge Requests\nWhen Source Branch Changes\n\nCode Owners Protection Not Enforced from Web UI\n\nRepository Mirror Passwords Exposed To Maintainers\n\nAdmin Audit Log Page Denial of Service\n\nPrivate Project ID Revealed Through Group API\n\nElasticsearch Credentials Logged to ELK\n\nGitHub Personal Access Token Exposed on Integrations Page\n\nUpdate Nokogiri dependency\n\nUpdate OpenSSL Dependency\n\nUpdate git\"\n );\n # https://about.gitlab.com/releases/2020/04/30/security-release-12-10-2-released/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dac5e06d\"\n );\n # https://vuxml.freebsd.org/freebsd/e8483115-8b8e-11ea-bdcf-001b217b3468.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a57444f0\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-12448\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:gitlab-ce\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"gitlab-ce>=12.10.0<12.10.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"gitlab-ce>=12.9.0<12.9.5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"gitlab-ce>=8.4.0<12.8.10\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-15T20:08:33", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2020:1980 :\n\nAn update for git is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGit is a distributed revision control system with a decentralized\narchitecture. As opposed to centralized version control systems with a\nclient-server model, Git ensures that each working copy of a Git\nrepository is an exact copy with complete revision history. This not\nonly allows the user to work on and contribute to projects without the\nneed to have permission to push the changes to their official\nrepositories, but also makes it possible for the user to work with no\nnetwork connection.\n\nThe following packages have been upgraded to a later upstream version:\ngit (2.18.4). (BZ#1826008)\n\nSecurity Fix(es) :\n\n* git: Crafted URL containing new lines, empty host or lacks a scheme\ncan cause credential leak (CVE-2020-11008)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "modified": "2020-05-11T00:00:00", "id": "ORACLELINUX_ELSA-2020-1980.NASL", "href": "https://www.tenable.com/plugins/nessus/136446", "published": "2020-05-11T00:00:00", "title": "Oracle Linux 8 : git (ELSA-2020-1980)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1980 and \n# Oracle Linux Security Advisory ELSA-2020-1980 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136446);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/13\");\n\n script_cve_id(\"CVE-2020-11008\");\n script_xref(name:\"RHSA\", value:\"2020:1980\");\n\n script_name(english:\"Oracle Linux 8 : git (ELSA-2020-1980)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2020:1980 :\n\nAn update for git is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGit is a distributed revision control system with a decentralized\narchitecture. As opposed to centralized version control systems with a\nclient-server model, Git ensures that each working copy of a Git\nrepository is an exact copy with complete revision history. This not\nonly allows the user to work on and contribute to projects without the\nneed to have permission to push the changes to their official\nrepositories, but also makes it possible for the user to work with no\nnetwork connection.\n\nThe following packages have been upgraded to a later upstream version:\ngit (2.18.4). (BZ#1826008)\n\nSecurity Fix(es) :\n\n* git: Crafted URL containing new lines, empty host or lacks a scheme\ncan cause credential leak (CVE-2020-11008)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2020-May/009896.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-core-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-instaweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-subtree\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perl-Git-SVN\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 8\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"git-2.18.4-2.el8_2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"git-all-2.18.4-2.el8_2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"git-core-2.18.4-2.el8_2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"git-core-doc-2.18.4-2.el8_2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"git-daemon-2.18.4-2.el8_2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"git-email-2.18.4-2.el8_2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"git-gui-2.18.4-2.el8_2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"git-instaweb-2.18.4-2.el8_2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"git-subtree-2.18.4-2.el8_2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"git-svn-2.18.4-2.el8_2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"gitk-2.18.4-2.el8_2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"gitweb-2.18.4-2.el8_2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"perl-Git-2.18.4-2.el8_2\")) flag++;\nif (rpm_check(release:\"EL8\", cpu:\"x86_64\", reference:\"perl-Git-SVN-2.18.4-2.el8_2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git / git-all / git-core / git-core-doc / git-daemon / git-email / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-18T09:00:07", "bulletinFamily": "scanner", "description": "An update of the git package has been released.", "modified": "2020-05-13T00:00:00", "id": "PHOTONOS_PHSA-2020-1_0-0293_GIT.NASL", "href": "https://www.tenable.com/plugins/nessus/136548", "published": "2020-05-13T00:00:00", "title": "Photon OS 1.0: Git PHSA-2020-1.0-0293", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-1.0-0293. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136548);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/15\");\n\n script_cve_id(\"CVE-2020-11008\");\n\n script_name(english:\"Photon OS 1.0: Git PHSA-2020-1.0-0293\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the git package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-293.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11008\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"git-2.23.3-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", cpu:\"x86_64\", reference:\"git-lang-2.23.3-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-21T16:52:27", "bulletinFamily": "scanner", "description": "An update of the git package has been released.", "modified": "2020-05-18T00:00:00", "id": "PHOTONOS_PHSA-2020-2_0-0243_GIT.NASL", "href": "https://www.tenable.com/plugins/nessus/136697", "published": "2020-05-18T00:00:00", "title": "Photon OS 2.0: Git PHSA-2020-2.0-0243", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-2.0-0243. The text\n# itself is copyright (C) VMware, Inc.\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136697);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/19\");\n\n script_cve_id(\"CVE-2020-11008\");\n\n script_name(english:\"Photon OS 2.0: Git PHSA-2020-2.0-0243\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the git package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-243.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11008\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"git-2.23.3-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"git-lang-2.23.3-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-06T01:12:07", "bulletinFamily": "scanner", "description": "Carlo Arenas discovered a flaw in git, a fast, scalable, distributed\nrevision control system. With a crafted URL that contains a newline or\nempty host, or lacks a scheme, the credential helper machinery can be\nfooled into providing credential information that is not appropriate\nfor the protocol in use and host being contacted.\n\nFor Debian 8 ", "modified": "2020-04-24T00:00:00", "id": "DEBIAN_DLA-2182.NASL", "href": "https://www.tenable.com/plugins/nessus/135939", "published": "2020-04-24T00:00:00", "title": "Debian DLA-2182-1 : git security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2182-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135939);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/04\");\n\n script_cve_id(\"CVE-2020-11008\");\n\n script_name(english:\"Debian DLA-2182-1 : git security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Carlo Arenas discovered a flaw in git, a fast, scalable, distributed\nrevision control system. With a crafted URL that contains a newline or\nempty host, or lacks a scheme, the credential helper machinery can be\nfooled into providing credential information that is not appropriate\nfor the protocol in use and host being contacted.\n\nFor Debian 8 'Jessie', this problem has been fixed in version\n1:2.1.4-2.1+deb8u10.\n\nWe recommend that you upgrade your git packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/04/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/git\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11008\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-arch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-cvs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-daemon-run\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-daemon-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-mediawiki\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"git\", reference:\"1:2.1.4-2.1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-all\", reference:\"1:2.1.4-2.1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-arch\", reference:\"1:2.1.4-2.1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-core\", reference:\"1:2.1.4-2.1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-cvs\", reference:\"1:2.1.4-2.1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-daemon-run\", reference:\"1:2.1.4-2.1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-daemon-sysvinit\", reference:\"1:2.1.4-2.1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-doc\", reference:\"1:2.1.4-2.1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-el\", reference:\"1:2.1.4-2.1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-email\", reference:\"1:2.1.4-2.1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-gui\", reference:\"1:2.1.4-2.1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-man\", reference:\"1:2.1.4-2.1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-mediawiki\", reference:\"1:2.1.4-2.1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"git-svn\", reference:\"1:2.1.4-2.1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"gitk\", reference:\"1:2.1.4-2.1+deb8u10\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"gitweb\", reference:\"1:2.1.4-2.1+deb8u10\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-03T04:57:56", "bulletinFamily": "scanner", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:1978 advisory.\n\n - git: Crafted URL containing new lines, empty host or\n lacks a scheme can cause credential leak\n (CVE-2020-11008)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application", "modified": "2020-04-30T00:00:00", "id": "REDHAT-RHSA-2020-1978.NASL", "href": "https://www.tenable.com/plugins/nessus/136184", "published": "2020-04-30T00:00:00", "title": "RHEL 8 : git (RHSA-2020:1978)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1978. The text\n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136184);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/30\");\n\n script_cve_id(\"CVE-2020-11008\");\n script_xref(name:\"RHSA\", value:\"2020:1978\");\n\n script_name(english:\"RHEL 8 : git (RHSA-2020:1978)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:1978 advisory.\n\n - git: Crafted URL containing new lines, empty host or\n lacks a scheme can cause credential leak\n (CVE-2020-11008)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1826001\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_e4s:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_e4s:8.0::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-core-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-instaweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-subtree\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Git-SVN\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\npkgs = [\n {'reference':'git-2.18.4-1.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-2.18.4-1.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-2.18.4-1.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-all-2.18.4-1.el8_0', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-2.18.4-1.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-2.18.4-1.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-2.18.4-1.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-doc-2.18.4-1.el8_0', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-daemon-2.18.4-1.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-daemon-2.18.4-1.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-daemon-2.18.4-1.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-debugsource-2.18.4-1.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-debugsource-2.18.4-1.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-debugsource-2.18.4-1.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-email-2.18.4-1.el8_0', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-gui-2.18.4-1.el8_0', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-instaweb-2.18.4-1.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-instaweb-2.18.4-1.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-instaweb-2.18.4-1.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-subtree-2.18.4-1.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-subtree-2.18.4-1.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-subtree-2.18.4-1.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-svn-2.18.4-1.el8_0', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-svn-2.18.4-1.el8_0', 'cpu':'s390x', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-svn-2.18.4-1.el8_0', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitk-2.18.4-1.el8_0', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitweb-2.18.4-1.el8_0', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-2.18.4-1.el8_0', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-SVN-2.18.4-1.el8_0', 'release':'8', 'el_string':'el8_0', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (reference && release) {\n if (rpm_spec_vers_cmp) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++;\n }\n else\n {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'git / git-all / git-core / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-06T00:59:20", "bulletinFamily": "scanner", "description": "New git packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix a security issue.", "modified": "2020-04-22T00:00:00", "id": "SLACKWARE_SSA_2020-112-01.NASL", "href": "https://www.tenable.com/plugins/nessus/135892", "published": "2020-04-22T00:00:00", "title": "Slackware 14.0 / 14.1 / 14.2 / current : git (SSA:2020-112-01)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2020-112-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135892);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/04\");\n\n script_cve_id(\"CVE-2020-11008\");\n script_xref(name:\"SSA\", value:\"2020-112-01\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / 14.2 / current : git (SSA:2020-112-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New git packages are available for Slackware 14.0, 14.1, 14.2, and\n-current to fix a security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2020&m=slackware-security.449248\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a70ac386\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11008\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"git\", pkgver:\"2.17.5\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"git\", pkgver:\"2.17.5\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"git\", pkgver:\"2.17.5\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"git\", pkgver:\"2.17.5\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"git\", pkgver:\"2.17.5\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"git\", pkgver:\"2.17.5\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"git\", pkgver:\"2.26.2\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"git\", pkgver:\"2.26.2\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-06T04:44:42", "bulletinFamily": "scanner", "description": "Carlo Arenas discovered that Git incorrectly handled certain URLs\ncontaining newlines, empty hosts, or lacking a scheme. A remote\nattacker could possibly use this issue to trick Git into returning\ncredential information for a wrong host.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-04-22T00:00:00", "id": "UBUNTU_USN-4334-1.NASL", "href": "https://www.tenable.com/plugins/nessus/135895", "published": "2020-04-22T00:00:00", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : git vulnerability (USN-4334-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4334-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(135895);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/04\");\n\n script_cve_id(\"CVE-2020-11008\");\n script_xref(name:\"USN\", value:\"4334-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 19.10 : git vulnerability (USN-4334-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Carlo Arenas discovered that Git incorrectly handled certain URLs\ncontaining newlines, empty hosts, or lacking a scheme. A remote\nattacker could possibly use this issue to trick Git into returning\ncredential information for a wrong host.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4334-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected git package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11008\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|19\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04 / 19.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"git\", pkgver:\"1:2.7.4-0ubuntu1.9\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"git\", pkgver:\"1:2.17.1-1ubuntu0.7\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"git\", pkgver:\"1:2.20.1-2ubuntu1.19.10.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"git\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-06T00:55:13", "bulletinFamily": "scanner", "description": "According to the version of the libxml2 packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - xmlStringLenDecodeEntities in parser.c in libxml2\n 2.9.10 has an infinite loop in a certain end-of-file\n situation.(CVE-2020-7595)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-03-23T00:00:00", "id": "EULEROS_SA-2020-1310.NASL", "href": "https://www.tenable.com/plugins/nessus/134801", "published": "2020-03-23T00:00:00", "title": "EulerOS 2.0 SP5 : libxml2 (EulerOS-SA-2020-1310)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134801);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/04\");\n\n script_cve_id(\n \"CVE-2020-7595\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : libxml2 (EulerOS-SA-2020-1310)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the libxml2 packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - xmlStringLenDecodeEntities in parser.c in libxml2\n 2.9.10 has an infinite loop in a certain end-of-file\n situation.(CVE-2020-7595)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1310\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?831a1f0b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libxml2 package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libxml2-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"libxml2-2.9.1-6.3.h23.eulerosv2r7\",\n \"libxml2-devel-2.9.1-6.3.h23.eulerosv2r7\",\n \"libxml2-python-2.9.1-6.3.h23.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libxml2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-05-03T04:57:56", "bulletinFamily": "scanner", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:1979 advisory.\n\n - git: Crafted URL containing new lines, empty host or\n lacks a scheme can cause credential leak\n (CVE-2020-11008)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application", "modified": "2020-04-30T00:00:00", "id": "REDHAT-RHSA-2020-1979.NASL", "href": "https://www.tenable.com/plugins/nessus/136185", "published": "2020-04-30T00:00:00", "title": "RHEL 8 : git (RHSA-2020:1979)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:1979. The text\n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136185);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/04/30\");\n\n script_cve_id(\"CVE-2020-11008\");\n script_xref(name:\"RHSA\", value:\"2020:1979\");\n\n script_name(english:\"RHEL 8 : git (RHSA-2020:1979)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:1979 advisory.\n\n - git: Crafted URL containing new lines, empty host or\n lacks a scheme can cause credential leak\n (CVE-2020-11008)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:1979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1826001\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n script_cwe_id(20);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_eus:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_eus:8.1::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-core-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-email\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-gui\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-instaweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-subtree\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:git-svn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gitk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gitweb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Git\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perl-Git-SVN\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\npkgs = [\n {'reference':'git-2.18.4-1.