Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2020-595CE5E3CC.NASLHistoryJan 27, 2020 - 12:00 a.m.
Fedora 31 : 1:libuv / 1:nodejs (2020-595ce5e3cc)
2020-01-2700:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
7.6 High
AI Score
Confidence
High
Update to 12.14.1
Add new subpackage nodejs-full-i18n to provide non-English locale and Unicode support.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2020-595ce5e3cc.
#
include('compat.inc');
if (description)
{
script_id(133233);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/28");
script_cve_id(
"CVE-2019-16775",
"CVE-2019-16776",
"CVE-2019-16777",
"CVE-2019-17592"
);
script_xref(name:"FEDORA", value:"2020-595ce5e3cc");
script_name(english:"Fedora 31 : 1:libuv / 1:nodejs (2020-595ce5e3cc)");
script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"Update to 12.14.1
Add new subpackage `nodejs-full-i18n` to provide non-English locale
and Unicode support.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2020-595ce5e3cc");
script_set_attribute(attribute:"solution", value:
"Update the affected 1:libuv and / or 1:nodejs packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-16777");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2019-16776");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/14");
script_set_attribute(attribute:"patch_publication_date", value:"2020/01/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:1:libuv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:1:nodejs");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:31");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Fedora Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^31([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 31", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC31", reference:"libuv-1.34.1-1.fc31", epoch:"1")) flag++;
if (rpm_check(release:"FC31", reference:"nodejs-12.14.1-3.fc31", epoch:"1")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "1:libuv / 1:nodejs");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | fedora | 1 | p-cpe:/a:fedoraproject:fedora:1:libuv |
| fedoraproject | fedora | 1 | p-cpe:/a:fedoraproject:fedora:1:nodejs |
| fedoraproject | fedora | 31 | cpe:/o:fedoraproject:fedora:31 |
Related
fedora
fedora
[SECURITY] Fedora 31 Update: libuv-1.34.1-1.fc31
2020-01-24 17:08:56
[SECURITY] Fedora 31 Update: nodejs-12.14.1-3.fc31
2020-01-24 17:08:57
openvas
openvas
Fedora: Security Advisory for nodejs (FEDORA-2020-595ce5e3cc)
2020-01-27 00:00:00
Fedora: Security Advisory for libuv (FEDORA-2020-595ce5e3cc)
2020-01-27 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:0247-1)
2021-06-09 00:00:00
nessus
nessus
SUSE SLES15 Security Update : nodejs10 (SUSE-SU-2020:0104-1)
2020-01-16 00:00:00
openSUSE Security Update : nodejs8 (openSUSE-2020-59)
2020-01-15 00:00:00
SUSE SLES12 Security Update : nodejs10 (SUSE-SU-2020:0063-1)
2020-01-13 00:00:00
osv
osv
nodejs:12 enhancement update
2020-02-04 08:35:22
Important: nodejs:10 security update
2020-02-25 07:57:02
Important: nodejs:10 security update
2020-02-25 07:57:02
suse
suse
Security update for nodejs8 (important)
2020-01-15 00:00:00
ibm
ibm
Security Bulletin: Vulnerability in npm affects IBM VM Recovery Manager DR
2021-07-30 21:12:22
Security Bulletin: Vulnerability in npm affects IBM VM Recovery Manager HA
2021-07-30 21:03:51
rocky
rocky
12 enhancement update
2020-02-04 08:35:22
nodejs:10 security update
2020-02-25 07:57:02
freebsd
freebsd
NPM -- Multiple vulnerabilities
2019-12-18 00:00:00
almalinux
almalinux
Important: nodejs:10 security update
2020-02-25 07:57:02
redhat
redhat
(RHSA-2020:0573) Important: nodejs:10 security update
2020-02-24 12:24:24
(RHSA-2020:0579) Important: nodejs:10 security update
2020-02-25 07:57:02
(RHSA-2020:0597) Important: rh-nodejs10-nodejs security update
2020-02-25 12:25:49
prion
prion
Design/Logic Flaw
2019-10-14 20:15:00
Code injection
2019-12-13 01:15:00
Code injection
2019-12-13 01:15:00
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2019-09-20 03:01:10
Arbitrary File Overwrite
2019-12-12 03:16:20
Unauthorized File Access
2019-12-12 02:26:11
redhatcve
redhatcve
nodejs
nodejs
Regular Expression Denial of Service
2019-09-17 18:16:39
githubexploit
githubexploit
Exploit for Uncontrolled Resource Consumption in Csv-Parse Project Csv-Parse
2020-12-01 09:18:58
symantec
symantec
Npmjs 'csv-parse' Module CVE-2019-17592 Denial of Service Vulnerability
2019-09-18 00:00:00
npm CLI CVE-2019-16776 Arbitrary File Write Vulnerability
2019-12-11 00:00:00
oraclelinux
oraclelinux
nodejs:10 security update
2020-02-26 00:00:00
ubuntucve
ubuntucve
github
github
Arbitrary File Write in npm
2019-12-13 15:39:19
Regular Expression Denial of Service in csv-parse
2019-10-15 20:06:16
npm Vulnerable to Global node_modules Binary Overwrite
2019-12-13 15:39:32
cve
cve
debiancve
debiancve
mageia
mageia
Updated nodejs packages fix security vulnerabilities
2020-09-27 23:06:37
gentoo
gentoo
Node.js: Multiple vulnerabilities
2020-03-20 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2020
2020-01-14 00:00:00
Oracle Critical Patch Update Advisory - October 2021
2021-10-19 00:00:00