6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
31.9%
This update for syncthing brings a new version and fixes the following issues :
Update to version 0.14.42 :
Discovering new files in a deleted directory does not resurrect the directory (gh#syncthing/syncthing#4475).
‘Panic: interface conversion: *errors.errorString is not net.Error’ after restart (gh#syncthing/syncthing#4561).
Auto-accept shared directories from trusted devices (gh#syncthing/syncthing#2299).
Empty directories in .stversions should be removed (gh#syncthing/syncthing#4406).
Human readable errors on attempted deletion of a non-empty directory (gh#syncthing/syncthing#4476).
Add confirmation on the Remove Folder / Device button (gh#syncthing/syncthing#4543).
Update to version 0.14.41 :
Devices with ignored files stay ‘synchronising’ forever (gh#syncthing/syncthing#623).
No Global Discovery without Synch Protocol Listen Address (gh#syncthing/syncthing#4418).
Local network classification doesn’t always work (gh#syncthing/syncthing#4421).
Hashed GUI password should not be rehashed (gh#syncthing/syncthing#4458).
Pulls not triggered correctly on reconnection (gh#syncthing/syncthing#4504).
A symlink/file replacement doesn’t work properly (gh#syncthing/syncthing#4505).
File/directory replacement doesn’t work properly (gh#syncthing/syncthing#4506).
Logging at info level and above should always include context (gh#syncthing/syncthing#4510).
Panic in ‘pfilter’ package on 32 bit architectures (gh#syncthing/syncthing#4537).
Allow synchronising read-only directories as ‘Master Directories’ (gh#syncthing/syncthing#1126).
‘Global Changes’ button is confusing, retitle to ‘Recent Changes’ (gh#syncthing/syncthing#4326).
Dial device addresses in parallel (gh#syncthing/syncthing#4456).
Avoid lots and lots of announced addresses in the presence of symmetric NAT (gh#syncthing/syncthing#4519).
Split transport usage reporting per stack (gh#syncthing/syncthing#4463).
Update to version 0.14.40 :
Report more data part of the anonymous usage report (gh#syncthing/syncthing#3628)
Better report synchronisation errors (gh#syncthing/syncthing#4392).
Removing paused directories no longer causes a panic (gh#syncthing/syncthing#4405).
Make local IPv4 discovery more resilient against write failures (gh#syncthing/syncthing#4414).
Clearer logging around config failures at startup (gh#syncthing/syncthing#4431).
Do not complain about inability to fsync files (gh#syncthing/syncthing#4432).
Improve KCP connections (gh#syncthing/syncthing#4446).
Improve directory health checking (gh#syncthing/syncthing#4451).
Include built-in support for file system notifications, although it is disabled by default.
Enable by default the UDP based ‘KCP’ protocol.
Update to version 0.14.39 :
Removing paused directories no longer triggers a crash (gh#syncthing/syncthing#4357).
Add further security related HTTP headers (gh#syncthing/syncthing#4360).
Improve info level logging in some cases (gh#syncthing/syncthing#4375).
Improve GUI tooltips in chromium based browsers (gh#syncthing/syncthing#4377).
Add -device-id command line switch (gh#syncthing/syncthing#4387).
Failure to upgrade directory markers from file to directory type is no longer fatal.
Update to version 0.14.38 :
KCP connections are now more stable (gh#syncthing/syncthing#4063, gh#syncthing/syncthing#4343)
Hashing benchmarks are skipped if a manual selection has been forced (gh#syncthing/syncthing#4348).
Relay server RAM usage has been reduced (gh#syncthing/syncthing#4245).
Update to version 0.14.37 (changes since 0.14.32) :
Relative version paths are now correctly relative to the directory path (gh#syncthing/syncthing#4188).
Remote devices now show bytes remaining to synchronise (gh#syncthing/syncthing#4227).
Editing ignore patterns no longer incorrectly shows included patterns (gh#syncthing/syncthing#4249).
The new directory dialogue now suggests a default path.
Adjustable via advanced config defaultFolderPath (gh#syncthing/syncthing#2157).
The build script no longer sets -installsuffix by default (gh#syncthing/syncthing#4272).
Prevent a vulnerability that allows file overwrite via versioned symlinks (CVE-2017-1000420, boo#1074428, gh#syncthing/syncthing#4286).