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-2.18.4-1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-2.18.4-1.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-all-2.18.4-1.el8_1', 'sp':'1', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-2.18.4-1.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-2.18.4-1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-2.18.4-1.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-core-doc-2.18.4-1.el8_1', 'sp':'1', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-daemon-2.18.4-1.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-daemon-2.18.4-1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-daemon-2.18.4-1.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-debugsource-2.18.4-1.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-debugsource-2.18.4-1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-debugsource-2.18.4-1.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-email-2.18.4-1.el8_1', 'sp':'1', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-gui-2.18.4-1.el8_1', 'sp':'1', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-instaweb-2.18.4-1.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-instaweb-2.18.4-1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-instaweb-2.18.4-1.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-subtree-2.18.4-1.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-subtree-2.18.4-1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-subtree-2.18.4-1.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-svn-2.18.4-1.el8_1', 'sp':'1', 'cpu':'aarch64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-svn-2.18.4-1.el8_1', 'sp':'1', 'cpu':'s390x', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'git-svn-2.18.4-1.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitk-2.18.4-1.el8_1', 'sp':'1', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gitweb-2.18.4-1.el8_1', 'sp':'1', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-2.18.4-1.el8_1', 'sp':'1', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perl-Git-SVN-2.18.4-1.el8_1', 'sp':'1', 'release':'8', 'el_string':'el8_1', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (reference && release) {\n if (rpm_spec_vers_cmp) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++;\n }\n else\n {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'git / git-all / git-core / etc');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2020-05-09T11:18:49", "bulletinFamily": "NVD", "description": "Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their authorized applications in a JSON format (usually GET /oauth/authorized_applications.json). An application is vulnerable if the authorized applications controller is enabled.", "modified": "2020-05-08T15:28:00", "id": "CVE-2020-10187", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10187", "published": "2020-05-04T14:15:00", "title": "CVE-2020-10187", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-12T10:49:31", "bulletinFamily": "NVD", "description": "GitLab EE 12.8 and later allows Exposure of Sensitive Information to an Unauthorized Actor via NuGet.", "modified": "2020-05-11T15:05:00", "id": "CVE-2020-12448", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12448", "published": "2020-05-07T17:15:00", "title": "CVE-2020-12448", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-23T11:31:14", "bulletinFamily": "NVD", "description": "Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. This bug is similar to CVE-2020-5260(GHSA-qm7j-c969-7j4q). The fix for that bug still left the door open for an exploit where _some_ credential is leaked (but the attacker cannot control which one). Git uses external \"credential helper\" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system. Specially-crafted URLs that are considered illegal as of the recently published Git versions can cause Git to send a \"blank\" pattern to helpers, missing hostname and protocol fields. Many helpers will interpret this as matching _any_ URL, and will return some unspecified stored password, leaking the password to an attacker's server. The vulnerability can be triggered by feeding a malicious URL to `git clone`. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git. The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use. Credential helpers which are known to trigger the vulnerability: - Git's \"store\" helper - Git's \"cache\" helper - the \"osxkeychain\" helper that ships in Git's \"contrib\" directory Credential helpers which are known to be safe even with vulnerable versions of Git: - Git Credential Manager for Windows Any helper not in this list should be assumed to trigger the vulnerability.", "modified": "2020-05-22T19:15:00", "id": "CVE-2020-11008", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11008", "published": "2020-04-21T19:15:00", "title": "CVE-2020-11008", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-23T11:31:39", "bulletinFamily": "NVD", "description": "xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.", "modified": "2020-05-23T00:15:00", "id": "CVE-2020-7595", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-7595", "published": "2020-01-21T23:15:00", "title": "CVE-2020-7595", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-05-11T10:48:25", "bulletinFamily": "NVD", "description": "Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the \"signature_algorithms_cert\" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).", "modified": "2020-05-01T17:15:00", "id": "CVE-2020-1967", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1967", "published": "2020-04-21T14:15:00", "title": "CVE-2020-1967", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2020-05-01T18:47:17", "bulletinFamily": "scanner", "description": "OpenSSL server or client applications are prone to a\n denial-of-service vulnerability.", "modified": "2020-04-22T00:00:00", "published": "2020-04-22T00:00:00", "id": "OPENVAS:1361412562310108752", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108752", "title": "OpenSSL: Segmentation fault in SSL_check_chain (CVE-2020-1967) (Windows)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:openssl:openssl\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108752\");\n script_version(\"2020-04-22T06:06:21+0000\");\n script_cve_id(\"CVE-2020-1967\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-22 06:06:21 +0000 (Wed, 22 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-22 06:05:59 +0000 (Wed, 22 Apr 2020)\");\n script_name(\"OpenSSL: Segmentation fault in SSL_check_chain (CVE-2020-1967) (Windows)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_openssl_detect.nasl\", \"gb_openssl_detect_win.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"openssl/detected\", \"Host/runs_windows\");\n\n script_xref(name:\"URL\", value:\"https://www.openssl.org/news/secadv/20200421.txt\");\n script_xref(name:\"URL\", value:\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=eb563247aef3e83dda7679c43f9649270462e5b1\");\n\n script_tag(name:\"summary\", value:\"OpenSSL server or client applications are prone to a\n denial-of-service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Server or client applications that call the SSL_check_chain() function\n during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect\n handling of the 'signature_algorithms_cert' TLS extension. The crash occurs if an invalid or unrecognised\n signature algorithm is received from the peer.\");\n\n script_tag(name:\"impact\", value:\"This could be exploited by a malicious peer in a Denial of\n Service attack.\");\n\n script_tag(name:\"affected\", value:\"OpenSSL versions 1.1.1d, 1.1.1e, and 1.1.1f.\n\n This issue does not impact OpenSSL versions prior to 1.1.1d.\");\n\n script_tag(name:\"solution\", value:\"Update OpenSSL to version 1.1.1g or later. See the references for more details.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif( version_in_range( version:vers, test_version:\"1.1.1d\", test_version2:\"1.1.1f\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"1.1.1g\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-05-01T18:47:17", "bulletinFamily": "scanner", "description": "OpenSSL server or client applications are prone to a\n denial-of-service vulnerability.", "modified": "2020-04-22T00:00:00", "published": "2020-04-22T00:00:00", "id": "OPENVAS:1361412562310108753", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108753", "title": "OpenSSL: Segmentation fault in SSL_check_chain (CVE-2020-1967) (Linux)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:openssl:openssl\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108753\");\n script_version(\"2020-04-22T06:06:21+0000\");\n script_cve_id(\"CVE-2020-1967\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-04-22 06:06:21 +0000 (Wed, 22 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-22 06:05:59 +0000 (Wed, 22 Apr 2020)\");\n script_name(\"OpenSSL: Segmentation fault in SSL_check_chain (CVE-2020-1967) (Linux)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_openssl_detect.nasl\", \"gb_openssl_detect_lin.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"openssl/detected\", \"Host/runs_unixoide\");\n\n script_xref(name:\"URL\", value:\"https://www.openssl.org/news/secadv/20200421.txt\");\n script_xref(name:\"URL\", value:\"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=eb563247aef3e83dda7679c43f9649270462e5b1\");\n\n script_tag(name:\"summary\", value:\"OpenSSL server or client applications are prone to a\n denial-of-service vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Server or client applications that call the SSL_check_chain() function\n during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect\n handling of the 'signature_algorithms_cert' TLS extension. The crash occurs if an invalid or unrecognised\n signature algorithm is received from the peer.\");\n\n script_tag(name:\"impact\", value:\"This could be exploited by a malicious peer in a Denial of\n Service attack.\");\n\n script_tag(name:\"affected\", value:\"OpenSSL versions 1.1.1d, 1.1.1e, and 1.1.1f.\n\n This issue does not impact OpenSSL versions prior to 1.1.1d.\");\n\n script_tag(name:\"solution\", value:\"Update OpenSSL to version 1.1.1g or later. See the references for more details.