Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2019-4269.NASL
HistoryDec 18, 2019 - 12:00 a.m.

RHEL 8 : container-tools:rhel8 (RHSA-2019:4269) (Ping Flood) (Reset Flood)

2019-12-1800:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
220

7.5 High

AI Score

Confidence

High

JSON

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es) :

  • HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512)

  • HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514)

  • runc: AppArmor/SELinux bypass with malicious image that specifies a volume at /proc (CVE-2019-16884)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es) :

  • avc: podman run --security-opt label=type:svirt_qemu_net_t (BZ#1764318)

  • backport json-file logging support to 1.4.2 (BZ#1770176)

  • Selinux won’t allow SCTP inter pod communication (BZ#1774382)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2019:4269. The text
# itself is copyright (C) Red Hat, Inc.
#

include('compat.inc');

if (description)
{
  script_id(132234);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/03");

  script_cve_id(
    "CVE-2019-9512",
    "CVE-2019-9514",
    "CVE-2019-16884",
    "CVE-2019-18466"
  );
  script_xref(name:"RHSA", value:"2019:4269");
  script_xref(name:"CEA-ID", value:"CEA-2019-0643");

  script_name(english:"RHEL 8 : container-tools:rhel8 (RHSA-2019:4269) (Ping Flood) (Reset Flood)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"An update for the container-tools:rhel8 module is now available for
Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

The container-tools module contains tools for working with containers,
notably podman, buildah, skopeo, and runc.

Security Fix(es) :

* HTTP/2: flood using PING frames results in unbounded memory growth
(CVE-2019-9512)

* HTTP/2: flood using HEADERS frames results in unbounded memory
growth (CVE-2019-9514)

* runc: AppArmor/SELinux bypass with malicious image that specifies a
volume at /proc (CVE-2019-16884)

For more details about the security issue(s), including the impact, a
CVSS score, acknowledgments, and other related information, refer to
the CVE page(s) listed in the References section.

Bug Fix(es) :

* avc: podman run --security-opt label=type:svirt_qemu_net_t
(BZ#1764318)

* backport json-file logging support to 1.4.2 (BZ#1770176)

* Selinux won't allow SCTP inter pod communication (BZ#1774382)");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2019:4269");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-9512");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-9514");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-16884");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-18466");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-18466");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2019-16884");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"in_the_news", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/12/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/18");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:buildah");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:buildah-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:buildah-tests");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cockpit-podman");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:container-selinux");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:containernetworking-plugins");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:containernetworking-plugins-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:containers-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:fuse-overlayfs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:fuse-overlayfs-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:oci-systemd-hook");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:oci-systemd-hook-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:oci-umount");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:oci-umount-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:podman");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:podman-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:podman-docker");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:podman-manpages");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:podman-remote");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:podman-tests");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-podman-api");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:runc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:runc-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:skopeo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:skopeo-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:skopeo-tests");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:slirp4netns");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:slirp4netns-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:toolbox");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8.1");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 8.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

module_ver = get_kb_item('Host/RedHat/appstream/container-tools');
if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module container-tools:rhel8');
if ('rhel8' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module container-tools:' + module_ver);