Symlinks are deleted from versioned directories on startup (gh#syncthing/syncthing#4288).
Directory paths are no longer reset when editing a directory without a label (gh#syncthing/syncthing#4297).
Better detect synchronisation conflicts that happen while synchronising (gh#syncthing/syncthing#3742, gh#syncthing/syncthing#4305).
Fix a crash related to a nil reference in ignore handling (gh#syncthing/syncthing#4300).
Stop requiring golang.org/x/net/context.
Update to version 0.14.32 :
‘Nearby devices’ are now shown in the add device dialogue, avoiding the need to type their device ID (gh#syncthing/syncthing#4157).
Directories that were once ignored in a sharing request now actually work properly when later added manually (gh#syncthing/syncthing#4219).
Update to version 0.14.31 (changes since 0.14.29) :
Correctly clear warning ‘path is a subdirectory of other folder’ in directory dialogue (gh#syncthing/syncthing#3433).
Conflict copies filename now includes the ID of the last device to change the file (gh#syncthing/syncthing#3524).
Directories offered by other devices can now be ignored (gh#syncthing/syncthing#3993).
Changed device name takes effect with restart; device name is not sent to unknown devices (gh#syncthing/syncthing#4164).
Correctly show CPU usage when started with -no-restart option (gh#syncthing/syncthing#4183).
Icons and directory information in local device summary is consistent with that in directories (gh#syncthing/syncthing#4100).
Fix a data race in KCP & STUN (gh#syncthing/syncthing#4177).
Ignore patterns on newly accepted directories are no longer erroneously inherited from an earlier added directory (gh#syncthing/syncthing#4203).
Update to version 0.14.29 :
The layout of the global changes dialogue is improved (gh#syncthing/syncthing#3895).
Running as root or SYSTEM now triggers a warning recommending against it (gh#syncthing/syncthing#4123).
Changing the theme no longer causes an HTTP error (gh#syncthing/syncthing#4127).
Update to version 0.14.28 :
It is now possible to create custom event subscriptions via the REST API (gh#syncthing/syncthing#1879).
Removing large directories now uses less memory (gh#syncthing/syncthing#2250).
The minimum disc space (per directory and for the home drive) can now be set to an absolute value (gh#syncthing/syncthing#3307).
Pausing or reconfiguring a directory will no longer start extra scans. Pausing a directory stops scanning (gh#syncthing/syncthing#3965).
Ignore patterns can now be set at directory creation time, and for paused directories (gh#syncthing/syncthing#3996).
It is no longer possible to configure the GUI/API to listen on a privileged port using the standard settings dialogue (gh#syncthing/syncthing#4020).
The device allowed subnet list can now include negative (‘!’) entries to disallow subnets (gh#syncthing/syncthing#4096).
Doing ‘Override changes’ now uses less memory (gh#syncthing/syncthing#4112).
Require golang.org/x/net/context on openSUSE older than openSUSE Leap 15.x.
Update to version 0.14.27 :
Devices can now have a list of allowed subnets (advanced config) (gh#syncthing/syncthing#219).
The transfer rate units can now be changed by clicking on the value (gh#syncthing/syncthing#234).
UI text explaining ‘Introducer’ is improved (gh#syncthing/syncthing#1819).
Advanced config editor can now edit lists of things (gh#syncthing/syncthing#2267).
Directories created for new directories now obey the user umask setting (gh#syncthing/syncthing#2519).
Incoming index updates are consistency checked better (gh#syncthing/syncthing#4053).
Update to version 0.14.26 :
Discovery errors are more clearly displayed in the GUI (gh#syncthing/syncthing#2344).
The language dropdown menu in the GUI is now correctly sorted (gh#syncthing/syncthing#3913).
When there are items that could not be synced, their full path is displayed in the GUI.
Update to version 0.14.25 :
Improve ‘Pause All’/‘Resume All’ icons (gh#syncthing/syncthing#4003).
There are now mips and mipsle builds by default (gh#syncthing/syncthing#3959).
The ‘overwriting protected files’ warning now correctly handles relative paths to the config directory (gh#syncthing/syncthing#3183).
The experimental KCP protocol for transfers over UDP has been merged, although it’s not currently enabled by default (gh#syncthing/syncthing#804).
