Lucene search
This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.CENTOS_RHSA-2019-0375.NASLHistoryFeb 21, 2019 - 12:00 a.m.
CentOS 7 : flatpak (CESA-2019:0375)
2019-02-2100:00:00
This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
46
An update for flatpak is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
Security Fix(es) :
- flatpak: potential /proc based sandbox escape (CVE-2019-8308)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2019:0375 and
# CentOS Errata and Security Advisory 2019:0375 respectively.
#
include("compat.inc");
if (description)
{
script_id(122353);
script_version("1.5");
script_cvs_date("Date: 2020/02/10");
script_cve_id("CVE-2019-8308");
script_xref(name:"RHSA", value:"2019:0375");
script_name(english:"CentOS 7 : flatpak (CESA-2019:0375)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote CentOS host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"An update for flatpak is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
Flatpak is a system for building, distributing, and running sandboxed
desktop applications on Linux.
Security Fix(es) :
* flatpak: potential /proc based sandbox escape (CVE-2019-8308)
For more details about the security issue(s), including the impact, a
CVSS score, acknowledgments, and other related information, refer to
the CVE page(s) listed in the References section."
);
# https://lists.centos.org/pipermail/centos-announce/2019-February/023203.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?a8b1c87d"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected flatpak packages."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-8308");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:flatpak");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:flatpak-builder");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:flatpak-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:flatpak-libs");
script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/02/12");
script_set_attribute(attribute:"patch_publication_date", value:"2019/02/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/21");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"CentOS Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/CentOS/release");
if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 7.x", "CentOS " + os_ver);
if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
flag = 0;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"flatpak-1.0.2-4.el7_6")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"flatpak-builder-1.0.0-4.el7_6")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"flatpak-devel-1.0.2-4.el7_6")) flag++;
if (rpm_check(release:"CentOS-7", cpu:"x86_64", reference:"flatpak-libs-1.0.2-4.el7_6")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "flatpak / flatpak-builder / flatpak-devel / flatpak-libs");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| centos | centos | flatpak | p-cpe:/a:centos:centos:flatpak |
| centos | centos | flatpak-builder | p-cpe:/a:centos:centos:flatpak-builder |
| centos | centos | flatpak-devel | p-cpe:/a:centos:centos:flatpak-devel |
| centos | centos | flatpak-libs | p-cpe:/a:centos:centos:flatpak-libs |
| centos | centos | 7 | cpe:/o:centos:centos:7 |
Related
oraclelinux
oraclelinux
flatpak security update
2019-02-19 00:00:00
cvelist
cvelist
CVE-2019-8308
2019-02-12 23:00:00
osv
osv
CVE-2019-8308
2019-02-12 23:29:00
flatpak - security update
2019-02-12 00:00:00
amazon
amazon
Important: flatpak
2019-03-21 19:31:00
nessus
nessus
Oracle Linux 7 : flatpak (ELSA-2019-0375)
2019-02-20 00:00:00
Amazon Linux 2 : flatpak (ALAS-2019-1183)
2019-03-29 00:00:00
ubuntucve
ubuntucve
CVE-2019-8308
2019-02-12 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for flatpak (EulerOS-SA-2020-1846)
2020-08-31 00:00:00
Huawei EulerOS: Security Advisory for flatpak (EulerOS-SA-2019-1134)
2020-01-23 00:00:00
CentOS Update for flatpak CESA-2019:0375 centos7
2019-02-21 00:00:00
debiancve
debiancve
CVE-2019-8308
2019-02-12 23:29:00
veracode
veracode
Remote Code Execution (RCE)
2019-02-18 06:46:47
redhatcve
redhatcve
CVE-2019-8308
2019-10-08 09:49:01
prion
prion
Design/Logic Flaw
2019-02-12 23:29:00
cve
cve
CVE-2019-8308
2019-02-12 23:29:00
centos
centos
flatpak security update
2019-02-20 20:15:35
redhat
redhat
(RHSA-2019:0375) Important: flatpak security update
2019-02-19 15:59:19
fedora
fedora
[SECURITY] Fedora 28 Update: flatpak-1.0.7-1.fc28
2019-02-28 19:38:32
suse
suse
Security update for flatpak (moderate)
2019-08-31 00:00:00
Related for CENTOS_RHSA-2019-0375.NASL