This update contains minor security fixes (for CVE-2016-3075, CVE-2016-1234, CVE-2015-8778, CVE-2015-8776, CVE-2014-9761, CVE-2015-8779) and collects fixes for bugs encountered by Fedora users.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory 2016-68abc0be35.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(91063);
script_version("2.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2014-9761", "CVE-2015-8776", "CVE-2015-8778", "CVE-2015-8779", "CVE-2016-1234", "CVE-2016-3075");
script_xref(name:"FEDORA", value:"2016-68abc0be35");
script_name(english:"Fedora 23 : glibc-2.22-15.fc23 (2016-68abc0be35)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update contains minor security fixes (for CVE-2016-3075,
CVE-2016-1234, CVE-2015-8778, CVE-2015-8776, CVE-2014-9761,
CVE-2015-8779) and collects fixes for bugs encountered by Fedora
users.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1288740"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1293139"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1300300"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1300304"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1300311"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1300314"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1307234"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1313404"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1315648"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1316972"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1321372"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1321861"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1321954"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1332912"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1332914"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1332917"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1333901"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1333940"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.redhat.com/show_bug.cgi?id=1333945"
);
# https://lists.fedoraproject.org/pipermail/package-announce/2016-May/184626.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?d5fd1005"
);
script_set_attribute(attribute:"solution", value:"Update the affected glibc package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:glibc");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:23");
script_set_attribute(attribute:"patch_publication_date", value:"2016/05/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/12");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^23([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 23.x", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC23", reference:"glibc-2.22-15.fc23")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc");
}
Vendor | Product | Version | CPE |
---|---|---|---|
fedoraproject | fedora | glibc | p-cpe:/a:fedoraproject:fedora:glibc |
fedoraproject | fedora | 23 | cpe:/o:fedoraproject:fedora:23 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9761
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8776
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8778
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8779
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1234
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3075
www.nessus.org/u?d5fd1005
bugzilla.redhat.com/show_bug.cgi?id=1288740
bugzilla.redhat.com/show_bug.cgi?id=1293139
bugzilla.redhat.com/show_bug.cgi?id=1300300
bugzilla.redhat.com/show_bug.cgi?id=1300304
bugzilla.redhat.com/show_bug.cgi?id=1300311
bugzilla.redhat.com/show_bug.cgi?id=1300314
bugzilla.redhat.com/show_bug.cgi?id=1307234
bugzilla.redhat.com/show_bug.cgi?id=1313404
bugzilla.redhat.com/show_bug.cgi?id=1315648
bugzilla.redhat.com/show_bug.cgi?id=1316972
bugzilla.redhat.com/show_bug.cgi?id=1321372
bugzilla.redhat.com/show_bug.cgi?id=1321861
bugzilla.redhat.com/show_bug.cgi?id=1321954
bugzilla.redhat.com/show_bug.cgi?id=1332912
bugzilla.redhat.com/show_bug.cgi?id=1332914
bugzilla.redhat.com/show_bug.cgi?id=1332917
bugzilla.redhat.com/show_bug.cgi?id=1333901
bugzilla.redhat.com/show_bug.cgi?id=1333940
bugzilla.redhat.com/show_bug.cgi?id=1333945