ID FEDORA_2015-3643.NASL Type nessus Reporter Tenable Modified 2015-10-19T00:00:00
Description
This update allows symlinks again.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2015-3643.
#
include("compat.inc");
if (description)
{
script_id(81865);
script_version("$Revision: 1.2 $");
script_cvs_date("$Date: 2015/10/19 23:06:18 $");
script_xref(name:"FEDORA", value:"2015-3643");
script_name(english:"Fedora 22 : patch-2.7.5-1.fc22 (2015-3643)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update allows symlinks again.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1182157"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1199684"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2015-March/151973.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?b2769ed8"
);
script_set_attribute(attribute:"solution", value:"Update the affected patch package.");
script_set_attribute(attribute:"risk_factor", value:"High");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:patch");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22");
script_set_attribute(attribute:"patch_publication_date", value:"2015/03/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/17");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015 Tenable Network Security, Inc.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^22([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC22", reference:"patch-2.7.5-1.fc22")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "patch");
}
{"id": "FEDORA_2015-3643.NASL", "bulletinFamily": "scanner", "title": "Fedora 22 : patch-2.7.5-1.fc22 (2015-3643)", "description": "This update allows symlinks again.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2015-03-17T00:00:00", "modified": "2015-10-19T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=81865", "reporter": "Tenable", "references": ["http://www.nessus.org/u?b2769ed8", "https://bugzilla.redhat.com/show_bug.cgi?id=1182157", "https://bugzilla.redhat.com/show_bug.cgi?id=1199684"], "cvelist": [], "type": "nessus", "lastseen": "2019-01-16T20:21:01", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:fedoraproject:fedora:patch", "cpe:/o:fedoraproject:fedora:22"], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "This update allows symlinks again.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "4a79f699e6f620742e6ac6e98ccb59ed6e6a7e9c231c5700b51bf9dc040adfb1", "hashmap": [{"hash": "7ec435b3099b0c280a847c5a051d5d07", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "3a41f743ff0d5f00e2abab864991116b", "key": "cpe"}, {"hash": "100692c53d1e730f87eccc27e6657320", "key": "description"}, {"hash": "9a00910eeedb8c835c4637a953896665", "key": "modified"}, {"hash": "0a01527b25851e2b93da0048944a773e", "key": "sourceData"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "0e99c3d21c6d9dfca941f86e706de5c7", "key": "published"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "e481eaba00fd371607ab007634d23399", "key": "href"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "20b7a615fe10cae1445aa16948a6e437", "key": "title"}, {"hash": "1e5791a4b324b65caffe87763f55e2e7", "key": "pluginID"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=81865", "id": "FEDORA_2015-3643.NASL", "lastseen": "2017-10-29T13:42:51", "modified": "2015-10-19T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "81865", "published": "2015-03-17T00:00:00", "references": ["http://www.nessus.org/u?b2769ed8", "https://bugzilla.redhat.com/show_bug.cgi?id=1182157", "https://bugzilla.redhat.com/show_bug.cgi?id=1199684"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-3643.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81865);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:06:18 $\");\n\n script_xref(name:\"FEDORA\", value:\"2015-3643\");\n\n script_name(english:\"Fedora 22 : patch-2.7.5-1.fc22 (2015-3643)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update allows symlinks again.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1182157\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1199684\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/151973.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b2769ed8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected patch package.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:patch\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"patch-2.7.5-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"patch\");\n}\n", "title": "Fedora 22 : patch-2.7.5-1.fc22 (2015-3643)", "type": "nessus", "viewCount": 1}, "differentElements": ["description"], "edition": 2, "lastseen": "2017-10-29T13:42:51"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "This update allows symlinks again.