Lucene search

HistoryAug 12, 2019 - 12:00 a.m.

Fedora 30 : subversion (2019-f6bc68e455)

2019-08-1200:00:00

www.tenable.com

This update includes the latest stable release of Apache Subversion, version 1.12.2. This update addresses two security vulnerabilities insvnserve, CVE-2018-11782 and CVE-2019-0203. For more information, see :

http://subversion.apache.org/security/CVE-2018-11782-advisory.txt http://subversion.apache.org/security/CVE-2019-0203-advisory.txt

User-visible changes :

Fix conflict resolver bug: local and incoming edits swapped.
Fix memory lifetime problem in a libsvn_wc error code path.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory FEDORA-2019-f6bc68e455.
#

include("compat.inc");

if (description)
{
  script_id(127538);
  script_version("1.5");
  script_cvs_date("Date: 2020/01/06");

  script_cve_id("CVE-2018-11782", "CVE-2019-0203");
  script_xref(name:"FEDORA", value:"2019-f6bc68e455");

  script_name(english:"Fedora 30 : subversion (2019-f6bc68e455)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update includes the latest stable release of _Apache Subversion_,
version **1.12.2**. This update addresses two security vulnerabilities
in **svnserve**, `CVE-2018-11782` and `CVE-2019-0203`. For more
information, see :

http://subversion.apache.org/security/CVE-2018-11782-advisory.txt
http://subversion.apache.org/security/CVE-2019-0203-advisory.txt

## User-visible changes :

  - Fix conflict resolver bug: local and incoming edits
    swapped. 

  - Fix memory lifetime problem in a libsvn_wc error code
    path.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-f6bc68e455"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected subversion package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:subversion");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/08/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);


flag = 0;
if (rpm_check(release:"FC30", reference:"subversion-1.12.2-1.fc30")) flag++;


if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "subversion");
}

VendorProductVersionCPE
fedoraprojectfedorasubversionp-cpe:/a:fedoraproject:fedora:subversion
fedoraprojectfedora30cpe:/o:fedoraproject:fedora:30

Vendor	Product	Version	CPE
fedoraproject	fedora	subversion	p-cpe:/a:fedoraproject:fedora:subversion
fedoraproject	fedora	30	cpe:/o:fedoraproject:fedora:30

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11782

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0203

bodhi.fedoraproject.org/updates/FEDORA-2019-f6bc68e455

JSON

Related for FEDORA_2019-F6BC68E455.NASL