Update to version 0.14.24 :
lib/sync: Fix a race in unlocker logging (gh#syncthing/syncthing#3884).
Make links and log messages refer to https instead of http where possible (gh#syncthing/syncthing#3976).
The default number of parallel file processing routines per directory is now two (previously one), and the number of simultaneously outstanding network requests has been increased.
The UI now contains buttons to pause or resume all directories with a single action.
Update to version 0.14.23 (changes since 0.14.21) :
Leading and trailing spaces are no longer stripped in the GUI password field (gh#syncthing/syncthing#3935)
The GUI shows remaining amount of data to sync per directory (gh#syncthing/syncthing#3908).
There should no longer be empty entries in the global log (gh#syncthing/syncthing#3933).
Weak hashing is now by default only enabled when it makes sense from a performance point of view (gh#syncthing/syncthing#3938).
Update to version 0.14.21 (changes since 0.14.19) :
There is now a warning when adding a directory that is a parent of an existing directory (gh#syncthing/syncthing#3197).
Using -logfile flag together with -no-restart now causes an error instead of silently failing (gh#syncthing/syncthing#3912).
Weak hashing is now disabled completely when the threshold percentage is > 100 (gh#syncthing/syncthing#3891).
Rate limiting now actually works on ARM64 builds again (gh#syncthing/syncthing#3921).
Fix an issue where UPnP port allocations would be incorrect under some circumstances (gh#syncthing/syncthing#3924).
Weak hashing is a bit faster and allocates less memory.
The hashing performance reported at startup now includes weak hashing.
The GUI ‘network error’ dialogue no longer shows up as easily in some scenarios when using Syncthing behind a reverse proxy.
Update to version 0.14.19 :
Changing bandwidth rate limits now takes effect immediately without restart (gh#syncthing/syncthing#3846)
The event log (-audit) can now be directed to stderr for piping into an another application (gh#syncthing/syncthing#3859).
A panic on directory listing at startup has been fixed (gh#syncthing/syncthing#3584).
When a directory is deleted, the .stfolder marker is also removed. The ignore file and .stversions directory are retained, if present (gh#syncthing/syncthing#3857).
Several scenarios where a device would get stuck with ‘not a directory’ errors are now handled again (gh#syncthing/syncthing#3819).
Third-party copyrights in the about box are now more up to date (gh#syncthing/syncthing#3839).
Hashing performance has been improved (gh#syncthing/syncthing#3861)
Update to version 0.14.18 :
Fix connections to older Syncthing versions being no longer closed due to an unmarshalling message: ‘proto:
wrong wireType = 2 for field BlockIndexes’ (gh#syncthing/syncthing#3855).
Update to version 0.14.17 :
Panics caused by corrupt on disc database are now better explained in the panic message (gh#syncthing/syncthing#3689).
Statically configured device addresses without port number now correctly defaulted to port 22000 again (gh#syncthing/syncthing#3817).
Inotify clients no longer cause ‘invalid subpath’ errors to be displayed (gh#syncthing/syncthing#3829).
Directories can now be paused (gh#syncthing/syncthing#215).
‘Master’ directories are now called ‘send only’ in order to standardise on a terminology of sending and receiving changes (gh#syncthing/syncthing#2679).
Pausing devices and directories now persists across restarts (gh#syncthing/syncthing#3407).
A rolling checksum is used to identify and reuse blocks that have moved within a file (gh#syncthing/syncthing#3527).
Syncthing allows setting the type-of-service field on outgoing packets, configured by the advanced setting ‘trafficClass’ (gh#syncthing/syncthing#3790).
Which device introduced another device is now visible in the GUI (gh#syncthing/syncthing#3809).
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2018-45.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(106072);
script_version("3.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2017-1000420");
script_name(english:"openSUSE Security Update : syncthing (openSUSE-2018-45)");
script_summary(english:"Check for the openSUSE-2018-45 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update for syncthing brings a new version and fixes the following
issues :
- Update to version 0.14.42 :
- Discovering new files in a deleted directory does not
resurrect the directory (gh#syncthing/syncthing#4475).
- 'Panic: interface conversion: *errors.errorString is not
net.Error' after restart (gh#syncthing/syncthing#4561).
- Auto-accept shared directories from trusted devices
(gh#syncthing/syncthing#2299).
