Lucene search
This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2020-76FCD0BA34.NASLHistoryOct 05, 2020 - 12:00 a.m.
Fedora 32 : 2:podman / crun (2020-76fcd0ba34)
2020-10-0500:00:00
This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
autobuilt v2.1.0, Security fix for CVE-2020-14370
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2020-76fcd0ba34.
#
include("compat.inc");
if (description)
{
script_id(141140);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/09/21");
script_cve_id("CVE-2020-14370");
script_xref(name:"FEDORA", value:"2020-76fcd0ba34");
script_name(english:"Fedora 32 : 2:podman / crun (2020-76fcd0ba34)");
script_summary(english:"Checks rpm output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"autobuilt v2.1.0, Security fix for CVE-2020-14370
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bodhi.fedoraproject.org/updates/FEDORA-2020-76fcd0ba34"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected 2:podman and / or crun packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-14370");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:2:podman");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:crun");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:32");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/09/23");
script_set_attribute(attribute:"patch_publication_date", value:"2020/10/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/10/05");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^32([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 32", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC32", reference:"podman-2.1.1-7.fc32", epoch:"2")) flag++;
if (rpm_check(release:"FC32", reference:"crun-0.15-5.fc32")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "2:podman / crun");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | fedora | 2 | p-cpe:/a:fedoraproject:fedora:2:podman |
| fedoraproject | fedora | crun | p-cpe:/a:fedoraproject:fedora:crun |
| fedoraproject | fedora | 32 | cpe:/o:fedoraproject:fedora:32 |
Related
altlinux
altlinux
Security fix for the ALT Linux 10 package podman version 2.1.1-alt1
2020-11-10 00:00:00
oraclelinux
oraclelinux
container-tools:ol8 security, bug fix, and enhancement update
2021-02-20 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: podman-2.1.1-10.fc33
2020-10-06 00:16:49
[SECURITY] Fedora 31 Update: crun-0.15-5.fc31
2020-10-09 15:01:14
[SECURITY] Fedora 33 Update: skopeo-1.2.0-3.fc33
2020-10-06 00:16:49
nessus
nessus
openSUSE Security Update : podman (openSUSE-2020-2039)
2020-11-30 00:00:00
RHEL 8 : container-tools:rhel8 (RHSA-2021:0531)
2021-02-16 00:00:00
Oracle Linux 8 : container-tools:ol8 (ELSA-2021-0531)
2021-02-20 00:00:00
cve
cve
CVE-2020-14370
2020-09-23 13:15:00
CVE-2022-2739
2022-09-01 21:15:00
archlinux
archlinux
[ASA-202009-11] podman: information disclosure
2020-09-26 00:00:00
veracode
veracode
Information Disclosure
2020-10-28 11:04:33
Information Disclosure
2022-09-05 21:42:42
debiancve
debiancve
CVE-2020-14370
2020-09-23 13:15:00
prion
prion
Information disclosure
2020-09-23 13:15:00
Design/Logic Flaw
2022-09-01 21:15:00
suse
suse
Security update for podman (moderate)
2020-11-26 00:00:00
Security update for podman (moderate)
2020-11-27 00:00:00
rocky
rocky
container-tools:rhel8 security, bug fix, and enhancement update
2021-02-16 07:31:27
ubuntucve
ubuntucve
CVE-2020-14370
2020-09-23 00:00:00
redhatcve
redhatcve
CVE-2020-14370
2020-09-22 09:02:43
CVE-2022-2739
2022-08-19 08:38:34
osv
osv
Moderate: container-tools:rhel8 security, bug fix, and enhancement update
2021-02-16 07:31:27
CVE-2020-14370
2020-09-23 13:15:15
Moderate: container-tools:rhel8 security, bug fix, and enhancement update
2021-02-16 07:31:27
almalinux
almalinux
Moderate: container-tools:rhel8 security, bug fix, and enhancement update
2021-02-16 07:31:27
alpinelinux
alpinelinux
CVE-2020-14370
2020-09-23 13:15:00
redhat
redhat
(RHSA-2021:0531) Moderate: container-tools:rhel8 security, bug fix, and enhancement update
2021-02-16 07:31:27
(RHSA-2020:5056) Moderate: podman security and bug fix update
2020-11-10 13:33:51
(RHSA-2022:6119) Moderate: podman security and bug fix update
2022-08-22 08:12:17
Related for FEDORA_2020-76FCD0BA34.NASL