Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2019-541.NASL
HistoryMar 27, 2019 - 12:00 a.m.

openSUSE Security Update : mercurial (openSUSE-2019-541)

2019-03-2700:00:00
This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
JSON

This update for mercurial fixes the following issues :

Security issues fixed :

  • CVE-2018-13346: Fix mpatch_apply function in mpatch.c that incorrectly proceeds in cases where the fragment start is past the end of the original data (bsc#1100354).

  • CVE-2018-13347: Fix mpatch.c that mishandles integer addition and subtraction (bsc#1100355).

  • CVE-2018-13348: Fix the mpatch_decode function in mpatch.c that mishandles certain situations where there should be at least 12 bytes remaining after thecurrent position in the patch data (bsc#1100353).

This update was imported from the SUSE:SLE-15:Update update project.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2019-541.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(123230);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2018-13346", "CVE-2018-13347", "CVE-2018-13348");

  script_name(english:"openSUSE Security Update : mercurial (openSUSE-2019-541)");
  script_summary(english:"Check for the openSUSE-2019-541 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update for mercurial fixes the following issues :

Security issues fixed :

  - CVE-2018-13346: Fix mpatch_apply function in mpatch.c
    that incorrectly proceeds in cases where the fragment
    start is past the end of the original data
    (bsc#1100354).

  - CVE-2018-13347: Fix mpatch.c that mishandles integer
    addition and subtraction (bsc#1100355).

  - CVE-2018-13348: Fix the mpatch_decode function in
    mpatch.c that mishandles certain situations where there
    should be at least 12 bytes remaining after thecurrent
    position in the patch data (bsc#1100353).

This update was imported from the SUSE:SLE-15:Update update project."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1100353"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1100354"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1100355"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected mercurial packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mercurial");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mercurial-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mercurial-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mercurial-lang");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/03/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/27");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE15.0", reference:"mercurial-4.5.2-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"mercurial-debuginfo-4.5.2-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"mercurial-debugsource-4.5.2-lp150.2.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.0", reference:"mercurial-lang-4.5.2-lp150.2.3.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mercurial / mercurial-debuginfo / mercurial-debugsource / etc");
}
VendorProductVersionCPE
novellopensusemercurialp-cpe:/a:novell:opensuse:mercurial
novellopensusemercurial-debuginfop-cpe:/a:novell:opensuse:mercurial-debuginfo
novellopensusemercurial-debugsourcep-cpe:/a:novell:opensuse:mercurial-debugsource
novellopensusemercurial-langp-cpe:/a:novell:opensuse:mercurial-lang
novellopensuse15.0cpe:/o:novell:opensuse:15.0

Related

suse 2
openvas 12
nessus 14
mageia 1
osv 5
redhat 1
debian 1
oraclelinux 1
centos 1
github 3
ubuntucve 3
cve 3
redhatcve 3
veracode 3
debiancve 3
prion 3
photon 4
rosalinux 1
suse
suse
Security update for mercurial (moderate)
2018-07-28 16:04:51
Security update for mercurial (moderate)
2018-07-20 03:15:02
openvas
openvas
Mercurial Multiple Vulnerabilities - Windows
2018-09-28 00:00:00
openSUSE: Security Advisory for mercurial (openSUSE-SU-2018:2023-1)
2018-07-20 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:1998-1)
2021-06-09 00:00:00
nessus
nessus
openSUSE Security Update : mercurial (openSUSE-2018-734)
2018-07-20 00:00:00
SUSE SLED15 / SLES15 Security Update : mercurial (SUSE-SU-2018:1998-1)
2019-01-02 00:00:00
openSUSE Security Update : mercurial (openSUSE-2018-772)
2018-07-30 00:00:00
mageia
mageia
Updated mercurial packages fix security vulnerabilities
2018-09-01 00:11:59
osv
osv
mercurial - security update
2020-07-27 00:00:00
mercurial - security update
2018-07-05 00:00:00
PYSEC-2018-90
2018-07-06 00:29:00
redhat
redhat
(RHSA-2019:2276) Moderate: mercurial security update
2019-08-06 08:20:05
debian
debian
[SECURITY] [DLA 2293-1] mercurial security update
2020-07-31 11:06:17
oraclelinux
oraclelinux
mercurial security update
2019-08-13 00:00:00
centos
centos
emacs, mercurial security update
2019-08-30 03:38:48
github
github
Mercurial Improper Input Validation vulnerability
2022-05-13 01:24:55
Mercurial Improper Input Validation vulnerability
2022-05-13 01:24:55
Mercurial mishandles integer addition and subtraction
2022-05-13 01:24:55
ubuntucve
ubuntucve
CVE-2018-13347
2018-07-06 00:00:00
CVE-2018-13348
2018-07-06 00:00:00
CVE-2018-13346
2018-07-06 00:00:00
cve
cve
CVE-2018-13348
2018-07-06 00:29:00
CVE-2018-13347
2018-07-06 00:29:00
CVE-2018-13346
2018-07-06 00:29:00
redhatcve
redhatcve
CVE-2018-13347
2018-07-09 04:49:12
CVE-2018-13348
2018-07-09 04:48:42
CVE-2018-13346
2018-07-09 04:48:56
veracode
veracode
Buffer Overflow
2018-07-06 07:47:16
Buffer Underflow
2018-07-06 07:31:35
Buffer Overflow
2018-07-06 06:09:25
debiancve
debiancve
CVE-2018-13348
2018-07-06 00:29:00
CVE-2018-13347
2018-07-06 00:29:00
CVE-2018-13346
2018-07-06 00:29:00
prion
prion
Authentication flaw
2018-07-06 00:29:00
Code injection
2018-07-06 00:29:00
Design/Logic Flaw
2018-07-06 00:29:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0159
2019-05-10 00:00:00
Critical Photon OS Security Update - PHSA-2019-0159
2019-05-10 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0234
2019-05-17 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1918
2021-07-02 17:29:24
JSON
Related for OPENSUSE-2019-541.NASL
suse2openvas12nessus14mageia1osv5redhat1debian1oraclelinux1centos1github3ubuntucve3cve3redhatcve3veracode3debiancve3prion3photon4rosalinux1