appstreams = {
    'container-tools:rhel8': [
      {'reference':'buildah-1.9.0-5.module+el8.1.0+4240+893c1ab8', 'cpu':'aarch64', 'release':'8'},
      {'reference':'buildah-1.9.0-5.module+el8.1.0+4240+893c1ab8', 'cpu':'s390x', 'release':'8'},
      {'reference':'buildah-1.9.0-5.module+el8.1.0+4240+893c1ab8', 'cpu':'x86_64', 'release':'8'},
      {'reference':'buildah-debugsource-1.9.0-5.module+el8.1.0+4240+893c1ab8', 'cpu':'aarch64', 'release':'8'},
      {'reference':'buildah-debugsource-1.9.0-5.module+el8.1.0+4240+893c1ab8', 'cpu':'s390x', 'release':'8'},
      {'reference':'buildah-debugsource-1.9.0-5.module+el8.1.0+4240+893c1ab8', 'cpu':'x86_64', 'release':'8'},
      {'reference':'buildah-tests-1.9.0-5.module+el8.1.0+4240+893c1ab8', 'cpu':'aarch64', 'release':'8'},
      {'reference':'buildah-tests-1.9.0-5.module+el8.1.0+4240+893c1ab8', 'cpu':'s390x', 'release':'8'},
      {'reference':'buildah-tests-1.9.0-5.module+el8.1.0+4240+893c1ab8', 'cpu':'x86_64', 'release':'8'},
      {'reference':'cockpit-podman-4-1.module+el8.1.0+4081+b29780af', 'release':'8'},
      {'reference':'container-selinux-2.123.0-2.module+el8.1.0+4900+9d7326b8', 'release':'8', 'epoch':'2'},
      {'reference':'containernetworking-plugins-0.8.1-3.module+el8.1.0+4881+045289ee', 'cpu':'aarch64', 'release':'8'},
      {'reference':'containernetworking-plugins-0.8.1-3.module+el8.1.0+4881+045289ee', 'cpu':'s390x', 'release':'8'},
      {'reference':'containernetworking-plugins-0.8.1-3.module+el8.1.0+4881+045289ee', 'cpu':'x86_64', 'release':'8'},
      {'reference':'containernetworking-plugins-debugsource-0.8.1-3.module+el8.1.0+4881+045289ee', 'cpu':'aarch64', 'release':'8'},
      {'reference':'containernetworking-plugins-debugsource-0.8.1-3.module+el8.1.0+4881+045289ee', 'cpu':'s390x', 'release':'8'},
      {'reference':'containernetworking-plugins-debugsource-0.8.1-3.module+el8.1.0+4881+045289ee', 'cpu':'x86_64', 'release':'8'},
      {'reference':'containers-common-0.1.37-6.module+el8.1.0+4876+e678a192', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},
      {'reference':'containers-common-0.1.37-6.module+el8.1.0+4876+e678a192', 'cpu':'s390x', 'release':'8', 'epoch':'1'},
      {'reference':'containers-common-0.1.37-6.module+el8.1.0+4876+e678a192', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},
      {'reference':'fuse-overlayfs-0.4.1-1.module+el8.1.0+4081+b29780af', 'cpu':'aarch64', 'release':'8'},
      {'reference':'fuse-overlayfs-0.4.1-1.module+el8.1.0+4081+b29780af', 'cpu':'s390x', 'release':'8'},
      {'reference':'fuse-overlayfs-0.4.1-1.module+el8.1.0+4081+b29780af', 'cpu':'x86_64', 'release':'8'},
      {'reference':'fuse-overlayfs-debugsource-0.4.1-1.module+el8.1.0+4081+b29780af', 'cpu':'aarch64', 'release':'8'},
      {'reference':'fuse-overlayfs-debugsource-0.4.1-1.module+el8.1.0+4081+b29780af', 'cpu':'s390x', 'release':'8'},
      {'reference':'fuse-overlayfs-debugsource-0.4.1-1.module+el8.1.0+4081+b29780af', 'cpu':'x86_64', 'release':'8'},
