Fedora 27 : php-symfony (2018-4deae442f2)

2018-08-15T00:00:00
ID FEDORA_2018-4DEAE442F2.NASL
Type nessus
Reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2020-02-02T00:00:00

Description

2.8.44 (2018-08-01)

  • security #cve-2018-14774 [HttpKernel] fix trusted headers management in HttpCache and InlineFragmentRenderer (nicolas-grekas)

  • security #cve-2018-14773 [HttpFoundation] Remove support for legacy and risky HTTP headers (nicolas-grekas)

  • bug #28003 [HttpKernel] Fixes invalid REMOTE_ADDR in inline subrequest when configuring trusted proxy with subnet (netiul)

  • bug #28045 [HttpFoundation] Fix Cookie::isCleared (ro0NL)

  • bug #28080 [HttpFoundation] fixed using _method parameter with invalid type (Phobetor)

2.8.43 (2018-07-23)

  • bug #28005 [HttpKernel] Fixed templateExists on parse error of the template name (yceruto)

  • bug #27997 Serbo-Croatian has Serbian plural rule (kylekatarnls)

  • bug #27941 [WebProfilerBundle] Fixed icon alignment issue using Bootstrap 4.1.2 (jmsche)

  • bug #27937 [HttpFoundation] reset callback on StreamedResponse when setNotModified() is called (rubencm)

  • bug #27927 [HttpFoundation] Suppress side effects in

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2018-4deae442f2.
#

include("compat.inc");

if (description)
{
  script_id(111710);
  script_version("1.3");
  script_cvs_date("Date: 2019/09/24 14:09:10");

  script_cve_id("CVE-2018-14773");
  script_xref(name:"FEDORA", value:"2018-4deae442f2");

  script_name(english:"Fedora 27 : php-symfony (2018-4deae442f2)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"## 2.8.44 (2018-08-01)

  - security #cve-2018-14774 [HttpKernel] fix trusted
    headers management in HttpCache and
    InlineFragmentRenderer (nicolas-grekas)

  - security #cve-2018-14773 [HttpFoundation] Remove support
    for legacy and risky HTTP headers (nicolas-grekas)

  - bug #28003 [HttpKernel] Fixes invalid REMOTE_ADDR in
    inline subrequest when configuring trusted proxy with
    subnet (netiul)

  - bug #28045 [HttpFoundation] Fix Cookie::isCleared
    (ro0NL)

  - bug #28080 [HttpFoundation] fixed using _method
    parameter with invalid type (Phobetor)

## 2.8.43 (2018-07-23)

  - bug #28005 [HttpKernel] Fixed templateExists on parse
    error of the template name (yceruto)

  - bug #27997 Serbo-Croatian has Serbian plural rule
    (kylekatarnls)

  - bug #27941 [WebProfilerBundle] Fixed icon alignment
    issue using Bootstrap 4.1.2 (jmsche)

  - bug #27937 [HttpFoundation] reset callback on
    StreamedResponse when setNotModified() is called
    (rubencm)

  - bug #27927 [HttpFoundation] Suppress side effects in
    'get' and 'has' methods of NamespacedAttributeBag
    (webnet-fr)

  - bug #27904 [Filesystem] fix lock file permissions
    (fritzmg)

  - bug #27758 [WebProfilerBundle] Prevent toolbar links
    color override by css (alcalyn)

  - bug #27831 Check for Hyper terminal on all operating
    systems. (azjezz)

  - bug #27794 Add color support for Hyper terminal .
    (azjezz)

  - bug #27809 [HttpFoundation] Fix tests: new message for
    status 425 (dunglas)

  - bug #27716 [DI] fix dumping deprecated service in yaml
    (nicolas-grekas)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bodhi.fedoraproject.org/updates/FEDORA-2018-4deae442f2"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected php-symfony package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php-symfony");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:27");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/08/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/15");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^27([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 27", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC27", reference:"php-symfony-2.8.44-1.fc27")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "php-symfony");
}