Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2020-1680.NASLHistoryOct 19, 2020 - 12:00 a.m.
openSUSE Security Update : libproxy (openSUSE-2020-1680)
2020-10-1900:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.021 Low
EPSS
Percentile
89.3%
This update for libproxy fixes the following issues :
-
CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410).
-
CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143).
This update was imported from the SUSE:SLE-15:Update update project.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2020-1680.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('compat.inc');
if (description)
{
script_id(141525);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/15");
script_cve_id("CVE-2020-25219", "CVE-2020-26154");
script_name(english:"openSUSE Security Update : libproxy (openSUSE-2020-1680)");
script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing a security update.");
script_set_attribute(attribute:"description", value:
"This update for libproxy fixes the following issues :
- CVE-2020-25219: Rewrote url::recvline to be nonrecursive
(bsc#1176410).
- CVE-2020-26154: Fixed a buffer overflow when PAC is
enabled (bsc#1177143).
This update was imported from the SUSE:SLE-15:Update update project.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1176410");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1177143");
script_set_attribute(attribute:"solution", value:
"Update the affected libproxy packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-26154");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/09/09");
script_set_attribute(attribute:"patch_publication_date", value:"2020/10/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/10/19");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libproxy-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libproxy-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libproxy-plugins-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libproxy-sharp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libproxy-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libproxy-tools-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libproxy1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libproxy1-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libproxy1-32bit-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libproxy1-config-gnome3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libproxy1-config-gnome3-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libproxy1-config-kde");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libproxy1-config-kde-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libproxy1-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libproxy1-networkmanager");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libproxy1-networkmanager-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libproxy1-pacrunner-webkit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libproxy1-pacrunner-webkit-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-Net-Libproxy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-Net-Libproxy-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-libproxy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python3-libproxy");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.2");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE15.2", reference:"libproxy-debugsource-0.4.15-lp152.5.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"libproxy-devel-0.4.15-lp152.5.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"libproxy-tools-0.4.15-lp152.5.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"libproxy-tools-debuginfo-0.4.15-lp152.5.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"libproxy1-0.4.15-lp152.5.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"libproxy1-debuginfo-0.4.15-lp152.5.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"python-libproxy-0.4.15-lp152.5.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"python3-libproxy-0.4.15-lp152.5.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", cpu:"x86_64", reference:"libproxy-plugins-debugsource-0.4.15-lp152.5.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", cpu:"x86_64", reference:"libproxy-sharp-0.4.15-lp152.5.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", cpu:"x86_64", reference:"libproxy1-32bit-0.4.15-lp152.5.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", cpu:"x86_64", reference:"libproxy1-32bit-debuginfo-0.4.15-lp152.5.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", cpu:"x86_64", reference:"libproxy1-config-gnome3-0.4.15-lp152.5.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", cpu:"x86_64", reference:"libproxy1-config-gnome3-debuginfo-0.4.15-lp152.5.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", cpu:"x86_64", reference:"libproxy1-config-kde-0.4.15-lp152.5.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", cpu:"x86_64", reference:"libproxy1-config-kde-debuginfo-0.4.15-lp152.5.