- Empty directories in .stversions should be removed
(gh#syncthing/syncthing#4406).
- Human readable errors on attempted deletion of a
non-empty directory (gh#syncthing/syncthing#4476).
- Add confirmation on the Remove Folder / Device button
(gh#syncthing/syncthing#4543).
- Update to version 0.14.41 :
- Devices with ignored files stay 'synchronising' forever
(gh#syncthing/syncthing#623).
- No Global Discovery without Synch Protocol Listen
Address (gh#syncthing/syncthing#4418).
- Local network classification doesn't always work
(gh#syncthing/syncthing#4421).
- Hashed GUI password should not be rehashed
(gh#syncthing/syncthing#4458).
- Pulls not triggered correctly on reconnection
(gh#syncthing/syncthing#4504).
- A symlink/file replacement doesn't work properly
(gh#syncthing/syncthing#4505).
- File/directory replacement doesn't work properly
(gh#syncthing/syncthing#4506).
- Logging at info level and above should always include
context (gh#syncthing/syncthing#4510).
- Panic in 'pfilter' package on 32 bit architectures
(gh#syncthing/syncthing#4537).
- Allow synchronising read-only directories as 'Master
Directories' (gh#syncthing/syncthing#1126).
- 'Global Changes' button is confusing, retitle to 'Recent
Changes' (gh#syncthing/syncthing#4326).
- Dial device addresses in parallel
(gh#syncthing/syncthing#4456).
- Avoid lots and lots of announced addresses in the
presence of symmetric NAT (gh#syncthing/syncthing#4519).
- Split transport usage reporting per stack
(gh#syncthing/syncthing#4463).
- Update to version 0.14.40 :
- Report more data part of the anonymous usage report
(gh#syncthing/syncthing#3628)
- Better report synchronisation errors
(gh#syncthing/syncthing#4392).
- Removing paused directories no longer causes a panic
(gh#syncthing/syncthing#4405).
- Make local IPv4 discovery more resilient against write
failures (gh#syncthing/syncthing#4414).
- Clearer logging around config failures at startup
(gh#syncthing/syncthing#4431).
- Do not complain about inability to fsync files
(gh#syncthing/syncthing#4432).
- Improve KCP connections (gh#syncthing/syncthing#4446).
- Improve directory health checking
(gh#syncthing/syncthing#4451).
- Include built-in support for file system notifications,
although it is disabled by default.
- Enable by default the UDP based 'KCP' protocol.
- Update to version 0.14.39 :
- Removing paused directories no longer triggers a crash
(gh#syncthing/syncthing#4357).
- Add further security related HTTP headers
(gh#syncthing/syncthing#4360).
- Improve info level logging in some cases
(gh#syncthing/syncthing#4375).
- Improve GUI tooltips in chromium based browsers
(gh#syncthing/syncthing#4377).
- Add -device-id command line switch
(gh#syncthing/syncthing#4387).
- Failure to upgrade directory markers from file to
directory type is no longer fatal.
- Update to version 0.14.38 :
- KCP connections are now more stable
(gh#syncthing/syncthing#4063,
gh#syncthing/syncthing#4343)
- Hashing benchmarks are skipped if a manual selection has
been forced (gh#syncthing/syncthing#4348).
- Relay server RAM usage has been reduced
(gh#syncthing/syncthing#4245).
- Update to version 0.14.37 (changes since 0.14.32) :
- Relative version paths are now correctly relative to the
directory path (gh#syncthing/syncthing#4188).
- Remote devices now show bytes remaining to synchronise
(gh#syncthing/syncthing#4227).
- Editing ignore patterns no longer incorrectly shows
included patterns (gh#syncthing/syncthing#4249).
- The new directory dialogue now suggests a default path.
Adjustable via advanced config defaultFolderPath
(gh#syncthing/syncthing#2157).
- The build script no longer sets -installsuffix by
default (gh#syncthing/syncthing#4272).
- Prevent a vulnerability that allows file overwrite via
versioned symlinks (CVE-2017-1000420, boo#1074428,
gh#syncthing/syncthing#4286).
- Symlinks are deleted from versioned directories on
startup (gh#syncthing/syncthing#4288).
- Directory paths are no longer reset when editing a
directory without a label (gh#syncthing/syncthing#4297).
