Lucene search
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2021-0935-1.NASLHistoryMar 26, 2021 - 12:00 a.m.
SUSE SLED15 / SLES15 Security Update : gnutls (SUSE-SU-2021:0935-1)
2021-03-2600:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
9.9 High
AI Score
Confidence
High
This update for gnutls fixes the following issues :
CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456).
CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457).
Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2021:0935-1.
# The text itself is copyright (C) SUSE.
#
include('compat.inc');
if (description)
{
script_id(148171);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/08");
script_cve_id("CVE-2021-20231", "CVE-2021-20232");
script_name(english:"SUSE SLED15 / SLES15 Security Update : gnutls (SUSE-SU-2021:0935-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"This update for gnutls fixes the following issues :
CVE-2021-20232: Fixed a use after free issue which could have led to
memory corruption and other potential consequences (bsc#1183456).
CVE-2021-20231: Fixed a use after free issue which could have led to
memory corruption and other potential consequences (bsc#1183457).
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1183456");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1183457");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-20231/");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-20232/");
# https://www.suse.com/support/update/announcement/2021/suse-su-20210935-1
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?eae81045");
script_set_attribute(attribute:"solution", value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.
Alternatively you can run the command listed for your product :
SUSE MicroOS 5.0 :
zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-935=1
SUSE Linux Enterprise Module for Basesystem 15-SP2 :
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-935=1");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-20232");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/03/12");
script_set_attribute(attribute:"patch_publication_date", value:"2021/03/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/03/26");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gnutls");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gnutls-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:gnutls-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutls-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutls30");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutls30-32bit-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutls30-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutls30-hmac");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutlsxx-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutlsxx28");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgnutlsxx28-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(2)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP2", os_ver + " SP" + sp);
if (os_ver == "SLED15" && (! preg(pattern:"^(2)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP2", os_ver + " SP" + sp);
flag = 0;
if (rpm_check(release:"SLES15", sp:"2", cpu:"x86_64", reference:"libgnutls30-32bit-3.6.7-14.10.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", cpu:"x86_64", reference:"libgnutls30-32bit-debuginfo-3.6.7-14.10.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", cpu:"x86_64", reference:"libgnutls30-hmac-32bit-3.6.7-14.10.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"gnutls-3.6.7-14.10.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"gnutls-debuginfo-3.6.7-14.10.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"gnutls-debugsource-3.6.7-14.10.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"libgnutls-devel-3.6.7-14.10.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"libgnutls30-3.6.7-14.10.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"libgnutls30-debuginfo-3.6.7-14.10.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"libgnutls30-hmac-3.6.7-14.10.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"libgnutlsxx-devel-3.6.7-14.10.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"libgnutlsxx28-3.6.7-14.10.2")) flag++;