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "enchantments": {}, "hash": "79016503a17e64b387c738d8e9a22c6c0e19288c27231ba0fb66aa32c08f533e", "hashmap": [{"hash": "7ec435b3099b0c280a847c5a051d5d07", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "100692c53d1e730f87eccc27e6657320", "key": "description"}, {"hash": "9a00910eeedb8c835c4637a953896665", "key": "modified"}, {"hash": "0a01527b25851e2b93da0048944a773e", "key": "sourceData"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "0e99c3d21c6d9dfca941f86e706de5c7", "key": "published"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "e481eaba00fd371607ab007634d23399", "key": "href"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "20b7a615fe10cae1445aa16948a6e437", "key": "title"}, {"hash": "1e5791a4b324b65caffe87763f55e2e7", "key": "pluginID"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=81865", "id": "FEDORA_2015-3643.NASL", "lastseen": "2016-09-26T17:25:54", "modified": "2015-10-19T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.2", "pluginID": "81865", "published": "2015-03-17T00:00:00", "references": ["http://www.nessus.org/u?b2769ed8", "https://bugzilla.redhat.com/show_bug.cgi?id=1182157", "https://bugzilla.redhat.com/show_bug.cgi?id=1199684"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-3643.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81865);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:06:18 $\");\n\n script_xref(name:\"FEDORA\", value:\"2015-3643\");\n\n script_name(english:\"Fedora 22 : patch-2.7.5-1.fc22 (2015-3643)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update allows symlinks again.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1182157\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1199684\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/151973.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b2769ed8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected patch package.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:patch\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"patch-2.7.5-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"patch\");\n}\n", "title": "Fedora 22 : patch-2.7.5-1.fc22 (2015-3643)", "type": "nessus", "viewCount": 0}, "differentElements": ["cpe"], "edition": 1, "lastseen": "2016-09-26T17:25:54"}], "edition": 3, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "3a41f743ff0d5f00e2abab864991116b"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "e2dea47cfc3b7fb319652a81bed9371a"}, {"key": "href", "hash": "e481eaba00fd371607ab007634d23399"}, {"key": "modified", "hash": "9a00910eeedb8c835c4637a953896665"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "1e5791a4b324b65caffe87763f55e2e7"}, {"key": "published", "hash": "0e99c3d21c6d9dfca941f86e706de5c7"}, {"key": "references", "hash": "7ec435b3099b0c280a847c5a051d5d07"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "0a01527b25851e2b93da0048944a773e"}, {"key": "title", "hash": "20b7a615fe10cae1445aa16948a6e437"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "eacf8b14f1039d1df6850961182e4c8a84fa45a2bc5dfb577071238e2a9d51e9", "viewCount": 1, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}, "dependencies": {"references": [], "modified": "2019-01-16T20:21:01"}, "vulnersScore": 2.1}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-3643.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(81865);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2015/10/19 23:06:18 $\");\n\n script_xref(name:\"FEDORA\", value:\"2015-3643\");\n\n script_name(english:\"Fedora 22 : patch-2.7.5-1.fc22 (2015-3643)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update allows symlinks again.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1182157\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1199684\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-March/151973.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b2769ed8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected patch package.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:patch\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:22\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^22([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 22.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC22\", reference:\"patch-2.7.5-1.fc22\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"patch\");\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "81865", "cpe": ["p-cpe:/a:fedoraproject:fedora:patch", "cpe:/o:fedoraproject:fedora:22"]}