      {'reference':'oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8.1.0+4081+b29780af', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},
      {'reference':'oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8.1.0+4081+b29780af', 'cpu':'s390x', 'release':'8', 'epoch':'1'},
      {'reference':'oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8.1.0+4081+b29780af', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},
      {'reference':'oci-systemd-hook-debugsource-0.1.15-2.git2d0b8a3.module+el8.1.0+4081+b29780af', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},
      {'reference':'oci-systemd-hook-debugsource-0.1.15-2.git2d0b8a3.module+el8.1.0+4081+b29780af', 'cpu':'s390x', 'release':'8', 'epoch':'1'},
      {'reference':'oci-systemd-hook-debugsource-0.1.15-2.git2d0b8a3.module+el8.1.0+4081+b29780af', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},
      {'reference':'oci-umount-2.3.4-2.git87f9237.module+el8.1.0+4081+b29780af', 'cpu':'aarch64', 'release':'8', 'epoch':'2'},
      {'reference':'oci-umount-2.3.4-2.git87f9237.module+el8.1.0+4081+b29780af', 'cpu':'s390x', 'release':'8', 'epoch':'2'},
      {'reference':'oci-umount-2.3.4-2.git87f9237.module+el8.1.0+4081+b29780af', 'cpu':'x86_64', 'release':'8', 'epoch':'2'},
      {'reference':'oci-umount-debugsource-2.3.4-2.git87f9237.module+el8.1.0+4081+b29780af', 'cpu':'aarch64', 'release':'8', 'epoch':'2'},
      {'reference':'oci-umount-debugsource-2.3.4-2.git87f9237.module+el8.1.0+4081+b29780af', 'cpu':'s390x', 'release':'8', 'epoch':'2'},
      {'reference':'oci-umount-debugsource-2.3.4-2.git87f9237.module+el8.1.0+4081+b29780af', 'cpu':'x86_64', 'release':'8', 'epoch':'2'},
      {'reference':'podman-1.4.2-6.module+el8.1.0+4830+f49150d7', 'cpu':'aarch64', 'release':'8'},
      {'reference':'podman-1.4.2-6.module+el8.1.0+4830+f49150d7', 'cpu':'s390x', 'release':'8'},
      {'reference':'podman-1.4.2-6.module+el8.1.0+4830+f49150d7', 'cpu':'x86_64', 'release':'8'},
      {'reference':'podman-debugsource-1.4.2-6.module+el8.1.0+4830+f49150d7', 'cpu':'aarch64', 'release':'8'},
      {'reference':'podman-debugsource-1.4.2-6.module+el8.1.0+4830+f49150d7', 'cpu':'s390x', 'release':'8'},
      {'reference':'podman-debugsource-1.4.2-6.module+el8.1.0+4830+f49150d7', 'cpu':'x86_64', 'release':'8'},
      {'reference':'podman-docker-1.4.2-6.module+el8.1.0+4830+f49150d7', 'release':'8'},
      {'reference':'podman-manpages-1.4.2-6.module+el8.1.0+4830+f49150d7', 'release':'8'},
      {'reference':'podman-remote-1.4.2-6.module+el8.1.0+4830+f49150d7', 'cpu':'aarch64', 'release':'8'},
      {'reference':'podman-remote-1.4.2-6.module+el8.1.0+4830+f49150d7', 'cpu':'s390x', 'release':'8'},
      {'reference':'podman-remote-1.4.2-6.module+el8.1.0+4830+f49150d7', 'cpu':'x86_64', 'release':'8'},
      {'reference':'podman-tests-1.4.2-6.module+el8.1.0+4830+f49150d7', 'cpu':'aarch64', 'release':'8'},
