Lucene search
K

Alibaba Cloud Linux 3 : 0067: osbuild and osbuild-composer (ALINUX3-SA-2025:0067)

🗓️ 19 May 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 7 Views

Alibaba Cloud Linux 3 has multiple vulnerabilities; updates available to fix them urgently.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: Vulnerabilities in Node.js, Golang Go, HTTP/2, NGINX, OpenSSH, Linux kernel might affect IBM Spectrum Protect Plus
4 Feb 202518:15
ibm
IBM Security Bulletins
Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale and the Cloudkit are now included (CVE-2025-30204)
23 Sep 202522:08
ibm
IBM Security Bulletins
Security Bulletin: Multiple Vulnerabilities in IBM API Connect
15 Mar 202500:18
ibm
IBM Security Bulletins
Security Bulletin: IBM Financial Transaction Manager is impacted by multiple vulnerabilities in RedHat Proxy for Kubernetes RBAC authorization
5 Jun 202512:51
ibm
IBM Security Bulletins
Security Bulletin: There are multiple vulnerabilities that can affect IBM Fusion HCI and IBM Fusion HCI for watsonx
31 May 202514:07
ibm
IBM Security Bulletins
Security Bulletin: parse.ParseUnverified vulnerability affects watsonx.data
1 Jul 202506:52
ibm
IBM Security Bulletins
Security Bulletin: IBM Maximo Application Suite uses multiple third party libraries which is vulnerable to multiple CVEs
3 Nov 202508:54
ibm
IBM Security Bulletins
Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image
25 Sep 202413:30
ibm
IBM Security Bulletins
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to protobuf-go, libcurl, libexpat, Java SE, IBM GSKit-Crypto, open redirect, buffer overflow condition and golang-fips/openssl vulnerabilities.
30 Apr 202407:19
ibm
IBM Security Bulletins
Security Bulletin: IBM Concert Software is vulnerable to multiple issues
7 Mar 202516:09
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Alibaba Cloud Linux Security Advisory ALINUX3-SA-2025:0067.
##

include('compat.inc');

if (description)
{
  script_id(236934);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/05/19");

  script_cve_id(
    "CVE-2024-1394",
    "CVE-2024-9355",
    "CVE-2024-34158",
    "CVE-2025-30204"
  );

  script_name(english:"Alibaba Cloud Linux 3 : 0067: osbuild and osbuild-composer (ALINUX3-SA-2025:0067)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Alibaba Cloud Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced
in the ALINUX3-SA-2025:0067 advisory.

    Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities:

    CVE-2024-1394:
    A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a
    resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in
    github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That
    function uses named return parameters to free pkey and ctx if there is an error initializing the
    context or setting the different properties. All return statements related to error cases follow the
    return nil, nil, fail(...) pattern, meaning that pkey and ctx will be nil inside the deferred
    function that should free them.

    CVE-2024-34158:
    Calling Parse on a // +build build tag line with deeply nested expressions can cause a panic due to
    stack exhaustion.

    CVE-2024-9355:
    A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an
    uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be
    possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac
    sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It
    is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have
    follow-on implications for the Go TLS stack.

    CVE-2025-30204:
    golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions
    5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument
    (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization
    header consists of Bearer  followed by many period characters, a call to that function incurs allocations
    to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant
    factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.

Tenable has extracted the preceding description block directly from the Alibaba Cloud Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"http://mirrors.aliyun.com/alinux/3/cve/alinux3-sa-20250067.xml");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-9355");
  script_set_attribute(attribute:"cvss4_score_source", value:"CVE-2025-30204");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/03/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/05/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/05/19");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:osbuild");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:osbuild-composer");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:osbuild-composer-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:osbuild-composer-core-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:osbuild-composer-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:osbuild-composer-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:osbuild-composer-tests");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:osbuild-composer-tests-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:osbuild-composer-worker");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:osbuild-composer-worker-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:osbuild-depsolve-dnf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:osbuild-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:osbuild-luks2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:osbuild-lvm2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:osbuild-ostree");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:osbuild-selinux");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:osbuild-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:python3-osbuild");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alibabacloud:alibaba_cloud_linux_3");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Alibaba Cloud Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Alibaba/release", "Host/Alibaba/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Alibaba/release');
if (isnull(os_release) || 'Alibaba Cloud Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Alibaba Cloud Linux');
var os_ver = pregmatch(pattern: "Alibaba Cloud Linux release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Alibaba Cloud Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Alibaba Cloud Linux 3.x', 'Alibaba Cloud Linux ' + os_ver);

if (!get_kb_item('Host/Alibaba/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'x86_64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Alibaba Cloud Linux', cpu);

var pkgs = [
    {'reference':'osbuild-141.2-1.0.1.al8', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'osbuild-composer-132.2-1.0.1.al8', 'cpu':'aarch64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'osbuild-composer-132.2-1.0.1.al8', 'cpu':'x86_64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'osbuild-composer-core-132.2-1.0.1.al8', 'cpu':'aarch64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'osbuild-composer-core-132.2-1.0.1.al8', 'cpu':'x86_64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'osbuild-composer-core-debuginfo-132.2-1.0.1.al8', 'cpu':'aarch64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'osbuild-composer-core-debuginfo-132.2-1.0.1.al8', 'cpu':'x86_64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'osbuild-composer-debuginfo-132.2-1.0.1.al8', 'cpu':'aarch64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'osbuild-composer-debuginfo-132.2-1.0.1.al8', 'cpu':'x86_64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'osbuild-composer-debugsource-132.2-1.0.1.al8', 'cpu':'aarch64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'osbuild-composer-debugsource-132.2-1.0.1.al8', 'cpu':'x86_64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'osbuild-composer-tests-132.2-1.0.1.al8', 'cpu':'aarch64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'osbuild-composer-tests-132.2-1.0.1.al8', 'cpu':'x86_64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'osbuild-composer-tests-debuginfo-132.2-1.0.1.al8', 'cpu':'aarch64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'osbuild-composer-tests-debuginfo-132.2-1.0.1.al8', 'cpu':'x86_64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'osbuild-composer-worker-132.2-1.0.1.al8', 'cpu':'aarch64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'osbuild-composer-worker-132.2-1.0.1.al8', 'cpu':'x86_64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'osbuild-composer-worker-debuginfo-132.2-1.0.1.al8', 'cpu':'aarch64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'osbuild-composer-worker-debuginfo-132.2-1.0.1.al8', 'cpu':'x86_64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'osbuild-depsolve-dnf-141.2-1.0.1.al8', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'osbuild-doc-141.2-1.0.1.al8', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'osbuild-luks2-141.2-1.0.1.al8', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'osbuild-lvm2-141.2-1.0.1.al8', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'osbuild-ostree-141.2-1.0.1.al8', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'osbuild-selinux-141.2-1.0.1.al8', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'osbuild-tools-141.2-1.0.1.al8', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
    {'reference':'python3-osbuild-141.2-1.0.1.al8', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  var cves = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = 'Alibaba Linux ' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'osbuild / osbuild-composer / osbuild-composer-core / etc');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

19 May 2025 00:00Current
7.1High risk
Vulners AI Score7.1
CVSS 3.17.5
EPSS0.01533
SSVC
7