Lucene search
This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2019-0272-1.NASLHistoryFeb 07, 2019 - 12:00 a.m.
SUSE SLES15 Security Update : rmt-server (SUSE-SU-2019:0272-1)
2019-02-0700:00:00
This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
35
This update for rmt-server to version 1.1.1 fixes the following issues :
The following issues have been fixed :
Fixed migration problems which caused some extensions / modules to be dropped (bsc#1118584, bsc#1118579)
Fixed listing of mirrored products (bsc#1102193)
Include online migration paths into offline migration (bsc#1117106)
Sync products that do not have a base product (bsc#1109307)
Fixed SLP auto discovery for RMT (bsc#1113760)
Update dependencies for security fixes: CVE-2018-16468: Update loofah to 2.2.3 (bsc#1113969)
CVE-2018-16470: Update rack to 2.0.6 (bsc#1114831)
CVE-2018-14404: Update nokogiri to 1.8.5 (bsc#1102046)
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2019:0272-1.
# The text itself is copyright (C) SUSE.
#
include("compat.inc");
if (description)
{
script_id(121637);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/20");
script_cve_id("CVE-2018-14404", "CVE-2018-16468", "CVE-2018-16470");
script_name(english:"SUSE SLES15 Security Update : rmt-server (SUSE-SU-2019:0272-1)");
script_summary(english:"Checks rpm output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote SUSE host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"This update for rmt-server to version 1.1.1 fixes the following
issues :
The following issues have been fixed :
Fixed migration problems which caused some extensions / modules to be
dropped (bsc#1118584, bsc#1118579)
Fixed listing of mirrored products (bsc#1102193)
Include online migration paths into offline migration (bsc#1117106)
Sync products that do not have a base product (bsc#1109307)
Fixed SLP auto discovery for RMT (bsc#1113760)
Update dependencies for security fixes: CVE-2018-16468: Update loofah
to 2.2.3 (bsc#1113969)
CVE-2018-16470: Update rack to 2.0.6 (bsc#1114831)
CVE-2018-14404: Update nokogiri to 1.8.5 (bsc#1102046)
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1102046"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1102193"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1109307"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1113760"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1113969"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1114831"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1117106"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1118579"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.suse.com/show_bug.cgi?id=1118584"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-14404/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-16468/"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.suse.com/security/cve/CVE-2018-16470/"
);
# https://www.suse.com/support/update/announcement/2019/suse-su-20190272-1/
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?29f8932e"
);
script_set_attribute(
attribute:"solution",
value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product :
SUSE Linux Enterprise Module for Server Applications 15:zypper in -t
patch SUSE-SLE-Module-Server-Applications-15-2019-272=1"
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-16468");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:rmt-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:rmt-server-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/19");
script_set_attribute(attribute:"patch_publication_date", value:"2019/02/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES15", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(0)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES15", sp:"0", reference:"rmt-server-1.1.1-3.13.1")) flag++;
if (rpm_check(release:"SLES15", sp:"0", reference:"rmt-server-debuginfo-1.1.1-3.13.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
else security_note(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rmt-server");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | suse_linux | rmt-server | p-cpe:/a:novell:suse_linux:rmt-server |
