Lucene search

K
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2013-494.NASL
HistoryJun 13, 2014 - 12:00 a.m.

openSUSE Security Update : subversion (openSUSE-SU-2013:1006-1)

2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.015 Low

EPSS

Percentile

87.2%

This update of subversion includes several bug and security fixes.

  • update to 1.7.10 [bnc#821505] CVE-2013-1968 CVE-2013-2088 CVE-2013-2112

  • Client-side bugfixes :

  • fix โ€˜svn revertโ€™ โ€˜no such table: revert_listโ€™ spurious error

  • fix โ€˜svn diffโ€™ doesnโ€™t show some locally added files

  • fix changelist filtering when --changelist values arenโ€™t UTF8

  • fix โ€˜svn diff --gitโ€™ shows wrong copyfrom

  • fix โ€˜svn diff -x-wโ€™ shows wrong changes

  • fix โ€˜svn blameโ€™ sometimes shows every line as modified

  • fix regression in โ€˜svn status -uโ€™ output for externals

  • fix file permissions change on commit of file with keywords

  • improve some fatal error messages

  • fix externals not removed when working copy is made shallow

  • Server-side bugfixes :

  • fix repository corruption due to newline in filename

  • fix svnserve exiting when a client connection is aborted

  • fix svnserve memory use after clear

  • fix repository corruption on power/disk failure on Windows

  • Developer visible changes :

  • make get-deps.sh compatible with Solaris /bin/sh

  • fix infinite recursion bug in get-deps.sh

  • fix uninitialised output parameter of svn_fs_commit_txn()

  • Bindings :

  • fix JavaHL thread-safety bug

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2013-494.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(75035);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2013-1968", "CVE-2013-2088", "CVE-2013-2112");
  script_bugtraq_id(60264, 60265, 60267);

  script_name(english:"openSUSE Security Update : subversion (openSUSE-SU-2013:1006-1)");
  script_summary(english:"Check for the openSUSE-2013-494 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update of subversion includes several bug and security fixes.

  - update to 1.7.10 [bnc#821505] CVE-2013-1968
    CVE-2013-2088 CVE-2013-2112

  - Client-side bugfixes :

  - fix 'svn revert' 'no such table: revert_list' spurious
    error

  - fix 'svn diff' doesn't show some locally added files

  - fix changelist filtering when --changelist values aren't
    UTF8

  - fix 'svn diff --git' shows wrong copyfrom

  - fix 'svn diff -x-w' shows wrong changes

  - fix 'svn blame' sometimes shows every line as modified

  - fix regression in 'svn status -u' output for externals

  - fix file permissions change on commit of file with
    keywords

  - improve some fatal error messages

  - fix externals not removed when working copy is made
    shallow

  - Server-side bugfixes :

  - fix repository corruption due to newline in filename

  - fix svnserve exiting when a client connection is aborted

  - fix svnserve memory use after clear

  - fix repository corruption on power/disk failure on
    Windows

  - Developer visible changes :

  - make get-deps.sh compatible with Solaris /bin/sh

  - fix infinite recursion bug in get-deps.sh

  - fix uninitialised output parameter of
    svn_fs_commit_txn()

  - Bindings :

  - fix JavaHL thread-safety bug"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=821505"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2013-06/msg00136.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected subversion packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsvn_auth_gnome_keyring-1-0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsvn_auth_gnome_keyring-1-0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsvn_auth_kwallet-1-0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libsvn_auth_kwallet-1-0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-bash-completion");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-perl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-perl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-python-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-server-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:subversion-tools-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/06/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE12\.2|SUSE12\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.2 / 12.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE12.2", reference:"libsvn_auth_gnome_keyring-1-0-1.7.10-4.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"libsvn_auth_gnome_keyring-1-0-debuginfo-1.7.10-4.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"libsvn_auth_kwallet-1-0-1.7.10-4.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"libsvn_auth_kwallet-1-0-debuginfo-1.7.10-4.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"subversion-1.7.10-4.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"subversion-bash-completion-1.7.10-4.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"subversion-debuginfo-1.7.10-4.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"subversion-debugsource-1.7.10-4.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"subversion-devel-1.7.10-4.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"subversion-perl-1.7.10-4.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"subversion-perl-debuginfo-1.7.10-4.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"subversion-python-1.7.10-4.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"subversion-python-debuginfo-1.7.10-4.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"subversion-server-1.7.10-4.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"subversion-server-debuginfo-1.7.10-4.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"subversion-tools-1.7.10-4.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.2", reference:"subversion-tools-debuginfo-1.7.10-4.16.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"libsvn_auth_gnome_keyring-1-0-1.7.10-2.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"libsvn_auth_gnome_keyring-1-0-debuginfo-1.7.10-2.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"libsvn_auth_kwallet-1-0-1.7.10-2.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"libsvn_auth_kwallet-1-0-debuginfo-1.7.10-2.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"subversion-1.7.10-2.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"subversion-bash-completion-1.7.10-2.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"subversion-debuginfo-1.7.10-2.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"subversion-debugsource-1.7.10-2.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"subversion-devel-1.7.10-2.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"subversion-perl-1.7.10-2.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"subversion-perl-debuginfo-1.7.10-2.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"subversion-python-1.7.10-2.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"subversion-python-debuginfo-1.7.10-2.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"subversion-server-1.7.10-2.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"subversion-server-debuginfo-1.7.10-2.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"subversion-tools-1.7.10-2.8.1") ) flag++;
if ( rpm_check(release:"SUSE12.3", reference:"subversion-tools-debuginfo-1.7.10-2.8.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libsvn_auth_gnome_keyring-1-0 / etc");
}
VendorProductVersionCPE
novellopensusesubversion-perl-debuginfop-cpe:/a:novell:opensuse:subversion-perl-debuginfo
novellopensusesubversion-pythonp-cpe:/a:novell:opensuse:subversion-python
novellopensusesubversion-python-debuginfop-cpe:/a:novell:opensuse:subversion-python-debuginfo
novellopensusesubversion-serverp-cpe:/a:novell:opensuse:subversion-server
novellopensusesubversion-server-debuginfop-cpe:/a:novell:opensuse:subversion-server-debuginfo
novellopensusesubversion-toolsp-cpe:/a:novell:opensuse:subversion-tools
novellopensusesubversion-tools-debuginfop-cpe:/a:novell:opensuse:subversion-tools-debuginfo
novellopensuse12.2cpe:/o:novell:opensuse:12.2
novellopensuse12.3cpe:/o:novell:opensuse:12.3
novellopensuselibsvn_auth_gnome_keyring-1-0p-cpe:/a:novell:opensuse:libsvn_auth_gnome_keyring-1-0
Rows per page:
1-10 of 191

7.8 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.015 Low

EPSS

Percentile

87.2%