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( isnull( port = get_app_port( cpe:CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )\n exit( 0 );\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif( version_in_range( version:vers, test_version:\"1.1.1d\", test_version2:\"1.1.1f\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"1.1.1g\", install_path:path );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-05-01T19:13:21", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2020-04-26T00:00:00", "published": "2020-04-22T00:00:00", "id": "OPENVAS:1361412562310844397", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844397", "title": "Ubuntu: Security Advisory for git (USN-4334-1)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844397\");\n script_version(\"2020-04-26T06:11:04+0000\");\n script_cve_id(\"CVE-2020-11008\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-04-26 06:11:04 +0000 (Sun, 26 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-22 03:01:09 +0000 (Wed, 22 Apr 2020)\");\n script_name(\"Ubuntu: Security Advisory for git (USN-4334-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU19\\.10|UBUNTU18\\.04 LTS|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4334-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-April/005396.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'git'\n package(s) announced via the USN-4334-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Carlo Arenas discovered that Git incorrectly handled certain URLs\ncontaining newlines, empty hosts, or lacking a scheme. A remote attacker\ncould possibly use this issue to trick Git into returning credential\ninformation for a wrong host.\");\n\n script_tag(name:\"affected\", value:\"'git' package(s) on Ubuntu 19.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU19.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"git\", ver:\"1:2.20.1-2ubuntu1.19.10.3\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"git\", ver:\"1:2.17.1-1ubuntu0.7\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"git\", ver:\"1:2.7.4-0ubuntu1.9\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-01T19:15:43", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2020-04-21T00:00:00", "published": "2020-04-21T00:00:00", "id": "OPENVAS:1361412562310704659", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704659", "title": "Debian: Security Advisory for git (DSA-4659-1)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704659\");\n script_version(\"2020-04-21T03:00:10+0000\");\n script_cve_id(\"CVE-2020-11008\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-04-21 03:00:10 +0000 (Tue, 21 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-21 03:00:10 +0000 (Tue, 21 Apr 2020)\");\n script_name(\"Debian: Security Advisory for git (DSA-4659-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(10|9)\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2020/dsa-4659.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4659-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'git'\n package(s) announced via the DSA-4659-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Carlo Arenas discovered a flaw in git, a fast, scalable, distributed\nrevision control system. With a crafted URL that contains a newline or\nempty host, or lacks a scheme, the credential helper machinery can be\nfooled into providing credential information that is not appropriate for\nthe protocol in use and host being contacted.\");\n\n script_tag(name:\"affected\", value:\"'git' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the oldstable distribution (stretch), this problem has been fixed\nin version 1:2.11.0-3+deb9u7.\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 1:2.20.1-2+deb10u3.\n\nWe recommend that you upgrade your git packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"git\", ver:\"1:2.20.1-2+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-all\", ver:\"1:2.20.1-2+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-cvs\", ver:\"1:2.20.1-2+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-daemon-run\", ver:\"1:2.20.1-2+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-daemon-sysvinit\", ver:\"1:2.20.1-2+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-doc\", ver:\"1:2.20.1-2+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-el\", ver:\"1:2.20.1-2+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-email\", ver:\"1:2.20.1-2+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-gui\", ver:\"1:2.20.1-2+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-man\", ver:\"1:2.20.1-2+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-mediawiki\", ver:\"1:2.20.1-2+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-svn\", ver:\"1:2.20.1-2+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"gitk\", ver:\"1:2.20.1-2+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"gitweb\", ver:\"1:2.20.1-2+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git\", ver:\"1:2.11.0-3+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-all\", ver:\"1:2.11.0-3+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-arch\", ver:\"1:2.11.0-3+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-core\", ver:\"1:2.11.0-3+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-cvs\", ver:\"1:2.11.0-3+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-daemon-run\", ver:\"1:2.11.0-3+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-daemon-sysvinit\", ver:\"1:2.11.0-3+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-doc\", ver:\"1:2.11.0-3+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-el\", ver:\"1:2.11.0-3+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-email\", ver:\"1:2.11.0-3+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-gui\", ver:\"1:2.11.0-3+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-man\", ver:\"1:2.11.0-3+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-mediawiki\", ver:\"1:2.11.0-3+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-svn\", ver:\"1:2.11.0-3+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"gitk\", ver:\"1:2.11.0-3+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"gitweb\", ver:\"1:2.11.0-3+deb9u7\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-03-24T16:53:25", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-03-24T00:00:00", "published": "2020-03-24T00:00:00", "id": "OPENVAS:1361412562311220201310", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201310", "title": "Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2020-1310)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1310\");\n script_version(\"2020-03-24T07:30:02+0000\");\n script_cve_id(\"CVE-2020-7595\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-24 07:30:02 +0000 (Tue, 24 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-24 07:30:02 +0000 (Tue, 24 Mar 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2020-1310)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1310\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1310\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'libxml2' package(s) announced via the EulerOS-SA-2020-1310 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.(CVE-2020-7595)\");\n\n script_tag(name:\"affected\", value:\"'libxml2' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2\", rpm:\"libxml2~2.9.1~6.3.h23.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-devel\", rpm:\"libxml2-devel~2.9.1~6.3.h23.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libxml2-python\", rpm:\"libxml2-python~2.9.1~6.3.h23.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-05-01T19:14:54", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2020-04-24T00:00:00", "published": "2020-04-24T00:00:00", "id": "OPENVAS:1361412562310892182", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892182", "title": "Debian LTS: Security Advisory for git (DLA-2182-1)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892182\");\n script_version(\"2020-04-24T03:00:07+0000\");\n script_cve_id(\"CVE-2020-11008\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-04-24 03:00:07 +0000 (Fri, 24 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-24 03:00:07 +0000 (Fri, 24 Apr 2020)\");\n script_name(\"Debian LTS: Security Advisory for git (DLA-2182-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2020/04/msg00015.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-2182-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'git'\n package(s) announced via the DLA-2182-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Carlo Arenas discovered a flaw in git, a fast, scalable, distributed\nrevision control system. With a crafted URL that contains a newline or\nempty host, or lacks a scheme, the credential helper machinery can be\nfooled into providing credential information that is not appropriate for\nthe protocol in use and host being contacted.\");\n\n script_tag(name:\"affected\", value:\"'git' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', this problem has been fixed in version\n1:2.1.4-2.1+deb8u10.\n\nWe recommend that you upgrade your git packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"git\", ver:\"1:2.1.4-2.1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-all\", ver:\"1:2.1.4-2.1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-arch\", ver:\"1:2.1.4-2.1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-core\", ver:\"1:2.1.4-2.1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-cvs\", ver:\"1:2.1.4-2.1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-daemon-run\", ver:\"1:2.1.4-2.1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-daemon-sysvinit\", ver:\"1:2.1.4-2.1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-doc\", ver:\"1:2.1.4-2.1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-el\", ver:\"1:2.1.4-2.1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-email\", ver:\"1:2.1.4-2.1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-gui\", ver:\"1:2.1.4-2.1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-man\", ver:\"1:2.1.4-2.1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-mediawiki\", ver:\"1:2.1.4-2.1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"git-svn\", ver:\"1:2.1.4-2.1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"gitk\", ver:\"1:2.1.4-2.1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"gitweb\", ver:\"1:2.1.4-2.1+deb8u10\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-08T09:09:38", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2020-05-05T00:00:00", "published": "2020-04-22T00:00:00", "id": "OPENVAS:1361412562310704661", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704661", "title": "Debian: Security Advisory for openssl (DSA-4661-1)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704661\");\n script_version(\"2020-05-05T07:00:07+0000\");\n script_cve_id(\"CVE-2020-1967\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-05 07:00:07 +0000 (Tue, 05 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-22 03:00:04 +0000 (Wed, 22 Apr 2020)\");\n script_name(\"Debian: Security Advisory for openssl (DSA-4661-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB10\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2020/dsa-4661.