glib2 2.60.4 release with network status, leak, Happy Eyeballs, and file system permissions fixe
Reporter | Title | Published | Views | Family All 117 |
---|---|---|---|---|
![]() | CentOS 8 : glib2 (CESA-2019:3530) | 29 Jan 202100:00 | – | nessus |
![]() | NewStart CGSL CORE 5.05 / MAIN 5.05 : glib2 Vulnerability (NS-SA-2021-0157) | 28 Oct 202100:00 | – | nessus |
![]() | SUSE SLED15 / SLES15 Security Update : glib2 (SUSE-SU-2019:1594-1) | 24 Jun 201900:00 | – | nessus |
![]() | Debian DLA-1826-1 : glib2.0 security update | 19 Jun 201900:00 | – | nessus |
![]() | Photon OS 2.0: Glib PHSA-2019-2.0-0161 | 22 Jul 202400:00 | – | nessus |
![]() | SUSE SLES11 Security Update : glib2 (SUSE-SU-2019:14102-1) | 10 Jun 202100:00 | – | nessus |
![]() | EulerOS Virtualization for ARM 64 3.0.2.0 : glib2 (EulerOS-SA-2020-1239) | 13 Mar 202000:00 | – | nessus |
![]() | Ubuntu 14.04 LTS : glib2.0 vulnerability (USN-4014-2) | 12 Jun 201900:00 | – | nessus |
![]() | NewStart CGSL CORE 5.04 / MAIN 5.04 : glib2 Vulnerability (NS-SA-2021-0020) | 10 Mar 202100:00 | – | nessus |
![]() | RHEL 8 : glib2 (RHSA-2019:3530) | 6 Nov 201900:00 | – | nessus |
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2019-c18d2bd1bd.
#
include('compat.inc');
if (description)
{
script_id(125961);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/15");
script_cve_id("CVE-2019-12450");
script_xref(name:"FEDORA", value:"2019-c18d2bd1bd");
script_name(english:"Fedora 30 : glib2 (2019-c18d2bd1bd)");
script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing a security update.");
script_set_attribute(attribute:"description", value:
"glib 2.60.4 release :
- Fixes to improved network status detection with
NetworkManager
- Leak fixes to some `glib-genmarshal` generated code
- Further fixes to the Happy Eyeballs (RFC 8305)
implementation
- File system permissions fix to clamp down permissions in
a small time window when copying files (CVE-2019-12450)
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-c18d2bd1bd");
script_set_attribute(attribute:"solution", value:
"Update the affected glib2 package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-12450");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/29");
script_set_attribute(attribute:"patch_publication_date", value:"2019/06/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/18");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:glib2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Fedora Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC30", reference:"glib2-2.60.4-1.fc30")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glib2");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo