Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-RU-2024-1637-3.NASL
HistorySep 14, 2024 - 12:00 a.m.

SUSE SLES15 : Recommended update for google-cloud SDK (SUSE-SU-SUSE-RU-2024:1637-3)

2024-09-1400:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
4
suse sles15
update
google-cloud sdk
vulnerability
python311
security issue
cve-2023-30608
redos
tenable scanner

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

42.2%

JSON

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-SUSE-RU-2024:1637-3 advisory.

- Add python311 cloud services packages and dependencies (jsc#PED-7987, jsc#PED-6697)
- Bellow 5 binaries Obsolete the python3.6 counterpart:
    python311-google-resumable-media         python311-google-api-core         python311-google-cloud-storage         python311-google-cloud-core         python311-googleapis-common-protos

- Regular python311 updates (without Obsoletes):
    python-google-auth         python-grpcio         python-sqlparse

- New python311 packages:
    libcrc32c         python-google-cloud-appengine-logging         python-google-cloud-artifact-registry         python-google-cloud-audit-log         python-google-cloud-build         python-google-cloud-compute         python-google-cloud-dns         python-google-cloud-domains         python-google-cloud-iam         python-google-cloud-kms-inventory         python-google-cloud-kms         python-google-cloud-logging         python-google-cloud-run         python-google-cloud-secret-manager         python-google-cloud-service-directory         python-google-cloud-spanner         python-google-cloud-vpc-access         python-google-crc32c         python-grpc-google-iam-v1         python-grpcio-status         python-proto-plus

In python-sqlparse this security issue was fixed:

CVE-2023-30608: Fixed parser that contained a regular expression that is vulnerable to ReDOS (Regular     Expression Denial of Service) (bsc#1210617)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-SUSE-RU-2024:1637-3. The text itself
# is copyright (C) SUSE.
##

include('compat.inc');

if (description)
{
  script_id(207257);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/14");

  script_cve_id("CVE-2023-30608");
  script_xref(name:"SuSE", value:"SUSE-RU-2024:1637-3");

  script_name(english:"SUSE SLES15 : Recommended update for google-cloud SDK (SUSE-SU-SUSE-RU-2024:1637-3)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced
in the SUSE-SU-SUSE-RU-2024:1637-3 advisory.

    - Add python311 cloud services packages and dependencies (jsc#PED-7987, jsc#PED-6697)
    - Bellow 5 binaries Obsolete the python3.6 counterpart:
        python311-google-resumable-media
        python311-google-api-core
        python311-google-cloud-storage
        python311-google-cloud-core
        python311-googleapis-common-protos

    - Regular python311 updates (without Obsoletes):
        python-google-auth
        python-grpcio
        python-sqlparse

    - New python311 packages:
        libcrc32c
        python-google-cloud-appengine-logging
        python-google-cloud-artifact-registry
        python-google-cloud-audit-log
        python-google-cloud-build
        python-google-cloud-compute
        python-google-cloud-dns
        python-google-cloud-domains
        python-google-cloud-iam
        python-google-cloud-kms-inventory
        python-google-cloud-kms
        python-google-cloud-logging
        python-google-cloud-run
        python-google-cloud-secret-manager
        python-google-cloud-service-directory
        python-google-cloud-spanner
        python-google-cloud-vpc-access
        python-google-crc32c
        python-grpc-google-iam-v1
        python-grpcio-status
        python-proto-plus

    In python-sqlparse this security issue was fixed:

    CVE-2023-30608: Fixed parser that contained a regular expression that is vulnerable to ReDOS (Regular
    Expression Denial of Service) (bsc#1210617)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210617");
  # https://lists.suse.com/pipermail/sle-updates/2024-September/036891.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?021502fa");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-30608");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-30608");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/04/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/09/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/09/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libprotobuf-lite25_1_0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libprotobuf25_1_0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libprotoc25_1_0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:protobuf-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python311-apipkg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python311-cachetools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python311-certifi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python311-cffi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python311-charset-normalizer");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python311-cryptography");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python311-google-auth");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python311-idna");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python311-iniconfig");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python311-py");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python311-pyOpenSSL");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python311-pyasn1");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python311-pyasn1-modules");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python311-pycparser");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python311-pytz");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python311-requests");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python311-rsa");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python311-setuptools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python311-urllib3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES15|SLES_SAP15)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);