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DSA-4661-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openssl'\n package(s) announced via the DSA-4661-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Bernd Edlinger discovered that malformed data passed to the\nSSL_check_chain() function during or after a TLS 1.3 handshake could\ncause a NULL dereference, resulting in denial of service.\n\nThe oldstable distribution (stretch) is not affected.\");\n\n script_tag(name:\"affected\", value:\"'openssl' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For the stable distribution (buster), this problem has been fixed in\nversion 1.1.1d-0+deb10u3.\n\nWe recommend that you upgrade your openssl packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libssl-dev\", ver:\"1.1.1d-0+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libssl-doc\", ver:\"1.1.1d-0+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libssl1.1\", ver:\"1.1.1d-0+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"openssl\", ver:\"1.1.1d-0+deb10u3\", rls:\"DEB10\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-05-28T13:45:11", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-05-26T00:00:00", "published": "2020-05-26T00:00:00", "id": "OPENVAS:1361412562311220201586", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201586", "title": "Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2020-1586)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1586\");\n script_version(\"2020-05-26T05:45:56+0000\");\n script_cve_id(\"CVE-2020-1967\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-26 05:45:56 +0000 (Tue, 26 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-26 05:45:56 +0000 (Tue, 26 May 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2020-1586)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1586\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1586\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'openssl' package(s) announced via the EulerOS-SA-2020-1586 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the 'signature_algorithms_cert' TLS extension. The crash occurs if an invalid or unrecognised signature algorithm is received from the peer. This could be exploited by a malicious peer in a Denial of Service attack. OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This issue did not affect OpenSSL versions prior to 1.1.1d. Fixed in OpenSSL 1.1.1g (Affected 1.1.1d-1.1.1f).(CVE-2020-1967)\");\n\n script_tag(name:\"affected\", value:\"'openssl' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl\", rpm:\"openssl~1.1.1~3.h10.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-devel\", rpm:\"openssl-devel~1.1.1~3.h10.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-libs\", rpm:\"openssl-libs~1.1.1~3.h10.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openssl-perl\", rpm:\"openssl-perl~1.1.1~3.h10.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-05-08T16:52:28", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2020-05-07T00:00:00", "published": "2020-05-02T00:00:00", "id": "OPENVAS:1361412562310877768", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877768", "title": "Fedora: Security Advisory for git (FEDORA-2020-4e093619bb)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877768\");\n script_version(\"2020-05-07T07:41:43+0000\");\n script_cve_id(\"CVE-2020-5260\", \"CVE-2020-11008\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-05-07 07:41:43 +0000 (Thu, 07 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-02 03:20:46 +0000 (Sat, 02 May 2020)\");\n script_name(\"Fedora: Security Advisory for git (FEDORA-2020-4e093619bb)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2020-4e093619bb\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/74Q7WVJ6FKLIN62VS2JD2XCNWK5TNKOW\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'git'\n package(s) announced via the FEDORA-2020-4e093619bb advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Git is a fast, scalable, distributed revision control system with an\nunusually rich command set that provides both high-level operations\nand full access to internals.\n\nThe git rpm installs common set of tools which are usually using with\nsmall amount of dependencies. To install all git packages, including\ntools for integrating with other SCMs, install the git-all meta-package.\");\n\n script_tag(name:\"affected\", value:\"'git' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"git\", rpm:\"git~2.21.3~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-06T00:58:40", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2020-04-30T00:00:00", "published": "2020-04-30T00:00:00", "id": "OPENVAS:1361412562310877716", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877716", "title": "Fedora: Security Advisory for git (FEDORA-2020-b2a2c830cf)", "type": "openvas", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877716\");\n script_version(\"2020-04-30T08:51:29+0000\");\n script_cve_id(\"CVE-2020-5260\", \"CVE-2020-11008\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-04-30 08:51:29 +0000 (Thu, 30 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-30 03:14:26 +0000 (Thu, 30 Apr 2020)\");\n script_name(\"Fedora: Security Advisory for git (FEDORA-2020-b2a2c830cf)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC32\");\n\n script_xref(name:\"FEDORA\", value:\"2020-b2a2c830cf\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MOCTR2SEHCPSCOVUQJAGFPGKFMI2VE6V\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'git'\n package(s) announced via the FEDORA-2020-b2a2c830cf advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Git is a fast, scalable, distributed revision control system with an\nunusually rich command set that provides both high-level operations\nand full access to internals.\n\nThe git rpm installs common set of tools which are usually using with\nsmall amount of dependencies. To install all git packages, including\ntools for integrating with other SCMs, install the git-all meta-package.\");\n\n script_tag(name:\"affected\", value:\"'git' package(s) on Fedora 32.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC32\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"git\", rpm:\"git~2.26.2~1.fc32\", rls:\"FC32\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "github": [{"lastseen": "2020-05-09T12:06:33", "bulletinFamily": "software", "description": "### Impact\nInformation disclosure vulnerability. Allows an attacker to see all `Doorkeeper::Application` model attribute values (including secrets) using authorized applications controller if it's enabled (GET /oauth/authorized_applications.json).\n\n### Patches\n\nThese versions have the fix:\n\n* 5.0.3\n* 5.1.1\n* 5.2.5\n* 5.3.2\n\n### Workarounds\nPatch `Doorkeeper::Application` model `#as_json(options = {})` method and define only those attributes you want to expose.\n\nAdditional recommended hardening is to enable application secrets hashing ([guide](https://doorkeeper.gitbook.io/guides/security/token-and-application-secrets)), available since Doorkeeper 5.1. This would render the exposed secret useless.\n\n### References\n\n- Commit with fix: https://github.com/doorkeeper-gem/doorkeeper/commit/25d038022c2fcad45af5b73f9d003cf38ff491f6\n- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10187", "modified": "2020-05-07T21:11:07", "published": "2020-05-07T21:11:07", "id": "GHSA-J7VX-8MQJ-CQP9", "href": "https://github.com/advisories/GHSA-j7vx-8mqj-cqp9", "title": "Exposure of Sensitive Information to an Unauthorized Actor in Doorkeeper", "type": "github", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-04-06T23:39:16", "bulletinFamily": "software", "description": "xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.\nThe Nokogiri RubyGem has patched it's vendored copy of libxml2 in order to prevent this issue from affecting nokogiri.", "modified": "2020-02-28T22:22:37", "published": "2020-02-24T19:12:36", "id": "GHSA-7553-JR98-VX47", "href": "https://github.com/advisories/GHSA-7553-jr98-vx47", "title": "libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation", "type": "github", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "apple": [{"lastseen": "2020-05-21T03:12:06", "bulletinFamily": "software", "description": "## About Apple security updates\n\nFor our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the [Apple security updates](<https://support.apple.com/kb/HT201222>) page.\n\nApple security documents reference vulnerabilities by [CVE-ID](<http://cve.mitre.org/about/>) when possible.\n\nFor more information about security, see the [Apple Product Security](<https://support.apple.com/kb/HT201220>) page.\n\n\n\n## Xcode 11.5\n\nReleased May 20, 2020\n\n**Git**\n\nAvailable for: macOS Catalina 10.15.2 and later\n\nImpact: A crafted git URL that contains a newline in it may cause credential information to be provided for the wrong host\n\nDescription: This issue was addressed by forbidding a newline character in any value passed via the credential protocol.\n\nCVE-2020-11008: Carlo Arenas\n", "modified": "2020-05-20T05:26:39", "published": "2020-05-20T05:26:39", "id": "APPLE:HT211183", "href": "https://support.apple.com/kb/HT211183", "title": "About the security content of Xcode 11.5 - Apple Support", "type": "apple", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "debian": [{"lastseen": "2020-05-02T03:08:00", "bulletinFamily": "unix", "description": "Package : git\nVersion : 1:2.1.4-2.1+deb8u10\nCVE ID : CVE-2020-11008\n\n\nCarlo Arenas discovered a flaw in git, a fast, scalable, distributed\nrevision control system. With a crafted URL that contains a newline or\nempty host, or lacks a scheme, the credential helper machinery can be\nfooled into providing credential information that is not appropriate for\nthe protocol in use and host being contacted.\n\nFor Debian 8 "Jessie", this problem has been fixed in version\n1:2.1.4-2.1+deb8u10.\n\nWe recommend that you upgrade your git packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "modified": "2020-04-24T00:39:18", "published": "2020-04-24T00:39:18", "id": "DEBIAN:DLA-2182-1:FA6ED", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202004/msg00015.html", "title": "[SECURITY] [DLA 2182-1] git security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-02T03:13:53", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4659-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nApril 20, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : git\nCVE ID : CVE-2020-11008\n\nCarlo Arenas discovered a flaw in git, a fast, scalable, distributed\nrevision control system. With a crafted URL that contains a newline or\nempty host, or lacks a scheme, the credential helper machinery can be\nfooled into providing credential information that is not appropriate for\nthe protocol in use and host being contacted.