{"nessus": [{"lastseen": "2019-01-16T20:24:31", "bulletinFamily": "scanner", "description": "## v2.4.8\n\n### Security\n\n - CVE-2015-5723 php-doctrine-orm filesystem permission\n issues\n\n - https://access.redhat.com/security/cve/CVE-2015-5723\n\n - http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html\n\n### Bug\n\n - [DDC-3310] - [GH-1138] Join column index names\n\n - [DDC-3343] - `PersistentCollection::removeElement`\n schedules an entity for deletion when relationship is\n EXTRA_LAZY, with `orphanRemoval` false.\n\n - [DDC-3464] - [GH-1231] Backport 'Merge pull request\n #1098 from encoder32/DDC-1590' to 2.4 branch\n\n - [DDC-3482] - [GH-1242] Attempting to lock a proxy object\n fails as UOW doesn't init proxy first\n\n - [DDC-3493] - New (PHP 5.5) 'class' keyword - wrong\n parsing by EntityGenerator\n\n - [DDC-3494] - [GH-1250] Test case for 'class' keyword\n\n - [DDC-3500] - [GH-1254] Fix applying ON/WITH conditions\n to first join in Class Table Inheritance\n\n - [DDC-3502] - [GH-1256] DDC-3493 - fixed EntityGenerator\n parsing for php 5.5 '::class' syntax\n\n - [DDC-3518] - [GH-1266] [2.4] Fix schema generation in\n the test suite\n\n - [DDC-3537] - [GH-1282] Hotfix/#1169 extra lazy one to\n many should not delete referenced entities (backport to\n 2.4)\n\n - [DDC-3551] - [GH-1294] Avoid Connection error when\n calling ClassMetadataFactor::getAllMetadata()\n\n - [DDC-3560] - [GH-1300] [2.4] #1169 DDC-3343 one-to-omany\n persister deletes only on EXTRA_LAZY plus orphanRemoval\n\n - [DDC-3608] - [GH-1327] Properly generate default value\n from yml & xml mapping\n\n - [DDC-3619] - spl_object_hash collision\n\n - [DDC-3624] - [GH-1338] [DDC-3619] Update identityMap\n when entity gets managed again\n\n - [DDC-3643] - [GH-1352] fix EntityGenerator\n RegenerateEntityIfExists\n\n### Improvement\n\n - [DDC-3530] - [GH-1276] travis: run coverage just once\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "modified": "2016-10-18T00:00:00", "published": "2016-07-20T00:00:00", "id": "FEDORA_2016-F0C8B7B115.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92447", "title": "Fedora 24 : php-doctrine-orm (2016-f0c8b7b115)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-f0c8b7b115.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92447);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2016/10/18 17:03:08 $\");\n\n script_cve_id(\"CVE-2015-5723\");\n script_xref(name:\"FEDORA\", value:\"2016-f0c8b7b115\");\n\n script_name(english:\"Fedora 24 : php-doctrine-orm (2016-f0c8b7b115)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"## v2.4.8\n\n### Security\n\n - CVE-2015-5723 php-doctrine-orm filesystem permission\n issues\n\n - https://access.redhat.com/security/cve/CVE-2015-5723\n\n - http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html\n\n### Bug\n\n - [DDC-3310] - [GH-1138] Join column index names\n\n - [DDC-3343] - `PersistentCollection::removeElement`\n schedules an entity for deletion when relationship is\n EXTRA_LAZY, with `orphanRemoval` false.\n\n - [DDC-3464] - [GH-1231] Backport 'Merge pull request\n #1098 from encoder32/DDC-1590' to 2.4 branch\n\n - [DDC-3482] - [GH-1242] Attempting to lock a proxy object\n fails as UOW doesn't init proxy first\n\n - [DDC-3493] - New (PHP 5.5) 'class' keyword - wrong\n parsing by EntityGenerator\n\n - [DDC-3494] - [GH-1250] Test case for 'class' keyword\n\n - [DDC-3500] - [GH-1254] Fix applying ON/WITH conditions\n to first join in Class Table Inheritance\n\n - [DDC-3502] - [GH-1256] DDC-3493 - fixed EntityGenerator\n parsing for php 5.5 '::class' syntax\n\n - [DDC-3518] - [GH-1266] [2.4] Fix schema generation in\n the test suite\n\n - [DDC-3537] - [GH-1282] Hotfix/#1169 extra lazy one to\n many should not delete referenced entities (backport to\n 2.4)\n\n - [DDC-3551] - [GH-1294] Avoid Connection error when\n calling ClassMetadataFactor::getAllMetadata()\n\n - [DDC-3560] - [GH-1300] [2.4] #1169 DDC-3343 one-to-omany\n persister deletes only on EXTRA_LAZY plus orphanRemoval\n\n - [DDC-3608] - [GH-1327] Properly generate default value\n from yml & xml mapping\n\n - [DDC-3619] - spl_object_hash collision\n\n - [DDC-3624] - [GH-1338] [DDC-3619] Update identityMap\n when entity gets managed again\n\n - [DDC-3643] - [GH-1352] fix EntityGenerator\n RegenerateEntityIfExists\n\n### Improvement\n\n - [DDC-3530] - [GH-1276] travis: run coverage just once\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-f0c8b7b115\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected php-doctrine-orm package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-doctrine-orm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"php-doctrine-orm-2.4.8-1.