Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2019-F454C7A118.NASL
HistoryNov 20, 2019 - 12:00 a.m.

Fedora 31 : libidn2 (2019-f454c7a118)

2019-11-2000:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19

7.5 High

AI Score

Confidence

High

JSON

Libidn 2.3.0 (released 2019-11-14) ==================================

  • Mitre has assigned CVE-2019-12290 which was fixed by the roundtrip feature introduced in 2.2.0 (commit 241e8f48)

  • Update the data tables from Unicode 6.3.0 to Unicode 11.0

  • Turn _idn2_punycode_encode, _idn2_punycode_decode into compat symbols (Fixes #74)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2019-f454c7a118.
#

include('compat.inc');

if (description)
{
  script_id(131147);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/11");

  script_cve_id("CVE-2019-12290");
  script_xref(name:"FEDORA", value:"2019-f454c7a118");

  script_name(english:"Fedora 31 : libidn2 (2019-f454c7a118)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"Libidn 2.3.0 (released 2019-11-14) ==================================

  - Mitre has assigned CVE-2019-12290 which was fixed by the
    roundtrip feature introduced in 2.2.0 (commit 241e8f48)

  - Update the data tables from Unicode 6.3.0 to Unicode
    11.0

  - Turn `_idn2_punycode_encode`, `_idn2_punycode_decode`
    into compat symbols (Fixes #74)

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-f454c7a118");
  script_set_attribute(attribute:"solution", value:
"Update the affected libidn2 package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-12290");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/11/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:libidn2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:31");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^31([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 31", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC31", reference:"libidn2-2.3.0-1.fc31")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libidn2");
}
VendorProductVersionCPE
fedoraprojectfedoralibidn2p-cpe:/a:fedoraproject:fedora:libidn2
fedoraprojectfedora31cpe:/o:fedoraproject:fedora:31

Related

openvas 10
fedora 5
nessus 14
debiancve 1
alpinelinux 1
prion 1
osv 1
cve 1
ubuntucve 1
freebsd 1
veracode 1
ubuntu 1
suse 2
amazon 2
gentoo 1
cloudfoundry 1
mageia 1
ics 1
openvas
openvas
Fedora Update for mingw-libidn2 FEDORA-2019-20e9736c97
2019-11-26 00:00:00
Fedora Update for libidn2 FEDORA-2019-160303ebeb
2019-12-15 00:00:00
Huawei EulerOS: Security Advisory for libidn2 (EulerOS-SA-2020-1338)
2020-04-01 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: libidn2-2.3.0-1.fc30
2019-12-09 02:28:54
[SECURITY] Fedora 29 Update: mingw-libidn2-2.3.0-1.fc29
2019-11-25 02:33:41
[SECURITY] Fedora 31 Update: libidn2-2.3.0-1.fc31
2019-11-20 01:02:33
nessus
nessus
Fedora 30 : mingw-libidn2 (2019-20e9736c97)
2019-11-25 00:00:00
EulerOS Virtualization 3.0.2.0 : libidn2 (EulerOS-SA-2023-1735)
2023-05-07 00:00:00
EulerOS Virtualization for ARM 64 3.0.6.0 : libidn2 (EulerOS-SA-2020-1338)
2020-04-02 00:00:00
debiancve
debiancve
CVE-2019-12290
2019-10-22 16:15:00
alpinelinux
alpinelinux
CVE-2019-12290
2019-10-22 16:15:00
prion
prion
Code injection
2019-10-22 16:15:00
osv
osv
CVE-2019-12290
2019-10-22 16:15:10
cve
cve
CVE-2019-12290
2019-10-22 16:15:00
ubuntucve
ubuntucve
CVE-2019-12290
2019-10-22 00:00:00
freebsd
freebsd
libidn2 -- roundtrip check vulnerability
2019-11-14 00:00:00
veracode
veracode
Improper Input Validation
2024-01-16 06:33:53
ubuntu
ubuntu
Libidn2 vulnerabilities
2019-10-29 00:00:00
suse
suse
Security update for libidn2 (moderate)
2019-12-03 00:00:00
Security update for libidn2 (moderate)
2019-12-03 00:00:00
amazon
amazon
Medium: libidn2
2019-12-13 21:13:00
Medium: libidn2
2019-12-13 19:34:00
gentoo
gentoo
GNU IDN Library 2: Multiple vulnerabilities
2020-03-30 00:00:00
cloudfoundry
cloudfoundry
USN-4168-1: Libidn2 vulnerabilities | Cloud Foundry
2019-11-18 00:00:00
mageia
mageia
Updated libidn2 packages fix security vulnerabilities
2019-12-31 19:51:17
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00

7.5 High

AI Score

Confidence

High

JSON
Related for FEDORA_2019-F454C7A118.NASL
openvas10fedora5nessus14debiancve1alpinelinux1prion1osv1cve1ubuntucve1freebsd1veracode1ubuntu1suse2amazon2gentoo1cloudfoundry1mageia1ics1