var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(4)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES15 SP4", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP15" && (! preg(pattern:"^(4)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP15 SP4", os_ver + " SP" + service_pack);

var pkgs = [
    {'reference':'libprotobuf-lite25_1_0-25.1-150400.9.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'libprotobuf25_1_0-25.1-150400.9.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'libprotoc25_1_0-25.1-150400.9.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'protobuf-devel-25.1-150400.9.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'python311-apipkg-3.0.1-150400.12.6.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'python311-cachetools-5.3.1-150400.8.6.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'python311-certifi-2023.7.22-150400.12.6.2', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'python311-cffi-1.15.1-150400.8.7.2', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'python311-charset-normalizer-3.1.0-150400.9.7.2', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'python311-cryptography-41.0.3-150400.16.19.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'python311-google-auth-2.27.0-150400.6.7.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'python311-idna-3.4-150400.11.6.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'python311-iniconfig-2.0.0-150400.10.6.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'python311-py-1.11.0-150400.12.7.2', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'python311-pyOpenSSL-23.2.0-150400.3.10.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'python311-pyasn1-0.5.0-150400.12.7.2', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'python311-pyasn1-modules-0.3.0-150400.12.7.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'python311-pycparser-2.21-150400.12.7.2', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'python311-pytz-2023.3-150400.6.6.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'python311-requests-2.31.0-150400.6.8.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'python311-rsa-4.9-150400.12.7.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'python311-setuptools-67.7.2-150400.3.12.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'python311-urllib3-2.0.7-150400.7.14.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'libprotobuf-lite25_1_0-25.1-150400.9.6.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4']},
    {'reference':'libprotobuf-lite25_1_0-25.1-150400.9.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4', 'SUSE-Manager-Proxy-release-4.3']},
    {'reference':'libprotobuf25_1_0-25.1-150400.9.6.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4']},
    {'reference':'libprotobuf25_1_0-25.1-150400.9.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4', 'SUSE-Manager-Proxy-release-4.3']},
    {'reference':'libprotoc25_1_0-25.1-150400.9.6.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4']},
    {'reference':'libprotoc25_1_0-25.1-150400.9.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4', 'SUSE-Manager-Proxy-release-4.3']},
    {'reference':'protobuf-devel-25.1-150400.9.6.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4']},
    {'reference':'protobuf-devel-25.1-150400.9.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4']},
    {'reference':'python311-apipkg-3.0.1-150400.12.6.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4']},
    {'reference':'python311-cachetools-5.3.1-150400.8.6.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4']},
    {'reference':'python311-certifi-2023.7.22-150400.12.6.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4']},
    {'reference':'python311-cffi-1.15.1-150400.8.7.2', 'sp':'4', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4']},
    {'reference':'python311-cffi-1.15.1-150400.8.7.2', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4']},
    {'reference':'python311-charset-normalizer-3.1.0-150400.9.7.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4']},
    {'reference':'python311-cryptography-41.0.3-150400.16.19.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4']},
    {'reference':'python311-cryptography-41.0.3-150400.16.19.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4']},
    {'reference':'python311-google-auth-2.27.0-150400.6.7.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4']},
    {'reference':'python311-idna-3.4-150400.11.6.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4']},
    {'reference':'python311-iniconfig-2.0.0-150400.10.6.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4']},
    {'reference':'python311-py-1.11.0-150400.12.7.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4']},
    {'reference':'python311-pyOpenSSL-23.2.0-150400.3.10.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4']},
    {'reference':'python311-pyasn1-0.5.0-150400.12.7.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4']},
    {'reference':'python311-pyasn1-modules-0.3.0-150400.12.7.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4']},
    {'reference':'python311-pycparser-2.21-150400.12.7.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4']},
    {'reference':'python311-pytz-2023.3-150400.6.6.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4']},