- Better detect synchronisation conflicts that happen
while synchronising (gh#syncthing/syncthing#3742,
gh#syncthing/syncthing#4305).
- Fix a crash related to a nil reference in ignore
handling (gh#syncthing/syncthing#4300).
- Stop requiring golang.org/x/net/context.
- Update to version 0.14.32 :
- 'Nearby devices' are now shown in the add device
dialogue, avoiding the need to type their device ID
(gh#syncthing/syncthing#4157).
- Directories that were once ignored in a sharing request
now actually work properly when later added manually
(gh#syncthing/syncthing#4219).
- Update to version 0.14.31 (changes since 0.14.29) :
- Correctly clear warning 'path is a subdirectory of other
folder' in directory dialogue
(gh#syncthing/syncthing#3433).
- Conflict copies filename now includes the ID of the last
device to change the file (gh#syncthing/syncthing#3524).
- Directories offered by other devices can now be ignored
(gh#syncthing/syncthing#3993).
- Changed device name takes effect with restart; device
name is not sent to unknown devices
(gh#syncthing/syncthing#4164).
- Correctly show CPU usage when started with -no-restart
option (gh#syncthing/syncthing#4183).
- Icons and directory information in local device summary
is consistent with that in directories
(gh#syncthing/syncthing#4100).
- Fix a data race in KCP & STUN
(gh#syncthing/syncthing#4177).
- Ignore patterns on newly accepted directories are no
longer erroneously inherited from an earlier added
directory (gh#syncthing/syncthing#4203).
- Update to version 0.14.29 :
- The layout of the global changes dialogue is improved
(gh#syncthing/syncthing#3895).
- Running as root or SYSTEM now triggers a warning
recommending against it (gh#syncthing/syncthing#4123).
- Changing the theme no longer causes an HTTP error
(gh#syncthing/syncthing#4127).
- Update to version 0.14.28 :
- It is now possible to create custom event subscriptions
via the REST API (gh#syncthing/syncthing#1879).
- Removing large directories now uses less memory
(gh#syncthing/syncthing#2250).
- The minimum disc space (per directory and for the home
drive) can now be set to an absolute value
(gh#syncthing/syncthing#3307).
- Pausing or reconfiguring a directory will no longer
start extra scans. Pausing a directory stops scanning
(gh#syncthing/syncthing#3965).
- Ignore patterns can now be set at directory creation
time, and for paused directories
(gh#syncthing/syncthing#3996).
- It is no longer possible to configure the GUI/API to
listen on a privileged port using the standard settings
dialogue (gh#syncthing/syncthing#4020).
- The device allowed subnet list can now include negative
('!') entries to disallow subnets
(gh#syncthing/syncthing#4096).
- Doing 'Override changes' now uses less memory
(gh#syncthing/syncthing#4112).
- Require golang.org/x/net/context on openSUSE older than
openSUSE Leap 15.x.
- Update to version 0.14.27 :
- Devices can now have a list of allowed subnets (advanced
config) (gh#syncthing/syncthing#219).
- The transfer rate units can now be changed by clicking
on the value (gh#syncthing/syncthing#234).
- UI text explaining 'Introducer' is improved
(gh#syncthing/syncthing#1819).
- Advanced config editor can now edit lists of things
(gh#syncthing/syncthing#2267).
- Directories created for new directories now obey the
user umask setting (gh#syncthing/syncthing#2519).
- Incoming index updates are consistency checked better
(gh#syncthing/syncthing#4053).
- Update to version 0.14.26 :
- Discovery errors are more clearly displayed in the GUI
(gh#syncthing/syncthing#2344).
- The language dropdown menu in the GUI is now correctly
sorted (gh#syncthing/syncthing#3913).
- When there are items that could not be synced, their
full path is displayed in the GUI.
- Update to version 0.14.25 :
- Improve 'Pause All'/'Resume All' icons
(gh#syncthing/syncthing#4003).
- There are now mips and mipsle builds by default
(gh#syncthing/syncthing#3959).
- The 'overwriting protected files' warning now correctly
handles relative paths to the config directory
(gh#syncthing/syncthing#3183).
- The experimental KCP protocol for transfers over UDP has
been merged, although it's not currently enabled by
default (gh#syncthing/syncthing#804).