      {'reference':'podman-tests-1.4.2-6.module+el8.1.0+4830+f49150d7', 'cpu':'s390x', 'release':'8'},
      {'reference':'podman-tests-1.4.2-6.module+el8.1.0+4830+f49150d7', 'cpu':'x86_64', 'release':'8'},
      {'reference':'python-podman-api-1.2.0-0.1.gitd0a45fe.module+el8.1.0+4081+b29780af', 'release':'8'},
      {'reference':'runc-1.0.0-61.rc8.module+el8.1.0+4873+4a24e241', 'cpu':'aarch64', 'release':'8'},
      {'reference':'runc-1.0.0-61.rc8.module+el8.1.0+4873+4a24e241', 'cpu':'s390x', 'release':'8'},
      {'reference':'runc-1.0.0-61.rc8.module+el8.1.0+4873+4a24e241', 'cpu':'x86_64', 'release':'8'},
      {'reference':'runc-debugsource-1.0.0-61.rc8.module+el8.1.0+4873+4a24e241', 'cpu':'aarch64', 'release':'8'},
      {'reference':'runc-debugsource-1.0.0-61.rc8.module+el8.1.0+4873+4a24e241', 'cpu':'s390x', 'release':'8'},
      {'reference':'runc-debugsource-1.0.0-61.rc8.module+el8.1.0+4873+4a24e241', 'cpu':'x86_64', 'release':'8'},
      {'reference':'skopeo-0.1.37-6.module+el8.1.0+4876+e678a192', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},
      {'reference':'skopeo-0.1.37-6.module+el8.1.0+4876+e678a192', 'cpu':'s390x', 'release':'8', 'epoch':'1'},
      {'reference':'skopeo-0.1.37-6.module+el8.1.0+4876+e678a192', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},
      {'reference':'skopeo-debugsource-0.1.37-6.module+el8.1.0+4876+e678a192', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},
      {'reference':'skopeo-debugsource-0.1.37-6.module+el8.1.0+4876+e678a192', 'cpu':'s390x', 'release':'8', 'epoch':'1'},
      {'reference':'skopeo-debugsource-0.1.37-6.module+el8.1.0+4876+e678a192', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},
      {'reference':'skopeo-tests-0.1.37-6.module+el8.1.0+4876+e678a192', 'cpu':'aarch64', 'release':'8', 'epoch':'1'},
      {'reference':'skopeo-tests-0.1.37-6.module+el8.1.0+4876+e678a192', 'cpu':'s390x', 'release':'8', 'epoch':'1'},
      {'reference':'skopeo-tests-0.1.37-6.module+el8.1.0+4876+e678a192', 'cpu':'x86_64', 'release':'8', 'epoch':'1'},
      {'reference':'slirp4netns-0.3.0-4.module+el8.1.0+4306+1d917805', 'cpu':'aarch64', 'release':'8'},
      {'reference':'slirp4netns-0.3.0-4.module+el8.1.0+4306+1d917805', 'cpu':'s390x', 'release':'8'},
      {'reference':'slirp4netns-0.3.0-4.module+el8.1.0+4306+1d917805', 'cpu':'x86_64', 'release':'8'},
      {'reference':'slirp4netns-debugsource-0.3.0-4.module+el8.1.0+4306+1d917805', 'cpu':'aarch64', 'release':'8'},
      {'reference':'slirp4netns-debugsource-0.3.0-4.module+el8.1.0+4306+1d917805', 'cpu':'s390x', 'release':'8'},
      {'reference':'slirp4netns-debugsource-0.3.0-4.module+el8.1.0+4306+1d917805', 'cpu':'x86_64', 'release':'8'},
      {'reference':'toolbox-0.0.4-1.module+el8.1.0+4081+b29780af', 'cpu':'aarch64', 'release':'8'},
      {'reference':'toolbox-0.0.4-1.module+el8.1.0+4081+b29780af', 'cpu':'s390x', 'release':'8'},
      {'reference':'toolbox-0.0.4-1.module+el8.1.0+4081+b29780af', 'cpu':'x86_64', 'release':'8'}
    ],
};