    {'reference':'python311-requests-2.31.0-150400.6.8.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4']},
    {'reference':'python311-rsa-4.9-150400.12.7.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4']},
    {'reference':'python311-setuptools-67.7.2-150400.3.12.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4']},
    {'reference':'python311-urllib3-2.0.7-150400.7.14.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-4']},
    {'reference':'libprotobuf-lite25_1_0-25.1-150400.9.6.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4']},
    {'reference':'libprotobuf-lite25_1_0-25.1-150400.9.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4']},
    {'reference':'libprotobuf25_1_0-25.1-150400.9.6.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4']},
    {'reference':'libprotobuf25_1_0-25.1-150400.9.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4']},
    {'reference':'libprotoc25_1_0-25.1-150400.9.6.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4']},
    {'reference':'libprotoc25_1_0-25.1-150400.9.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4']},
    {'reference':'protobuf-devel-25.1-150400.9.6.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4']},
    {'reference':'protobuf-devel-25.1-150400.9.6.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4']},
    {'reference':'python311-apipkg-3.0.1-150400.12.6.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4', 'sles-ltss-release-15.4']},
    {'reference':'python311-cachetools-5.3.1-150400.8.6.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4', 'sles-ltss-release-15.4']},
    {'reference':'python311-certifi-2023.7.22-150400.12.6.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4', 'sles-ltss-release-15.4']},
    {'reference':'python311-cffi-1.15.1-150400.8.7.2', 'sp':'4', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4']},
    {'reference':'python311-cffi-1.15.1-150400.8.7.2', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4']},
    {'reference':'python311-charset-normalizer-3.1.0-150400.9.7.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4', 'sles-ltss-release-15.4']},
    {'reference':'python311-cryptography-41.0.3-150400.16.19.1', 'sp':'4', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4']},
    {'reference':'python311-cryptography-41.0.3-150400.16.19.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4']},
    {'reference':'python311-google-auth-2.27.0-150400.6.7.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4', 'sles-ltss-release-15.4']},
    {'reference':'python311-idna-3.4-150400.11.6.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4', 'sles-ltss-release-15.4']},
    {'reference':'python311-iniconfig-2.0.0-150400.10.6.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4', 'sles-ltss-release-15.4']},
    {'reference':'python311-py-1.11.0-150400.12.7.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4', 'sles-ltss-release-15.4']},
    {'reference':'python311-pyOpenSSL-23.2.0-150400.3.10.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4', 'sles-ltss-release-15.4']},
    {'reference':'python311-pyasn1-0.5.0-150400.12.7.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4', 'sles-ltss-release-15.4']},
    {'reference':'python311-pyasn1-modules-0.3.0-150400.12.7.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4', 'sles-ltss-release-15.4']},
    {'reference':'python311-pycparser-2.21-150400.12.7.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4', 'sles-ltss-release-15.4']},
    {'reference':'python311-pytz-2023.3-150400.6.6.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4', 'sles-ltss-release-15.4']},
    {'reference':'python311-requests-2.31.0-150400.6.8.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4', 'sles-ltss-release-15.4']},
    {'reference':'python311-rsa-4.9-150400.12.7.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4', 'sles-ltss-release-15.4']},
    {'reference':'python311-setuptools-67.7.2-150400.3.12.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4', 'sles-ltss-release-15.4']},
    {'reference':'python311-urllib3-2.0.7-150400.7.14.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.4', 'sles-ltss-release-15.4']},
    {'reference':'libprotobuf-lite25_1_0-25.1-150400.9.6.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Manager-Server-release-4.3']},
    {'reference':'libprotobuf25_1_0-25.1-150400.9.6.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Manager-Server-release-4.3']},
    {'reference':'libprotoc25_1_0-25.1-150400.9.6.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Manager-Server-release-4.3']},
    {'reference':'libprotobuf-lite25_1_0-25.1-150400.9.6.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.4']},
    {'reference':'libprotobuf25_1_0-25.1-150400.9.6.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.4']},
    {'reference':'libprotoc25_1_0-25.1-150400.9.6.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.4']},
    {'reference':'protobuf-devel-25.1-150400.9.6.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.4']},
    {'reference':'python311-cffi-1.15.1-150400.8.7.2', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.4']},
    {'reference':'python311-cryptography-41.0.3-150400.16.19.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.4']}
];