if (rpm_check(release:"SLES15", sp:"2", reference:"libgnutlsxx28-debuginfo-3.6.7-14.10.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", cpu:"x86_64", reference:"libgnutls30-32bit-3.6.7-14.10.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", cpu:"x86_64", reference:"libgnutls30-32bit-debuginfo-3.6.7-14.10.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", cpu:"x86_64", reference:"libgnutls30-hmac-32bit-3.6.7-14.10.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"gnutls-3.6.7-14.10.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"gnutls-debuginfo-3.6.7-14.10.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"gnutls-debugsource-3.6.7-14.10.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"libgnutls-devel-3.6.7-14.10.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"libgnutls30-3.6.7-14.10.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"libgnutls30-debuginfo-3.6.7-14.10.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"libgnutls30-hmac-3.6.7-14.10.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"libgnutlsxx-devel-3.6.7-14.10.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"libgnutlsxx28-3.6.7-14.10.2")) flag++;
if (rpm_check(release:"SLED15", sp:"2", reference:"libgnutlsxx28-debuginfo-3.6.7-14.10.2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnutls");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | suse_linux | gnutls | p-cpe:/a:novell:suse_linux:gnutls |
| novell | suse_linux | gnutls-debuginfo | p-cpe:/a:novell:suse_linux:gnutls-debuginfo |
| novell | suse_linux | gnutls-debugsource | p-cpe:/a:novell:suse_linux:gnutls-debugsource |
| novell | suse_linux | libgnutls-devel | p-cpe:/a:novell:suse_linux:libgnutls-devel |
| novell | suse_linux | libgnutls30 | p-cpe:/a:novell:suse_linux:libgnutls30 |
| novell | suse_linux | libgnutls30-32bit-debuginfo | p-cpe:/a:novell:suse_linux:libgnutls30-32bit-debuginfo |
| novell | suse_linux | libgnutls30-debuginfo | p-cpe:/a:novell:suse_linux:libgnutls30-debuginfo |
| novell | suse_linux | libgnutls30-hmac | p-cpe:/a:novell:suse_linux:libgnutls30-hmac |
| novell | suse_linux | libgnutlsxx-devel | p-cpe:/a:novell:suse_linux:libgnutlsxx-devel |
| novell | suse_linux | libgnutlsxx28 | p-cpe:/a:novell:suse_linux:libgnutlsxx28 |
References
Related
nessus
nessus
EulerOS Virtualization 2.9.1 : gnutls (EulerOS-SA-2021-2184)
2021-07-13 00:00:00
EulerOS Virtualization 3.0.6.0 : gnutls (EulerOS-SA-2022-1067)
2022-02-12 00:00:00
EulerOS Virtualization 2.9.0 : gnutls (EulerOS-SA-2021-2204)
2021-07-13 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package gnutls30 version 3.6.15-alt2
2021-03-24 00:00:00
Security fix for the ALT Linux 10 package gnutls30 version 3.6.15-alt2
2021-03-22 00:00:00
archlinux
archlinux
[ASA-202103-1] gnutls: arbitrary code execution
2021-03-13 00:00:00
ubuntu
ubuntu
GnuTLS vulnerabilities
2021-08-02 00:00:00
suse
suse
Security update for gnutls (important)
2021-03-25 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: gnutls-3.7.1-2.fc34
2021-03-24 01:48:45
osv
osv
gnutls28 vulnerabilities
2021-08-02 17:25:02
Moderate: gnutls and nettle security, bug fix, and enhancement update
2021-11-09 09:23:20
Moderate: gnutls and nettle security, bug fix, and enhancement update
2021-11-09 09:23:20
oraclelinux
oraclelinux
gnutls and nettle security, bug fix, and enhancement update
2021-11-16 00:00:00
gnutls security update
2022-03-17 00:00:00
mageia
mageia
Updated gnutls packages fix security vulnerabilities
2021-06-29 00:16:35
rocky
rocky
gnutls and nettle security, bug fix, and enhancement update
2021-11-09 09:23:20
redhat
redhat
(RHSA-2021:4451) Moderate: gnutls and nettle security, bug fix, and enhancement update
2021-11-09 09:23:20
(RHSA-2022:0318) Moderate: Red Hat OpenShift distributed tracing 2.1.0 security update
2022-01-27 16:46:55
(RHSA-2021:4032) Low: Openshift Logging 5.2.3 bug fix and security update
2021-11-17 03:27:52
almalinux
almalinux
Moderate: gnutls and nettle security, bug fix, and enhancement update
2021-11-09 09:23:20
photon
photon
Critical Photon OS Security Update - PHSA-2021-0241
2021-05-21 00:00:00
Critical Photon OS Security Update - PHSA-2021-3.0-0241
2021-05-21 00:00:00
alpinelinux
alpinelinux
CVE-2021-20232
2021-03-12 19:15:00
CVE-2021-20231
2021-03-12 19:15:00
cbl_mariner
cbl_mariner
CVE-2021-20231 affecting package gnutls 3.6.14-9
2021-04-06 23:50:06
CVE-2021-20232 affecting package gnutls 3.6.14-5
2022-04-09 06:51:42
CVE-2021-20232 affecting package gnutls 3.6.14-9
2021-04-06 23:50:06
prion
prion
Memory corruption
2021-03-12 19:15:00
Memory corruption
2021-03-12 19:15:00
debiancve
debiancve
CVE-2021-20231
2021-03-12 19:15:00
CVE-2021-20232
2021-03-12 19:15:00
redhatcve
redhatcve
CVE-2021-20231
2021-03-12 10:04:11
CVE-2021-20232
2021-03-12 10:03:32
veracode
veracode
Denial Of Service (DoS)
2021-03-12 22:14:08
Arbitrary Code Execution
2021-03-12 22:14:09
ubuntucve
ubuntucve
CVE-2021-20232
2021-03-12 00:00:00
CVE-2021-20231
2021-03-12 00:00:00
cve
cve
CVE-2021-20232
2021-03-12 19:15:00
CVE-2021-20231
2021-03-12 19:15:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00