\n\nFor the oldstable distribution (stretch), this problem has been fixed\nin version 1:2.11.0-3+deb9u7.\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 1:2.20.1-2+deb10u3.\n\nWe recommend that you upgrade your git packages.\n\nFor the detailed security status of git please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/git\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2020-04-20T18:50:48", "published": "2020-04-20T18:50:48", "id": "DEBIAN:DSA-4659-1:D7192", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2020/msg00062.html", "title": "[SECURITY] [DSA 4659-1] git security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-10T00:58:05", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4661-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nApril 21, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : openssl\nCVE ID : CVE-2020-1967\n\nBernd Edlinger discovered that malformed data passed to the\nSSL_check_chain() function during or after a TLS 1.3 handshake could\ncause a NULL dereference, resulting in denial of service.\n\nThe oldstable distribution (stretch) is not affected.\n\nFor the stable distribution (buster), this problem has been fixed in\nversion 1.1.1d-0+deb10u3.\n\nWe recommend that you upgrade your openssl packages.\n\nFor the detailed security status of openssl please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/openssl\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2020-04-21T13:58:28", "published": "2020-04-21T13:58:28", "id": "DEBIAN:DSA-4661-1:70270", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2020/msg00064.html", "title": "[SECURITY] [DSA 4661-1] openssl security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2020-05-01T15:46:48", "bulletinFamily": "unix", "description": "Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nThe following packages have been upgraded to a later upstream version: git (2.18.4). (BZ#1826008)\n\nSecurity Fix(es):\n\n* git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak (CVE-2020-11008)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-04-30T14:14:41", "published": "2020-04-30T13:14:07", "id": "RHSA-2020:1980", "href": "https://access.redhat.com/errata/RHSA-2020:1980", "type": "redhat", "title": "(RHSA-2020:1980) Important: git security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-01T15:48:47", "bulletinFamily": "unix", "description": "Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nThe following packages have been upgraded to a later upstream version: rh-git218-git (2.18.4). (BZ#1826010)\n\nSecurity Fix(es):\n\n* git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak (CVE-2020-11008)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-04-29T23:33:12", "published": "2020-04-29T23:15:43", "id": "RHSA-2020:1975", "href": "https://access.redhat.com/errata/RHSA-2020:1975", "type": "redhat", "title": "(RHSA-2020:1975) Important: rh-git218-git security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-01T15:47:31", "bulletinFamily": "unix", "description": "Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nThe following packages have been upgraded to a later upstream version: git (2.18.4). (BZ#1826006)\n\nSecurity Fix(es):\n\n* git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak (CVE-2020-11008)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-04-30T14:14:36", "published": "2020-04-30T13:12:15", "id": "RHSA-2020:1978", "href": "https://access.redhat.com/errata/RHSA-2020:1978", "type": "redhat", "title": "(RHSA-2020:1978) Important: git security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-01T15:46:37", "bulletinFamily": "unix", "description": "Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nThe following packages have been upgraded to a later upstream version: git (2.18.4). (BZ#1826007)\n\nSecurity Fix(es):\n\n* git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak (CVE-2020-11008)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-04-30T13:33:15", "published": "2020-04-30T13:14:06", "id": "RHSA-2020:1979", "href": "https://access.redhat.com/errata/RHSA-2020:1979", "type": "redhat", "title": "(RHSA-2020:1979) Important: git security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-28T19:52:04", "bulletinFamily": "unix", "description": "Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection.\n\nSecurity Fix(es):\n\n* git: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak (CVE-2020-11008)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-05-28T22:49:25", "published": "2020-05-28T22:12:43", "id": "RHSA-2020:2337", "href": "https://access.redhat.com/errata/RHSA-2020:2337", "type": "redhat", "title": "(RHSA-2020:2337) Important: git security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "oraclelinux": [{"lastseen": "2020-05-08T08:47:19", "bulletinFamily": "unix", "description": "[2.18.4-2]\n- Update to release 2.18.4\n- Resolves: CVE-2020-11008", "modified": "2020-05-07T00:00:00", "published": "2020-05-07T00:00:00", "id": "ELSA-2020-1980", "href": "http://linux.oracle.com/errata/ELSA-2020-1980.html", "title": "git security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-29T11:26:35", "bulletinFamily": "unix", "description": "[1.8.3.1-23]\n- Prevent crafted URL containing new lines, empty host or lacks a scheme\n to cause credential leak.\n Resolves: CVE-2020-11008", "modified": "2020-05-29T00:00:00", "published": "2020-05-29T00:00:00", "id": "ELSA-2020-2337", "href": "http://linux.oracle.com/errata/ELSA-2020-2337.html", "title": "git security update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "ubuntu": [{"lastseen": "2020-05-06T01:02:19", "bulletinFamily": "unix", "description": "Carlo Arenas discovered that Git incorrectly handled certain URLs containing newlines, empty hosts, or lacking a scheme. A remote attacker could possibly use this issue to trick Git into returning credential information for a wrong host.", "modified": "2020-04-21T00:00:00", "published": "2020-04-21T00:00:00", "id": "USN-4334-1", "href": "https://usn.ubuntu.com/4334-1/", "title": "Git vulnerability", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-02-10T18:41:18", "bulletinFamily": "unix", "description": "It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-19956, CVE-2020-7595)", "modified": "2020-02-10T00:00:00", "published": "2020-02-10T00:00:00", "id": "USN-4274-1", "href": "https://usn.ubuntu.com/4274-1/", "title": "libxml2 vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "freebsd": [{"lastseen": "2020-05-01T20:46:13", "bulletinFamily": "unix", "description": "\nProblem Description:\nServer or client applications that call the SSL_check_chain()\n\tfunction during or after a TLS 1.3 handshake may crash due to a NULL\n\tpointer dereference as a result of incorrect handling of the\n\t\"signature_algorithms_cert\" TLS extension. The crash occurs if an\n\tinvalid or unrecognized signature algorithm is received from the\n\tpeer.\nImpact:\nA malicious peer could exploit the NULL pointer dereference crash,\n\tcausing a denial of service attack.\n", "modified": "2020-04-22T00:00:00", "published": "2020-04-21T00:00:00", "id": "012809CE-83F3-11EA-92AB-00163E433440", "href": "https://vuxml.freebsd.org/freebsd/012809ce-83f3-11ea-92ab-00163e433440.html", "title": "OpenSSL remote denial of service vulnerability", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "mscve": [{"lastseen": "2020-05-03T08:50:08", "bulletinFamily": "microsoft", "description": "Microsoft is aware of a publicly disclosed remote denial of service\nvulnerability for OpenSSL version 1.1.1d and newer. Previous versions prior to\n1.1.1d are unaffected.\n\nThe vulnerability is fixed in version 1.1.1g. For more information, please see\nthe [OpenSSL security\nadvisory](https://www.openssl.org/news/secadv/20200421.txt).\n\nMicrosoft has confirmed Windows is not affected by this vulnerability. We are\ncurrently investigating the wider impact and are applying mitigations to\nservices as needed.\n\n## Recommended Actions\n\nIf you are running a Linux VM or have installed any products that use OpenSSL\non Azure, please review the version on your system. We recommend that you\ncheck the security blog for the distro you are using.\n\nPlease refer to the [OpenSSL security\nadvisory](https://www.openssl.org/news/secadv/20200421.txt) for guidance.\n\nSystems running a version of OpenSSL prior to 1.1.1.d are not vulnerable.\n\n", "modified": "2020-04-22T07:00:00", "id": "MS:ADV200007", "href": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200007", "published": "2020-04-22T07:00:00", "title": "OpenSSL Remote Denial of Service Vulnerability", "type": "mscve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cloudfoundry": [{"lastseen": "2020-02-21T02:35:16", "bulletinFamily": "software", "description": "# \n\n## Severity\n\nMedium\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 14.04\n * Canonical Ubuntu 16.04\n * Canonical Ubuntu 18.04\n\n## Description\n\nIt was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service. (CVE-2019-19956, CVE-2020-7595)\n\nCVEs contained in this USN include: CVE-2019-19956, CVE-2020-7595.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * cflinuxfs3 \n * All versions prior to 0.163.0\n * Xenial Stemcells \n * 621.x versions prior to 621.57\n * 456.x versions prior to 456.98\n * 315.x versions prior to 315.169\n * 250.x versions prior to 250.183\n * 170.x versions prior to 170.203\n * 97.x versions prior to 97.232\n * All other stemcells not listed.\n * CF Deployment \n * * All versions prior to v12.33.0\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * cflinuxfs3\n * * * Upgrade All versions to 0.163.0 or greater\n * Xenial Stemcells \n * Upgrade 621.x versions to 621.57 or greater\n * Upgrade 456.x versions to 456.98 or greater\n * Upgrade 315.x versions to 315.169 or greater\n * Upgrade 250.x versions to 250.183 or greater\n * Upgrade 170.x versions to 170.203 or greater\n * Upgrade 97.x versions to 97.232 or greater\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n * CF Deployment \n * Upgrade All versions to v12.33.0 or greater\n\n## References\n\n * [USN Notice](<https://usn.ubuntu.com/4274-1/>)\n * [CVE-2019-19956](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-19956>)\n * [CVE-2020-7595](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-7595>)\n\n## History\n\n2020-02-10: Initial vulnerability report published.\n", "modified": "2020-02-20T00:00:00", "published": "2020-02-20T00:00:00", "id": "CFOUNDRY:853E5589D5EE11B72526D65C16FA38B8", "href": "https://www.cloudfoundry.org/blog/usn-4274-1/", "title": "USN-4274-1: libxml2 vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2020-04-23T18:52:40", "bulletinFamily": "unix", "description": "### Background\n\nGit is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Git. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker, by providing a specially crafted URL, could possibly trick Git into returning credential information for a wrong host. \n\n### Workaround\n\nDisabling credential helpers will prevent this vulnerability.\n\n### Resolution\n\nAll Git 2.23.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-vcs/git-2.23.3\"\n \n\nAll Git 2.24.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-vcs/git-2.24.3\"\n \n\nAll Git 2.25.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-vcs/git-2.25.4\"\n \n\nAll Git 2.26.x users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-vcs/git-2.26.2\"", "modified": "2020-04-23T00:00:00", "published": "2020-04-23T00:00:00", "id": "GLSA-202004-13", "href": "https://security.gentoo.org/glsa/202004-13", "title": "Git: Information disclosure", "type": "gentoo", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-04-23T18:52:40", "bulletinFamily": "unix", "description": "### Background\n\nOpenSSL is an Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1/v1.1/v1.2/v1.3) as well as a general purpose cryptography library. \n\n### Description\n\nMultiple vulnerabilities have been discovered in OpenSSL. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could perform a malicious crafted TLS 1.3 handshake against an application using OpenSSL, possibly resulting in a Denial of Service condition. \n\nIn addition, it\u2019s feasible that an attacker might attack DH512.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OpenSSL users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/openssl-1.1.1g\"", "modified": "2020-04-23T00:00:00", "published": "2020-04-23T00:00:00", "id": "GLSA-202004-10", "href": "https://security.gentoo.org/glsa/202004-10", "title": "OpenSSL: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "suse": [{"lastseen": "2020-05-23T03:10:35", "bulletinFamily": "unix", "description": "This update for libxml2 fixes the following issues:\n\n - CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521).\n - CVE-2019-19956: Fixed a memory leak (bsc#1159928).\n - CVE-2020-7595: Fixed an infinite loop in an EOF situation (bsc#1161517).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "modified": "2020-05-23T00:26:23", "published": "2020-05-23T00:26:23", "id": "OPENSUSE-SU-2020:0681-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html", "title": "Security update for libxml2 (moderate)", "type": "suse", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-05-02T02:46:18", "bulletinFamily": "unix", "description": "This update for git fixes the following issues:\n\n Security issues fixed:\n\n * CVE-2020-11008: Specially crafted URLs may have tricked the credentials\n helper to providing credential information that is not appropriate for\n the protocol in use and host being contacted (bsc#1169936)\n\n git was updated to 2.26.1 (bsc#1169786, jsc#ECO-1628, bsc#1149792)\n\n - Fix git-daemon not starting after conversion from sysvinit to systemd\n service (bsc#1169605).\n\n * CVE-2020-5260: Specially crafted URLs with newline characters could have\n been used to make the Git client to send credential information for a\n wrong host to the attacker's site bsc#1168930\n\n git 2.26.0 (bsc#1167890, jsc#SLE-11608):\n\n * "git rebase" now uses a different backend that is based on the 'merge'\n machinery by default. The 'rebase.backend' configuration variable\n reverts to old behaviour when set to 'apply'\n * Improved handling of sparse checkouts\n * Improvements to many commands and internal features\n\n git 2.25.2:\n\n * bug fixes to various subcommands in specific operations\n\n git 2.25.1:\n\n * "git commit" now honors advise.statusHints\n * various updates, bug fixes and documentation updates\n\n git 2.25.0\n\n * The branch description ("git branch --edit-description") has been used\n to fill the body of the cover letters by the format-patch command; this\n has been enhanced so that the subject can also be filled.\n * A few commands learned to take the pathspec from the standard input\n or a named file, instead of taking it as the command line arguments,\n with the "--pathspec-from-file" option.\n * Test updates to prepare for SHA-2 transition continues.\n * Redo "git name-rev" to avoid recursive calls.\n * When all files from some subdirectory were renamed to the root\n directory, the directory rename heuristics would fail to detect that as\n a rename/merge of the subdirectory to the root directory, which has been\n corrected.\n * HTTP transport had possible allocator/deallocator mismatch, which has\n been corrected.\n\n git 2.24.1:\n\n * CVE-2019-1348: The --export-marks option of fast-import is exposed also\n via the in-stream command feature export-marks=... and it allows\n overwriting arbitrary paths (bsc#1158785)\n * CVE-2019-1349: on Windows, when submodules are cloned recursively, under\n certain circumstances Git could be fooled into using the same Git\n directory twice (bsc#1158787)\n * CVE-2019-1350: Incorrect quoting of command-line arguments allowed\n remote code execution during a recursive clone in conjunction with SSH\n URLs (bsc#1158788)\n * CVE-2019-1351: on Windows mistakes drive letters outside of the\n US-English alphabet as relative paths (bsc#1158789)\n * CVE-2019-1352: on Windows was unaware of NTFS Alternate Data Streams\n (bsc#1158790)\n * CVE-2019-1353: when run in the Windows Subsystem for Linux while\n accessing a working directory on a regular Windows drive, none of the\n NTFS protections were active (bsc#1158791)\n * CVE-2019-1354: on Windows refuses to write tracked files with filenames\n that contain backslashes (bsc#1158792)\n * CVE-2019-1387: Recursive clones vulnerability that is caused by too-lax\n validation of submodule names, allowing very targeted attacks via remote\n code execution in recursive clones (bsc#1158793)\n * CVE-2019-19604: a recursive clone followed by a submodule update could\n execute code contained within the repository without the user explicitly\n having asked for that (bsc#1158795)\n\n git 2.24.0\n\n * The command line parser learned "--end-of-options" notation.\n * A mechanism to affect the default setting for a (related) group of\n configuration variables is introduced.\n * "git fetch" learned "--set-upstream" option to help those who first\n clone from their private fork they intend to push to, add the true\n upstream via "git remote add" and then "git fetch" from it.\n * fixes and improvements to UI, workflow and features, bash completion\n fixes\n\n git 2.23.0:\n\n * The "--base" option of "format-patch" computed the patch-ids for\n prerequisite patches in an unstable way, which has been updated to\n compute in a way that is compatible with "git patch-id\n --stable".\n * The "git log" command by default behaves as if the --mailmap\n option was given.\n * fixes and improvements to UI, workflow and features\n\n git 2.22.1\n\n * A relative pathname given to "git init --template=<path> <repo>"\n ought to be relative to the directory "git init" gets invoked in, but it\n instead was made relative to the repository, which has been corrected.\n * "git worktree add" used to fail when another worktree connected to the\n same repository was corrupt, which has been corrected.\n * "git am -i --resolved" segfaulted after trying to see a commit as if it\n were a tree, which has been corrected.\n * "git merge --squash" is designed to update the working tree and the\n index without creating the commit, and this cannot be countermanded by\n adding the "--commit" option; the command now refuses to work when both\n options are given.\n * Update to Unicode 12.1 width table.\n * "git request-pull" learned to warn when the ref we ask them to pull from\n in the local repository and in the published repository are different.\n * "git fetch" into a lazy clone forgot to fetch base objects that are\n necessary to complete delta in a thin packfile, which has been corrected.\n * The URL decoding code has been updated to avoid going past the end\n of the string while parsing %-<hex>-<hex> sequence.\n * "git clean" silently skipped a path when it cannot lstat() it; now it\n gives a warning.\n * "git rm" to resolve a conflicted path leaked an internal message "needs\n merge" before actually removing the path, which was confusing. This has\n been corrected.\n * Many more bugfixes and code cleanups.\n\n - removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced\n by firewalld.\n\n - partial fix for git instaweb giving 500 error (bsc#1112230)\n\n git 2.22.0\n\n * The filter specification "--filter=sparse:path=<path>" used to create a\n lazy/partial clone has been removed. Using a blob that is part of the\n project as sparse specification is still supported with the\n "--filter=sparse:oid=<blob>" option\n * "git checkout --no-overlay" can be used to trigger a new mode of\n checking out paths out of the tree-ish, that allows paths that match the\n pathspec that are in the current index and working tree and are not in\n the tree-ish.\n * Four new configuration variables {author,committer}.{name,email} have\n been introduced to override user.{name,email} in more specific cases.\n * "git branch" learned a new subcommand "--show-current".\n * The command line completion (in contrib/) has been taught to complete\n more subcommand parameters.\n * The completion helper code now pays attention to repository-local\n configuration (when available), which allows --list-cmds to honour a\n repository specific setting of completion.commands, for example.\n * The list of conflicted paths shown in the editor while concluding a\n conflicted merge was shown above the scissors line when the clean-up\n mode is set to "scissors", even though it was commented\n out just like the list of updated paths and other information to help\n the user explain the merge better.\n * "git rebase" that was reimplemented in C did not set ORIG_HEAD\n correctly, which has been corrected.\n * "git worktree add" used to do a "find an available name with stat and\n then mkdir", which is race-prone. This has been fixed by using mkdir and\n reacting to EEXIST in a loop.\n\n - Move to DocBook 5.x. Asciidoctor 2.x no longer supports the legacy\n DocBook 4.5 format.\n\n - update git-web AppArmor profile for bash and tar usrMerge (bsc#1132350)\n\n git 2.21.0\n\n * Historically, the "-m" (mainline) option can only be used for "git\n cherry-pick" and "git revert" when working with a merge commit. This\n version of Git no longer warns or errors out when working with a\n single-parent commit, as long as the argument to the "-m" option is 1\n (i.e. it has only one parent, and the request is to pick or revert\n relative to that first parent). Scripts that relied on the behaviour may\n get broken with this change.