| novell | suse_linux | rmt-server-debuginfo | p-cpe:/a:novell:suse_linux:rmt-server-debuginfo |
| novell | suse_linux | 15 | cpe:/o:novell:suse_linux:15 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16468
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16470
www.nessus.org/u?29f8932e
bugzilla.suse.com/show_bug.cgi?id=1102046
bugzilla.suse.com/show_bug.cgi?id=1102193
bugzilla.suse.com/show_bug.cgi?id=1109307
bugzilla.suse.com/show_bug.cgi?id=1113760
bugzilla.suse.com/show_bug.cgi?id=1113969
bugzilla.suse.com/show_bug.cgi?id=1114831
bugzilla.suse.com/show_bug.cgi?id=1117106
bugzilla.suse.com/show_bug.cgi?id=1118579
bugzilla.suse.com/show_bug.cgi?id=1118584
www.suse.com/security/cve/CVE-2018-14404/
www.suse.com/security/cve/CVE-2018-16468/
www.suse.com/security/cve/CVE-2018-16470/
Related
openvas
openvas
openSUSE: Security Advisory for rmt-server (openSUSE-SU-2019:0185-1)
2019-02-15 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:0272-1)
2021-06-09 00:00:00
Debian: Security Advisory (DSA-4364-1)
2019-01-07 00:00:00
nessus
nessus
openSUSE Security Update : rmt-server (openSUSE-2019-185)
2019-02-15 00:00:00
Fedora 28 : rubygem-loofah (2018-d716df9942)
2019-01-03 00:00:00
FreeBSD : Loofah -- XSS vulnerability (36a2a89e-7ee1-4ea4-ae22-7ca38019c8d0)
2018-11-02 00:00:00
suse
suse
Security update for rmt-server (moderate)
2019-02-14 00:00:00
Security update for rubygem-loofah (moderate)
2018-11-30 00:12:22
Security update for libxml2 (moderate)
2018-10-12 12:12:16
prion
prion
Code injection
2018-10-30 21:29:00
Design/Logic Flaw
2018-11-13 23:29:00
Null pointer dereference
2018-07-19 13:29:00
osv
osv
Rack vulnerable to Denial of Service
2018-11-15 15:58:58
Loofah Cross-site Scripting vulnerability
2018-11-01 14:46:01
CVE-2018-16470
2018-11-13 23:29:00
debiancve
debiancve
fedora
fedora
[SECURITY] Fedora 28 Update: rubygem-loofah-2.0.3-6.fc28
2018-11-28 02:46:20
[SECURITY] Fedora 27 Update: rubygem-loofah-2.0.3-6.fc27
2018-11-28 02:22:42
[SECURITY] Fedora 29 Update: rubygem-loofah-2.2.3-1.fc29
2018-11-28 02:43:14
ubuntucve
ubuntucve
cve
cve
redhatcve
redhatcve
hackerone
hackerone
github
github
Rack vulnerable to Denial of Service
2018-11-15 15:58:58
Loofah Cross-site Scripting vulnerability
2018-11-01 14:46:01
Nokogiri NULL Pointer Dereference
2019-01-17 14:05:03
freebsd
freebsd
Loofah -- XSS vulnerability
2018-10-30 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2018-10-31 03:41:40
Denial Of Service (DoS)
2018-11-07 02:07:19
Denial Of Service (DoS)
2018-07-19 02:58:01
debian
debian
[SECURITY] [DSA 4364-1] ruby-loofah security update
2019-01-08 22:48:45
[SECURITY] [DLA 1524-1] libxml2 security update
2018-09-27 20:04:03
[SECURITY] [DLA 2369-1] libxml2 security update
2020-09-09 22:41:50
alpinelinux
alpinelinux
CVE-2018-14404
2018-07-19 13:29:00
ibm
ibm
broadcom
broadcom
NULL pointer dereference in libxml2 through 2.9.8
2023-08-01 00:00:00
amazon
amazon
Medium: libxml2
2018-09-05 19:31:00
Important: libxml2
2020-07-21 16:34:00
Important: libxml2
2020-08-10 22:59:00
rubygems
rubygems
Possible DoS vulnerability in Rack
2018-11-04 21:00:00
Nokogiri gem, via libxml2, is affected by multiple vulnerabilities
2018-10-03 21:00:00
redhat
redhat
(RHSA-2020:1827) Moderate: libxml2 security update
2020-04-28 09:20:58
(RHSA-2020:1190) Moderate: libxml2 security update
2020-03-31 09:30:25
photon
photon
oraclelinux
oraclelinux
libxml2 security update
2020-05-05 00:00:00
libxml2 security update
2020-04-06 00:00:00
ubuntu
ubuntu
libxml2 vulnerabilities
2018-08-14 00:00:00
libxml2 vulnerabilities
2018-08-14 00:00:00
mageia
mageia
Updated libxml2 packages fix security vulnerabilities
2019-01-23 18:50:09
cloudfoundry
cloudfoundry
USN-3739-1: libxml2 vulnerabilities | Cloud Foundry
2018-09-11 00:00:00
centos
centos
libxml2 security update
2020-04-08 18:42:56
f5
f5
altlinux
altlinux
rosalinux
rosalinux
Advisory ROSA-SA-2021-1966
2021-07-02 18:06:34
kitploit
kitploit
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
Related for SUSE_SU-2019-0272-1.NASL