Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2016-2021 Tenable Network Security, Inc.OPENSUSE-2016-1450.NASL
HistoryDec 13, 2016 - 12:00 a.m.

openSUSE Security Update : libgit2 (openSUSE-2016-1450)

2016-12-1300:00:00
This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.
www.tenable.com
9
JSON

libgit2 was updated to fix two security issues.

These security issues were fixed :

  • CVE-2016-8568: Read out-of-bounds in git_oid_nfmt (bsc#1003810).

  • CVE-2016-8569: DoS caused by a NULL pointer dereference in git_commit_message (bsc#1003810). This update was imported from the SUSE:SLE-12-SP2:Update update project.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2016-1450.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(95756);
  script_version("3.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2016-8568", "CVE-2016-8569");

  script_name(english:"openSUSE Security Update : libgit2 (openSUSE-2016-1450)");
  script_summary(english:"Check for the openSUSE-2016-1450 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"libgit2 was updated to fix two security issues.

These security issues were fixed :

  - CVE-2016-8568: Read out-of-bounds in git_oid_nfmt
    (bsc#1003810).

  - CVE-2016-8569: DoS caused by a NULL pointer dereference
    in git_commit_message (bsc#1003810). This update was
    imported from the SUSE:SLE-12-SP2:Update update project."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1003810"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected libgit2 packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgit2-24");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgit2-24-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgit2-24-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgit2-24-debuginfo-32bit");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgit2-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libgit2-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2016/12/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE42.2", reference:"libgit2-24-0.24.1-3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libgit2-24-debuginfo-0.24.1-3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libgit2-debugsource-0.24.1-3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", reference:"libgit2-devel-0.24.1-3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libgit2-24-32bit-0.24.1-3.1") ) flag++;
if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libgit2-24-debuginfo-32bit-0.24.1-3.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libgit2-24 / libgit2-24-32bit / libgit2-24-debuginfo / etc");
}
VendorProductVersionCPE
novellopensuselibgit2-24p-cpe:/a:novell:opensuse:libgit2-24
novellopensuselibgit2-24-32bitp-cpe:/a:novell:opensuse:libgit2-24-32bit
novellopensuselibgit2-24-debuginfop-cpe:/a:novell:opensuse:libgit2-24-debuginfo
novellopensuselibgit2-24-debuginfo-32bitp-cpe:/a:novell:opensuse:libgit2-24-debuginfo-32bit
novellopensuselibgit2-debugsourcep-cpe:/a:novell:opensuse:libgit2-debugsource
novellopensuselibgit2-develp-cpe:/a:novell:opensuse:libgit2-devel
novellopensuse42.2cpe:/o:novell:opensuse:42.2

Related

fedora 5
openvas 4
nessus 8
archlinux 1
ubuntu 1
osv 3
mageia 1
alpinelinux 2
veracode 2
prion 2
ubuntucve 2
debiancve 2
cve 2
fedora
fedora
[SECURITY] Fedora 25 Update: libgit2-0.24.2-2.fc25
2016-10-14 19:55:55
[SECURITY] Fedora 23 Update: libgit2-0.23.4-2.fc23
2016-10-20 16:22:01
[SECURITY] Fedora 24 Update: libgit2-0.24.2-2.fc24
2016-10-18 15:57:28
openvas
openvas
Fedora Update for libgit2 FEDORA-2016-505d7fe198
2016-12-07 00:00:00
Fedora Update for libgit2 FEDORA-2018-4fb7cdd27f
2018-03-21 00:00:00
Fedora Update for libgit2 FEDORA-2016-616a35205b
2016-11-14 00:00:00
nessus
nessus
openSUSE Security Update : libgit2 (openSUSE-2017-121)
2017-01-20 00:00:00
Fedora 25 : libgit2 (2016-505d7fe198)
2016-11-15 00:00:00
Ubuntu 16.04 ESM : libgit2 vulnerabilities (USN-4798-1)
2023-10-23 00:00:00
archlinux
archlinux
[ASA-201611-17] libgit2: denial of service
2016-11-16 00:00:00
ubuntu
ubuntu
libgit2 vulnerabilities
2021-03-15 00:00:00
osv
osv
libgit2 vulnerabilities
2021-03-15 21:21:42
CVE-2016-8568
2017-02-03 15:59:00
CVE-2016-8569
2017-02-03 15:59:00
mageia
mageia
Updated libgit2 packages fix security vulnerabilities
2017-08-29 23:36:17
alpinelinux
alpinelinux
CVE-2016-8568
2017-02-03 15:59:00
CVE-2016-8569
2017-02-03 15:59:00
veracode
veracode
Denial Of Service (DoS)
2017-02-06 02:46:28
Denial Of Service (DoS)
2017-02-06 03:59:51
prion
prion
Out-of-bounds
2017-02-03 15:59:00
Null pointer dereference
2017-02-03 15:59:00
ubuntucve
ubuntucve
CVE-2016-8569
2017-02-03 00:00:00
CVE-2016-8568
2017-02-03 00:00:00
debiancve
debiancve
CVE-2016-8568
2017-02-03 15:59:00
CVE-2016-8569
2017-02-03 15:59:00
cve
cve
CVE-2016-8568
2017-02-03 15:59:00
CVE-2016-8569
2017-02-03 15:59:00
JSON
Related for OPENSUSE-2016-1450.NASL
fedora5openvas4nessus8archlinux1ubuntu1osv3mageia1alpinelinux2veracode2prion2ubuntucve2debiancve2cve2