- Update to version 0.14.24 :
- lib/sync: Fix a race in unlocker logging
(gh#syncthing/syncthing#3884).
- Make links and log messages refer to https instead of
http where possible (gh#syncthing/syncthing#3976).
- The default number of parallel file processing routines
per directory is now two (previously one), and the
number of simultaneously outstanding network requests
has been increased.
- The UI now contains buttons to pause or resume all
directories with a single action.
- Update to version 0.14.23 (changes since 0.14.21) :
- Leading and trailing spaces are no longer stripped in
the GUI password field (gh#syncthing/syncthing#3935)
- The GUI shows remaining amount of data to sync per
directory (gh#syncthing/syncthing#3908).
- There should no longer be empty entries in the global
log (gh#syncthing/syncthing#3933).
- Weak hashing is now by default only enabled when it
makes sense from a performance point of view
(gh#syncthing/syncthing#3938).
- Update to version 0.14.21 (changes since 0.14.19) :
- There is now a warning when adding a directory that is a
parent of an existing directory
(gh#syncthing/syncthing#3197).
- Using -logfile flag together with -no-restart now causes
an error instead of silently failing
(gh#syncthing/syncthing#3912).
- Weak hashing is now disabled completely when the
threshold percentage is > 100
(gh#syncthing/syncthing#3891).
- Rate limiting now actually works on ARM64 builds again
(gh#syncthing/syncthing#3921).
- Fix an issue where UPnP port allocations would be
incorrect under some circumstances
(gh#syncthing/syncthing#3924).
- Weak hashing is a bit faster and allocates less memory.
- The hashing performance reported at startup now includes
weak hashing.
- The GUI 'network error' dialogue no longer shows up as
easily in some scenarios when using Syncthing behind a
reverse proxy.
- Update to version 0.14.19 :
- Changing bandwidth rate limits now takes effect
immediately without restart
(gh#syncthing/syncthing#3846)
- The event log (-audit) can now be directed to stderr for
piping into an another application
(gh#syncthing/syncthing#3859).
- A panic on directory listing at startup has been fixed
(gh#syncthing/syncthing#3584).
- When a directory is deleted, the .stfolder marker is
also removed. The ignore file and .stversions directory
are retained, if present (gh#syncthing/syncthing#3857).
- Several scenarios where a device would get stuck with
'not a directory' errors are now handled again
(gh#syncthing/syncthing#3819).
- Third-party copyrights in the about box are now more up
to date (gh#syncthing/syncthing#3839).
- Hashing performance has been improved
(gh#syncthing/syncthing#3861)
- Update to version 0.14.18 :
- Fix connections to older Syncthing versions being no
longer closed due to an unmarshalling message: 'proto:
wrong wireType = 2 for field BlockIndexes'
(gh#syncthing/syncthing#3855).
- Update to version 0.14.17 :
- Panics caused by corrupt on disc database are now better
explained in the panic message
(gh#syncthing/syncthing#3689).
- Statically configured device addresses without port
number now correctly defaulted to port 22000 again
(gh#syncthing/syncthing#3817).
- Inotify clients no longer cause 'invalid subpath' errors
to be displayed (gh#syncthing/syncthing#3829).
- Directories can now be paused
(gh#syncthing/syncthing#215).
- 'Master' directories are now called 'send only' in order
to standardise on a terminology of sending and receiving
changes (gh#syncthing/syncthing#2679).
- Pausing devices and directories now persists across
restarts (gh#syncthing/syncthing#3407).
- A rolling checksum is used to identify and reuse blocks
that have moved within a file
(gh#syncthing/syncthing#3527).
- Syncthing allows setting the type-of-service field on
outgoing packets, configured by the advanced setting
'trafficClass' (gh#syncthing/syncthing#3790).
- Which device introduced another device is now visible in
the GUI (gh#syncthing/syncthing#3809)."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1074428"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected syncthing package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:syncthing");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
script_set_attribute(attribute:"patch_publication_date", value:"2018/01/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/16");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2018-2021 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.2|SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2 / 42.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE42.2", reference:"syncthing-0.14.42-7.3.1") ) flag++;
if ( rpm_check(release:"SUSE42.3", reference:"syncthing-0.14.42-3.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "syncthing");
}
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
31.9%