Fedora 22 : drupal6-ctools-1.14-1.fc22 (2015-14331)

2015-09-0800:00:00

www.tenable.com

**See Ctools - Critical - Multiple Vulnerabilities - SA- CONTRIB-2015-141.**This is an incremental security and bugfix release for ctools. Looking to fix future D6 CTools issues? Find japerry or merlinofchaos in #drupal-scotch, #drupal- contribute, or #drupal-panels – and become a maintainer for D6 CTools. Changes since 6.x-1.13: * Harden AJAX link handling * Content type plugins do not properly inherit ‘edit’ permission * Various lint fixes * Fix typo * Issue #2512850 by DamienMcKenna, mw4ll4c3: PHP 5.4+ compatibility * Issue #2010124 by davidwhthomas: ctools_access_get_loggedin_context doesn’t fully load current user in context

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2015-14331.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(85822);
  script_version("2.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2015-6665");
  script_xref(name:"FEDORA", value:"2015-14331");

  script_name(english:"Fedora 22 : drupal6-ctools-1.14-1.fc22 (2015-14331)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"**See [Ctools - Critical - Multiple Vulnerabilities - SA-
CONTRIB-2015-141.](https://www.drupal.org/node/2554145)** **This is an
incremental security and bugfix release for ctools.** Looking to fix
future D6 CTools issues? Find japerry or merlinofchaos in
#drupal-scotch, #drupal- contribute, or #drupal-panels -- and become a
maintainer for D6 CTools. Changes since 6.x-1.13: * Harden AJAX link
handling * Content type plugins do not properly inherit 'edit'
permission * Various lint fixes * Fix typo * Issue \#2512850 by
DamienMcKenna, mw4ll4c3: PHP 5.4+ compatibility * Issue \#2010124 by
davidwhthomas: ctools_access_get_loggedin_context doesn't fully load
current user in context

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=1256131"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2015-September/165695.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?ae0bfcb8"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.drupal.org/node/2554145"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected drupal6-ctools package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:drupal6-ctools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/09/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/08");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^22([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC22", reference:"drupal6-ctools-1.14-1.fc22")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "drupal6-ctools");
}

VendorProductVersionCPE
fedoraprojectfedoradrupal6-ctoolsp-cpe:/a:fedoraproject:fedora:drupal6-ctools
fedoraprojectfedora22cpe:/o:fedoraproject:fedora:22