Fedora 19 : cups-1.6.4-10.fc19 (2014-9703)

2014-10-0300:00:00

www.tenable.com

Upstream patches have been applied to prevent long-running Get-Jobs operations preventing other requests from being handled, and to fix the order of completed jobs in Get-Jobs responses. This update fixes a security flaw potentially leading to a disclosure of information.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2014-9703.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(78038);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2014-3537", "CVE-2014-5029");
  script_bugtraq_id(68788, 68842);
  script_xref(name:"FEDORA", value:"2014-9703");

  script_name(english:"Fedora 19 : cups-1.6.4-10.fc19 (2014-9703)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Upstream patches have been applied to prevent long-running Get-Jobs
operations preventing other requests from being handled, and to fix
the order of completed jobs in Get-Jobs responses. This update fixes a
security flaw potentially leading to a disclosure of information.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1115576"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1122600"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2014-October/139672.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?0ef3c096"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected cups package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:S/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:cups");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/08/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/03");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC19", reference:"cups-1.6.4-10.fc19")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
  else security_note(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups");
}

VendorProductVersionCPE
fedoraprojectfedoracupsp-cpe:/a:fedoraproject:fedora:cups
fedoraprojectfedora19cpe:/o:fedoraproject:fedora:19

Vendor	Product	Version	CPE
fedoraproject	fedora	cups	p-cpe:/a:fedoraproject:fedora:cups
fedoraproject	fedora	19	cpe:/o:fedoraproject:fedora:19

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3537

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5029

www.nessus.org/u?0ef3c096

bugzilla.redhat.com/show_bug.cgi?id=1115576

bugzilla.redhat.com/show_bug.cgi?id=1122600

JSON

Related for FEDORA_2014-9703.NASL