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", cpu:"x86_64", reference:"libproxy1-networkmanager-0.4.15-lp152.5.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", cpu:"x86_64", reference:"libproxy1-networkmanager-debuginfo-0.4.15-lp152.5.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", cpu:"x86_64", reference:"libproxy1-pacrunner-webkit-0.4.15-lp152.5.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", cpu:"x86_64", reference:"libproxy1-pacrunner-webkit-debuginfo-0.4.15-lp152.5.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", cpu:"x86_64", reference:"perl-Net-Libproxy-0.4.15-lp152.5.3.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", cpu:"x86_64", reference:"perl-Net-Libproxy-debuginfo-0.4.15-lp152.5.3.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libproxy-plugins-debugsource / libproxy-sharp / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | libproxy-debugsource | p-cpe:/a:novell:opensuse:libproxy-debugsource |
| novell | opensuse | libproxy-devel | p-cpe:/a:novell:opensuse:libproxy-devel |
| novell | opensuse | libproxy-plugins-debugsource | p-cpe:/a:novell:opensuse:libproxy-plugins-debugsource |
| novell | opensuse | libproxy-sharp | p-cpe:/a:novell:opensuse:libproxy-sharp |
| novell | opensuse | libproxy-tools | p-cpe:/a:novell:opensuse:libproxy-tools |
| novell | opensuse | libproxy-tools-debuginfo | p-cpe:/a:novell:opensuse:libproxy-tools-debuginfo |
| novell | opensuse | libproxy1 | p-cpe:/a:novell:opensuse:libproxy1 |
| novell | opensuse | libproxy1-32bit | p-cpe:/a:novell:opensuse:libproxy1-32bit |
| novell | opensuse | libproxy1-32bit-debuginfo | p-cpe:/a:novell:opensuse:libproxy1-32bit-debuginfo |
| novell | opensuse | libproxy1-config-gnome3 | p-cpe:/a:novell:opensuse:libproxy1-config-gnome3 |
Related
debian
debian
[SECURITY] [DSA 4800-1] libproxy security update
2020-11-28 20:24:49
[SECURITY] [DSA 4800-1] libproxy security update
2020-11-28 20:24:49
[SECURITY] [DLA 2450-1] libproxy security update
2020-11-13 11:02:27
openvas
openvas
Huawei EulerOS: Security Advisory for libproxy (EulerOS-SA-2021-1530)
2021-03-05 00:00:00
Huawei EulerOS: Security Advisory for libproxy (EulerOS-SA-2020-2360)
2020-11-04 00:00:00
Huawei EulerOS: Security Advisory for libproxy (EulerOS-SA-2021-1490)
2021-03-05 00:00:00
nessus
nessus
EulerOS Virtualization 3.0.6.6 : libproxy (EulerOS-SA-2021-1490)
2021-03-04 00:00:00
EulerOS 2.0 SP3 : libproxy (EulerOS-SA-2021-1087)
2021-01-20 00:00:00
EulerOS Virtualization for ARM 64 3.0.6.0 : libproxy (EulerOS-SA-2021-1530)
2021-03-04 00:00:00
suse
suse
Security update for libproxy (important)
2020-10-16 00:00:00
Security update for libproxy (important)
2020-10-17 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1885
2021-07-02 17:16:19
osv
osv
libproxy - security update
2020-11-28 00:00:00
libproxy vulnerability
2021-01-04 12:38:58
CVE-2020-26154
2020-09-30 18:15:27
fedora
fedora
[SECURITY] Fedora 32 Update: libproxy-0.4.15-19.fc32
2020-10-05 17:33:18
[SECURITY] Fedora 33 Update: libproxy-0.4.15-25.fc33
2020-10-02 00:36:41
[SECURITY] Fedora 31 Update: libproxy-0.4.15-15.fc31
2020-10-04 01:26:43
ubuntu
ubuntu
libproxy vulnerability
2021-01-04 00:00:00
libproxy vulnerability
2020-09-17 00:00:00
cbl_mariner
cbl_mariner
CVE-2020-26154 affecting package libproxy for versions less than 0.4.17-5
2022-04-26 22:05:38
CVE-2020-25219 affecting package libproxy for versions less than 0.4.15-20
2022-04-26 22:05:38
CVE-2020-25219 affecting package libproxy for versions less than 0.4.15-20
2022-04-26 22:05:38
veracode
veracode
Denial Of Service (DoS)
2020-10-01 04:38:38
Denial Of Service (DoS)
2020-09-16 08:22:12
redhatcve
redhatcve
CVE-2020-26154
2020-09-30 16:17:02
CVE-2020-25219
2020-09-18 11:00:38
cvelist
cvelist
CVE-2020-26154
2020-09-29 22:02:17
CVE-2020-25219
2020-09-09 20:30:41
ubuntucve
ubuntucve
CVE-2020-26154
2020-09-30 00:00:00
CVE-2020-25219
2020-09-09 00:00:00
nvd
nvd
CVE-2020-26154
2020-09-30 18:15:27
CVE-2020-25219
2020-09-09 21:15:11
cloudfoundry
cloudfoundry
USN-4673-1: libproxy vulnerability | Cloud Foundry
2021-02-10 00:00:00
USN-4514-1: libproxy vulnerability | Cloud Foundry
2020-11-19 00:00:00
prion
prion
Buffer overflow
2020-09-30 18:15:00
Stack overflow
2020-09-09 21:15:00
cve
cve
CVE-2020-26154
2020-09-30 18:15:27
CVE-2020-25219
2020-09-09 21:15:11
alpinelinux
alpinelinux
CVE-2020-26154
2020-09-30 18:15:27
CVE-2020-25219
2020-09-09 21:15:11
mageia
mageia
Updated libproxy packages fix a security vulnerability
2020-11-08 17:14:27
Updated libproxy packages fix security vulnerability
2020-09-27 23:06:37
debiancve
debiancve
CVE-2020-26154
2020-09-30 18:15:27
CVE-2020-25219
2020-09-09 21:15:11
archlinux
archlinux
[ASA-202012-11] libproxy-mozjs: denial of service
2020-12-05 00:00:00
[ASA-202012-9] libproxy-webkit: denial of service
2020-12-05 00:00:00
[ASA-202012-10] libproxy: denial of service
2020-12-05 00:00:00
ibm
ibm
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.021 Low
EPSS
Percentile
89.3%
Related for OPENSUSE-2020-1680.NASL