\n * Small fixes and features for fast-export and fast-import.\n * The "http.version" configuration variable can be used with recent enough\n versions of cURL library to force the version of HTTP used to talk when\n fetching and pushing.\n * "git push $there $src:$dst" rejects when $dst is not a fully qualified\n refname and it is not clear what the end user meant.\n * Update "git multimail" from the upstream.\n * A new date format "--date=human" that morphs its output depending\n on how far the time is from the current time has been introduced.\n "--date=auto:human" can be used to use this new format (or any existing\n format) when the output is going to the pager or to the terminal, and\n otherwise the default format.\n\n - Fix worktree creation race (bsc#1114225).\n - add shadow build dependency to the -daemon subpackage.\n\n\n git 2.20.1:\n\n * portability fixes\n * "git help -a" did not work well when an overly long alias was defined\n * no longer squelched an error message when the run_command API failed to\n run a missing command\n\n git 2.20.0\n\n * "git help -a" now gives verbose output (same as "git help -av"). Those\n who want the old output may say "git help --no-verbose -a"..\n * "git send-email" learned to grab address-looking string on any trailer\n whose name ends with "-by".\n * "git format-patch" learned new "--interdiff" and "--range-diff"\n options to explain the difference between this version and the previous\n attempt in the cover letter (or after the three-dashes as a comment).\n * Developer builds now use -Wunused-function compilation option.\n * Fix a bug in which the same path could be registered under multiple\n worktree entries if the path was missing (for instance, was removed\n manually). Also, as a convenience, expand the number of cases in which\n --force is applicable.\n * The overly large Documentation/config.txt file have been split into\n million little pieces. This potentially allows each individual piece to\n be included into the manual page of the command it affects more easily.\n * Malformed or crafted data in packstream can make our code attempt to\n read or write past the allocated buffer and abort, instead of reporting\n an error, which has been fixed.\n * Fix for a long-standing bug that leaves the index file corrupt when it\n shrinks during a partial commit.\n * "git merge" and "git pull" that merges into an unborn branch used to\n completely ignore "--verify-signatures", which has been corrected.\n * ...and much more features and fixes\n\n git 2.19.2:\n\n * various bug fixes for multiple subcommands and operations\n\n git 2.19.1:\n\n * CVE-2018-17456: Specially crafted .gitmodules files may have allowed\n arbitrary code execution when the repository is cloned with\n --recurse-submodules (bsc#1110949)\n\n git 2.19.0:\n\n * "git diff" compares the index and the working tree. For paths added\n with intent-to-add bit, the command shows the full contents\n of them as added, but the paths themselves were not marked as new\n files. They are now shown as new by default.\n * "git apply" learned the "--intent-to-add" option so that an\n otherwise working-tree-only application of a patch will add new paths to\n the index marked with the "intent-to-add" bit.\n * "git grep" learned the "--column" option that gives not just the line\n number but the column number of the hit.\n * The "-l" option in "git branch -l" is an unfortunate short-hand for\n "--create-reflog", but many users, both old and new, somehow expect it\n to be something else, perhaps "--list". This step warns when "-l" is\n used as a short-hand for "--create-reflog" and warns about the future\n repurposing of the it when it is used.\n * The userdiff pattern for .php has been updated.\n * The content-transfer-encoding of the message "git send-email" sends\n out by default was 8bit, which can cause trouble when there is an\n overlong line to bust RFC 5322/2822 limit. A new option 'auto' to\n automatically switch to quoted-printable when there is such a line in\n the payload has been introduced and is made the default.\n * "git checkout" and "git worktree add" learned to honor\n checkout.defaultRemote when auto-vivifying a local branch out of a\n remote tracking branch in a repository with multiple remotes that have\n tracking branches that share the same names. (merge 8d7b558bae\n ab/checkout-default-remote later to maint).\n * "git grep" learned the "--only-matching" option.\n * "git rebase --rebase-merges" mode now handles octopus merges as well.\n * Add a server-side knob to skip commits in exponential/fibbonacci stride\n in an attempt to cover wider swath of history with a smaller number of\n iterations, potentially accepting a larger packfile transfer, instead of\n going back one commit a time during common ancestor discovery during the\n "git fetch" transaction. (merge 42cc7485a2 jt/fetch-negotiator-skipping\n later to maint).\n * A new configuration variable core.usereplacerefs has been added,\n primarily to help server installations that want to ignore the replace\n mechanism altogether.\n * Teach "git tag -s" etc. a few configuration variables (gpg.format that\n can be set to "openpgp" or "x509", and gpg.<format>.program that is used\n to specify what program to use to deal with the format) to allow x.509\n certs with CMS via "gpgsm" to be used instead of\n openpgp via "gnupg".\n * Many more strings are prepared for l10n.\n * "git p4 submit" learns to ask its own pre-submit hook if it should\n continue with submitting.\n * The test performed at the receiving end of "git push" to prevent bad\n objects from entering repository can be customized via receive.fsck.*\n configuration variables; we now have gained a counterpart to do the same\n on the "git fetch" side, with fetch.fsck.* configuration variables.\n * "git pull --rebase=interactive" learned "i" as a short-hand for\n "interactive".\n * "git instaweb" has been adjusted to run better with newer Apache on\n RedHat based distros.\n * "git range-diff" is a reimplementation of "git tbdiff" that lets us\n compare individual patches in two iterations of a topic.\n * The sideband code learned to optionally paint selected keywords at the\n beginning of incoming lines on the receiving end.\n * "git branch --list" learned to take the default sort order from the\n 'branch.sort' configuration variable, just like "git tag --list" pays\n attention to 'tag.sort'.\n * "git worktree" command learned "--quiet" option to make it less verbose.\n\n git 2.18.0:\n\n * improvements to rename detection logic\n * When built with more recent cURL, GIT_SSL_VERSION can now specify\n "tlsv1.3" as its value.\n * "git mergetools" learned talking to guiffy.\n * various other workflow improvements and fixes\n * performance improvements and other developer visible fixes\n\n git 2.17.1\n\n * Submodule "names" come from the untrusted .gitmodules file, but we\n blindly append them to $GIT_DIR/modules to create our on-disk repo\n paths. This means you can do bad things by putting "../" into the name.\n We now enforce some rules for submodule names which will cause Git to\n ignore these malicious names (CVE-2018-11235, bsc#1095219)\n * It was possible to trick the code that sanity-checks paths on NTFS into\n reading random piece of memory (CVE-2018-11233, bsc#1095218)\n * Support on the server side to reject pushes to repositories that attempt\n to create such problematic .gitmodules file etc. as tracked contents, to\n help hosting sites protect their customers by preventing malicious\n contents from spreading.\n\n git 2.17.0:\n\n * "diff" family of commands learned "--find-object=<object-id>" option to\n limit the findings to changes that involve the named object.\n * "git format-patch" learned to give 72-cols to diffstat, which is\n consistent with other line length limits the subcommand uses for its\n output meant for e-mails.\n * The log from "git daemon" can be redirected with a new option; one\n relevant use case is to send the log to standard error (instead of\n syslog) when running it from inetd.\n * "git rebase" learned to take "--allow-empty-message" option.\n * "git am" has learned the "--quit" option, in addition to the existing\n "--abort" option; having the pair mirrors a few other commands like\n "rebase" and "cherry-pick".\n * "git worktree add" learned to run the post-checkout hook, just like "git\n clone" runs it upon the initial checkout.\n * "git tag" learned an explicit "--edit" option that allows the message\n given via "-m" and "-F" to be further edited.\n * "git fetch --prune-tags" may be used as a handy short-hand for getting\n rid of stale tags that are locally held.\n * The new "--show-current-patch" option gives an end-user facing way to\n get the diff being applied when "git rebase" (and "git am") stops with a\n conflict.\n * "git add -p" used to offer "/" (look for a matching hunk) as a choice,\n even there was only one hunk, which has been corrected. Also the\n single-key help is now given only for keys that are enabled (e.g. help\n for '/' won't be shown when there is only one hunk).\n * Since Git 1.7.9, "git merge" defaulted to --no-ff (i.e. even when the\n side branch being merged is a descendant of the current commit, create a\n merge commit instead of fast-forwarding) when merging a tag object.\n This was appropriate default for integrators who pull signed tags from\n their downstream contributors, but caused an unnecessary merges when\n used by downstream contributors who habitually "catch up" their topic\n branches with tagged releases from the upstream. Update "git merge" to\n default to --no-ff only when merging a tag object that does *not* sit at\n its usual place in refs/tags/ hierarchy, and allow fast-forwarding\n otherwise, to mitigate the problem.\n * "git status" can spend a lot of cycles to compute the relation between\n the current branch and its upstream, which can now be disabled with\n "--no-ahead-behind" option.\n * "git diff" and friends learned funcname patterns for Go language source\n files.\n * "git send-email" learned "--reply-to=<address>" option.\n * Funcname pattern used for C# now recognizes "async" keyword.\n * In a way similar to how "git tag" learned to honor the pager setting\n only in the list mode, "git config" learned to ignore the pager setting\n when it is used for setting values (i.e. when the purpose of the\n operation is not to "show").\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "modified": "2020-05-02T00:26:45", "published": "2020-05-02T00:26:45", "id": "OPENSUSE-SU-2020:0598-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html", "title": "Security update for git (moderate)", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