var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var exists_check = NULL;
  var rpm_spec_vers_cmp = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (reference && _release) {
    if (exists_check) {
      var check_flag = 0;
      foreach var check (exists_check) {
        if (!rpm_exists(release:_release, rpm:check)) continue;
        if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;
        check_flag++;
      }
      if (!check_flag) continue;
    }
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
  }
}

if (flag)
{
  var ltss_plugin_caveat = NULL;
  if(ltss_caveat_required) ltss_plugin_caveat = '\n' +
    'NOTE: This vulnerability check contains fixes that apply to\n' +
    'packages only available in SUSE Enterprise Linux Server LTSS\n' +
    'repositories. Access to these package security updates require\n' +
    'a paid SUSE LTSS subscription.\n';
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + ltss_plugin_caveat
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libprotobuf-lite25_1_0 / libprotobuf25_1_0 / libprotoc25_1_0 / etc');
}

Related

nessus 10
debian 1
osv 8
cve 1
redhatcve 1
veracode 1
ubuntucve 1
github 1
ubuntu 1
prion 1
openvas 3
nvd 1
redos 1
mageia 1
cvelist 1
debiancve 1
alpinelinux 1
redhat 2
rocky 1
nessus
nessus
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 : SQL parse vulnerability (USN-6064-1)
2023-05-13 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-sqlparse (SUSE-SU-2023:2619-1)
2023-06-26 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 : Recommended update for google-cloud SDK (SUSE-SU-SUSE-RU-2024:1637-1)
2024-05-15 00:00:00
debian
debian
[SECURITY] [DLA 3425-1] sqlparse security update
2023-05-16 11:33:56
osv
osv
sqlparse vulnerability
2023-05-10 11:09:44
python310-sqlparse-0.4.4-1.1 on GA media
2024-06-15 00:00:00
CVE-2023-30608
2023-04-18 22:15:08
cve
cve
CVE-2023-30608
2023-04-18 22:15:08
redhatcve
redhatcve
CVE-2023-30608
2023-04-19 06:00:40
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2023-04-24 11:07:24
ubuntucve
ubuntucve
CVE-2023-30608
2023-04-18 00:00:00
github
github
sqlparse contains a regular expression that is vulnerable to Regular Expression Denial of Service
2023-04-21 20:24:21
ubuntu
ubuntu
SQL parse vulnerability
2023-05-10 00:00:00
prion
prion
Design/Logic Flaw
2023-04-18 22:15:00
openvas
openvas
Mageia: Security Advisory (MGASA-2023-0183)
2023-05-22 00:00:00
Debian: Security Advisory (DLA-3425-1)
2023-05-17 00:00:00
Ubuntu: Security Advisory (USN-6064-1)
2023-05-11 00:00:00
nvd
nvd
CVE-2023-30608
2023-04-18 22:15:08
redos
redos
ROS-20230620-05
2023-06-20 00:00:00
mageia
mageia
Updated python-sqlparse packages fix security vulnerability
2023-05-21 11:42:44
cvelist
cvelist
CVE-2023-30608 Parser contains an inefficient regular expression in sqlparse
2023-04-18 21:32:11
debiancve
debiancve
CVE-2023-30608
2023-04-18 22:15:08
alpinelinux
alpinelinux
CVE-2023-30608
2023-04-18 22:15:08
redhat
redhat
(RHSA-2023:4591) Moderate: RHUI 4.5.0 release - Security, Bug Fixes, and Enhancements
2023-08-09 14:15:00
(RHSA-2023:6818) Important: Satellite 6.14 security and bug fix update
2023-11-08 14:10:25
rocky
rocky
Satellite 6.14 security and bug fix update
2023-11-11 22:58:57

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

42.2%

JSON
Related for SUSE_SU-RU-2024-1637-3.NASL
nessus10debian1osv8cve1redhatcve1veracode1ubuntucve1github1ubuntu1prion1openvas3nvd1redos1mageia1cvelist1debiancve1alpinelinux1redhat2rocky1