flag = 0;
appstreams_found = 0;
foreach module (keys(appstreams)) {
  appstream = NULL;
  appstream_name = NULL;
  appstream_version = NULL;
  appstream_split = split(module, sep:':', keep:FALSE);
  if (!empty_or_null(appstream_split)) {
    appstream_name = appstream_split[0];
    appstream_version = appstream_split[1];
    if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);
  }
  if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {
    appstreams_found++;
    foreach package_array ( appstreams[module] ) {
      reference = NULL;
      release = NULL;
      sp = NULL;
      cpu = NULL;
      el_string = NULL;
      rpm_spec_vers_cmp = NULL;
      epoch = NULL;
      if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
      if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
      if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
      if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
      if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
      if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
      if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
      if (reference && release) {
        if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
      }
    }
  }
}

if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module container-tools:rhel8');

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'buildah / buildah-debugsource / buildah-tests / etc');
}
VendorProductVersionCPE
redhatenterprise_linuxbuildahp-cpe:/a:redhat:enterprise_linux:buildah
redhatenterprise_linuxbuildah-debugsourcep-cpe:/a:redhat:enterprise_linux:buildah-debugsource
redhatenterprise_linuxbuildah-testsp-cpe:/a:redhat:enterprise_linux:buildah-tests
redhatenterprise_linuxcockpit-podmanp-cpe:/a:redhat:enterprise_linux:cockpit-podman
redhatenterprise_linuxcontainer-selinuxp-cpe:/a:redhat:enterprise_linux:container-selinux
redhatenterprise_linuxcontainernetworking-pluginsp-cpe:/a:redhat:enterprise_linux:containernetworking-plugins
redhatenterprise_linuxcontainernetworking-plugins-debugsourcep-cpe:/a:redhat:enterprise_linux:containernetworking-plugins-debugsource
redhatenterprise_linuxcontainers-commonp-cpe:/a:redhat:enterprise_linux:containers-common
redhatenterprise_linuxfuse-overlayfsp-cpe:/a:redhat:enterprise_linux:fuse-overlayfs
redhatenterprise_linuxfuse-overlayfs-debugsourcep-cpe:/a:redhat:enterprise_linux:fuse-overlayfs-debugsource
Rows per page:
1-10 of 311