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php-doctrine-orm\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:24:31", "bulletinFamily": "scanner", "description": "## v2.4.8\n\n### Security\n\n - CVE-2015-5723 php-doctrine-orm filesystem permission\n issues\n\n - https://access.redhat.com/security/cve/CVE-2015-5723\n\n - http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html\n\n### Bug\n\n - [DDC-3310] - [GH-1138] Join column index names\n\n - [DDC-3343] - `PersistentCollection::removeElement`\n schedules an entity for deletion when relationship is\n EXTRA_LAZY, with `orphanRemoval` false.\n\n - [DDC-3464] - [GH-1231] Backport 'Merge pull request\n #1098 from encoder32/DDC-1590' to 2.4 branch\n\n - [DDC-3482] - [GH-1242] Attempting to lock a proxy object\n fails as UOW doesn't init proxy first\n\n - [DDC-3493] - New (PHP 5.5) 'class' keyword - wrong\n parsing by EntityGenerator\n\n - [DDC-3494] - [GH-1250] Test case for 'class' keyword\n\n - [DDC-3500] - [GH-1254] Fix applying ON/WITH conditions\n to first join in Class Table Inheritance\n\n - [DDC-3502] - [GH-1256] DDC-3493 - fixed EntityGenerator\n parsing for php 5.5 '::class' syntax\n\n - [DDC-3518] - [GH-1266] [2.4] Fix schema generation in\n the test suite\n\n - [DDC-3537] - [GH-1282] Hotfix/#1169 extra lazy one to\n many should not delete referenced entities (backport to\n 2.4)\n\n - [DDC-3551] - [GH-1294] Avoid Connection error when\n calling ClassMetadataFactor::getAllMetadata()\n\n - [DDC-3560] - [GH-1300] [2.4] #1169 DDC-3343 one-to-omany\n persister deletes only on EXTRA_LAZY plus orphanRemoval\n\n - [DDC-3608] - [GH-1327] Properly generate default value\n from yml & xml mapping\n\n - [DDC-3619] - spl_object_hash collision\n\n - [DDC-3624] - [GH-1338] [DDC-3619] Update identityMap\n when entity gets managed again\n\n - [DDC-3643] - [GH-1352] fix EntityGenerator\n RegenerateEntityIfExists\n\n### Improvement\n\n - [DDC-3530] - [GH-1276] travis: run coverage just once\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "modified": "2016-10-18T00:00:00", "published": "2016-07-20T00:00:00", "id": "FEDORA_2016-7E229134F9.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=92445", "title": "Fedora 23 : php-doctrine-orm (2016-7e229134f9)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-7e229134f9.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(92445);\n script_version(\"$Revision: 2.2 $\");\n script_cvs_date(\"$Date: 2016/10/18 16:52:29 $\");\n\n script_cve_id(\"CVE-2015-5723\");\n script_xref(name:\"FEDORA\", value:\"2016-7e229134f9\");\n\n script_name(english:\"Fedora 23 : php-doctrine-orm (2016-7e229134f9)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"## v2.4.8\n\n### Security\n\n - CVE-2015-5723 php-doctrine-orm filesystem permission\n issues\n\n - https://access.redhat.com/security/cve/CVE-2015-5723\n\n - http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html\n\n### Bug\n\n - [DDC-3310] - [GH-1138] Join column index names\n\n - [DDC-3343] - `PersistentCollection::removeElement`\n schedules an entity for deletion when relationship is\n EXTRA_LAZY, with `orphanRemoval` false.\n\n - [DDC-3464] - [GH-1231] Backport 'Merge pull request\n #1098 from encoder32/DDC-1590' to 2.4 branch\n\n - [DDC-3482] - [GH-1242] Attempting to lock a proxy object\n fails as UOW doesn't init proxy first\n\n - [DDC-3493] - New (PHP 5.5) 'class' keyword - wrong\n parsing by EntityGenerator\n\n - [DDC-3494] - [GH-1250] Test case for 'class' keyword\n\n - [DDC-3500] - [GH-1254] Fix applying ON/WITH conditions\n to first join in Class Table Inheritance\n\n - [DDC-3502] - [GH-1256] DDC-3493 - fixed EntityGenerator\n parsing for php 5.5 '::class' syntax\n\n - [DDC-3518] - [GH-1266] [2.4] Fix schema generation in\n the test suite\n\n - [DDC-3537] - [GH-1282] Hotfix/#1169 extra lazy one to\n many should not delete referenced entities (backport to\n 2.4)\n\n - [DDC-3551] - [GH-1294] Avoid Connection error when\n calling ClassMetadataFactor::getAllMetadata()\n\n - [DDC-3560] - [GH-1300] [2.4] #1169 DDC-3343 one-to-omany\n persister deletes only on EXTRA_LAZY plus orphanRemoval\n\n - [DDC-3608] - [GH-1327] Properly generate default value\n from yml & xml mapping\n\n - [DDC-3619] - spl_object_hash collision\n\n - [DDC-3624] - [GH-1338] [DDC-3619] Update identityMap\n when entity gets managed again\n\n - [DDC-3643] - [GH-1352] fix EntityGenerator\n RegenerateEntityIfExists\n\n### Improvement\n\n - [DDC-3530] - [GH-1276] travis: run coverage just once\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-7e229134f9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected php-doctrine-orm package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-doctrine-orm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"php-doctrine-orm-2.4.8-1.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php-doctrine-orm\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}