Related

nessus 58
redhat 17
osv 21
rocky 2
almalinux 2
oraclelinux 7
ibm 10
altlinux 3
openvas 30
mageia 3
freebsd 3
amazon 2
debian 5
suse 8
github 2
archlinux 2
arista 1
fedora 6
redhatcve 2
cve 2
veracode 2
prion 2
debiancve 2
ubuntu 1
apple 2
alpinelinux 1
photon 1
gitlab 1
ubuntucve 1
nessus
nessus
CentOS 8 : container-tools:rhel8 (CESA-2019:4269)
2021-01-29 00:00:00
Rocky Linux 8 : container-tools:rhel8 (RLSA-2019:4269)
2023-11-07 00:00:00
Oracle Linux 8 : container-tools:ol8 (ELSA-2019-4269) (Ping Flood) (Reset Flood)
2020-01-06 00:00:00
redhat
redhat
(RHSA-2019:4269) Important: container-tools:rhel8 security and bug fix update
2019-12-17 09:19:28
(RHSA-2020:0406) Important: containernetworking-plugins security update
2020-02-04 18:54:49
(RHSA-2019:3906) Important: OpenShift Container Platform 3.11 HTTP/2 security update
2019-11-18 16:18:29
osv
osv
Important: container-tools:rhel8 security and bug fix update
2019-12-17 09:19:28
Important: container-tools:rhel8 security and bug fix update
2019-12-17 09:19:28
CVE-2019-9514
2019-08-13 21:15:12
rocky
rocky
container-tools:rhel8 security and bug fix update
2019-12-17 09:19:28
container-tools:1.0 security update
2019-12-17 09:20:02
almalinux
almalinux
Important: container-tools:rhel8 security and bug fix update
2019-12-17 09:19:28
Important: container-tools:1.0 security update
2019-12-17 09:20:02
oraclelinux
oraclelinux
container-tools:ol8 security and bug fix update
2020-04-15 00:00:00
go-toolset:rhel8 security and bug fix update
2019-09-17 00:00:00
container-tools:ol8 security and bug fix update
2020-01-03 00:00:00
ibm
ibm
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Go (CVE-2019-9512, CVE-2019-9514)
2019-11-23 15:51:35
Security Bulletin: IBM MQ Certified Container is vulnerable to multiple vulnerabilities in Golang (CVE-2019-9512, CVE-2019-9514)
2019-12-19 15:33:23
Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes security vulnerabilities (CVE-2019-9512, CVE-2019-9514)
2019-09-04 10:55:08
altlinux
altlinux
Security fix for the ALT Linux 10 package kubernetes version 1.15.3-alt1
2019-09-26 00:00:00
Security fix for the ALT Linux 10 package traefik version 1.7.14-alt1
2019-08-23 00:00:00
Security fix for the ALT Linux 10 package golang version 1.12.9-alt1
2019-08-19 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-2485-1)
2020-12-09 00:00:00
Mageia: Security Advisory (MGASA-2020-0468)
2022-01-28 00:00:00
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2019-1967)
2020-01-23 00:00:00
mageia
mageia
Updated golang-googlecode-net package fixes security vulnerabilities
2020-12-22 00:47:06
Updated golang packages fix security vulnerabilities
2019-09-07 00:09:08
Updated opencontainers-runc packages fix security vulnerability
2020-01-28 10:52:40
freebsd
freebsd
traefik -- Denial of service in HTTP/2
2019-08-13 00:00:00
h2o -- multiple HTTP/2 vulnerabilities
2019-08-13 00:00:00
h2o -- multiple HTTP/2 vulnerabilities
2019-08-13 00:00:00
amazon
amazon
Important: golang
2019-08-23 03:20:00
Important: golang
2019-08-23 16:58:00
debian
debian
[SECURITY] [DLA 2485-1] golang-golang-x-net-dev security update
2020-12-08 22:15:45
[SECURITY] [DSA 4508-1] h2o security update
2019-08-24 14:44:01
[SECURITY] [DSA 4503-1] golang-1.11 security update
2019-08-18 18:25:11
suse
suse
Security update for go1.12 (moderate)
2019-09-02 00:00:00
Security update for go1.12 (moderate)
2019-09-14 00:00:00
Security update for go1.12 (moderate)
2019-09-07 00:00:00
github
github
HTTP/2 DoS Attacks: Ping, Reset, and Settings Floods
2022-03-14 22:45:11
Podman Symlink Vulnerability
2022-05-24 16:59:58
archlinux
archlinux
[ASA-201908-16] go-pie: multiple issues
2019-08-24 00:00:00
[ASA-201908-15] go: multiple issues
2019-08-24 00:00:00
arista
arista
Security Advisory 0043
2019-11-06 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: golang-1.12.9-1.fc30
2019-09-06 12:35:05
[SECURITY] Fedora 30 Update: golang-1.12.10-1.fc30
2019-10-09 16:54:30
[SECURITY] Fedora 30 Update: golang-1.12.13-1.fc30
2019-11-12 02:09:13
redhatcve
redhatcve
CVE-2019-18466
2019-11-04 15:30:52
CVE-2019-16884
2019-10-13 20:07:34
cve
cve
CVE-2019-18466
2019-10-28 13:15:00
CVE-2019-16884
2019-09-25 18:15:00
veracode
veracode
Arbitrary File Overwrite
2019-10-29 09:34:54
Arbitrary File Read
2019-09-26 05:02:30
prion
prion
Code injection
2019-10-28 13:15:00
Design/Logic Flaw
2019-09-25 18:15:00
debiancve
debiancve
CVE-2019-18466
2019-10-28 13:15:00
CVE-2019-16884
2019-09-25 18:15:00
ubuntu
ubuntu
Netty vulnerabilities
2021-06-29 00:00:00
apple
apple
About the security content of SwiftNIO HTTP/2 1.5.0 - Apple Support
2019-08-13 06:09:21
About the security content of SwiftNIO HTTP/2 1.5.0
2019-08-13 00:00:00
alpinelinux
alpinelinux
CVE-2019-16884
2019-09-25 18:15:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0241
2020-05-09 00:00:00
gitlab
gitlab
Allocation of Resources Without Limits or Throttling
2022-05-24 00:00:00
ubuntucve
ubuntucve
CVE-2019-16884
2019-09-25 00:00:00

7.5 High

AI Score

Confidence

High

JSON
Related for REDHAT-RHSA-2019-4269.NASL
nessus58redhat17osv21rocky2almalinux2oraclelinux7ibm10altlinux3openvas30mageia3freebsd3amazon2debian5suse8github2archlinux2arista1fedora6redhatcve2cve2veracode2prion2debiancve2ubuntu1apple2alpinelinux1photon1gitlab1ubuntucve1