Lucene search
Copyright (C) 2021 Greenbone Networks GmbHOPENVAS:1361412562310854128HistorySep 01, 2021 - 12:00 a.m.
openSUSE: Security Advisory for spectre-meltdown-checker (openSUSE-SU-2021:1212-1)
2021-09-0100:00:00
Copyright (C) 2021 Greenbone Networks GmbH
plugins.openvas.org
2
5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
6.8 Medium
AI Score
Confidence
High
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
0.976 High
EPSS
Percentile
100.0%
The remote host is missing an update for the
# Copyright (C) 2021 Greenbone Networks GmbH
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.854128");
script_version("2021-09-03T10:01:28+0000");
script_cve_id("CVE-2017-5753");
script_tag(name:"cvss_base", value:"4.7");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:C/I:N/A:N");
script_tag(name:"last_modification", value:"2021-09-03 10:01:28 +0000 (Fri, 03 Sep 2021)");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2021-06-24 17:43:00 +0000 (Thu, 24 Jun 2021)");
script_tag(name:"creation_date", value:"2021-09-01 01:05:00 +0000 (Wed, 01 Sep 2021)");
script_name("openSUSE: Security Advisory for spectre-meltdown-checker (openSUSE-SU-2021:1212-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2021 Greenbone Networks GmbH");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse", "ssh/login/rpms", re:"ssh/login/release=openSUSELeap15\.2");
script_xref(name:"Advisory-ID", value:"openSUSE-SU-2021:1212-1");
script_xref(name:"URL", value:"https://lists.opensuse.org/archives/list/[email protected]/thread/5IDOTKMILRKOFD2ODQXJF3OOEYZ3EMR5");
script_tag(name:"summary", value:"The remote host is missing an update for the 'spectre-meltdown-checker'
package(s) announced via the openSUSE-SU-2021:1212-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for spectre-meltdown-checker fixes the following issues:
spectre-meltdown-checker was updated to version 0.44 (bsc#1189477)
- feat: add support for SRBDS related vulnerabilities
- feat: add zstd kernel decompression (#370)
- enh: arm: add experimental support for binary arm images
- enh: rsb filling: no longer need the ' strings' tool to check for kernel
support in live mode
- fix: fwdb: remove Intel extract tempdir on exit
- fix: has_vmm: ignore kernel threads when looking for a hypervisor (fixes
#278)
- fix: fwdb: use the commit date as the intel fwdb version
- fix: fwdb: update Intel' s repository URL
- fix: arm64: CVE-2017-5753: kernels 4.19+ use a different nospec macro
- fix: on CPU parse info under FreeBSD
- chore: github: add check run on pull requests
- chore: fwdb: update to v165.20201021+i20200616
This update was imported from the SUSE:SLE-15-SP1:Update update project.");
script_tag(name:"affected", value:"'spectre-meltdown-checker' package(s) on openSUSE Leap 15.2.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "openSUSELeap15.2") {
if(!isnull(res = isrpmvuln(pkg:"spectre-meltdown-checker", rpm:"spectre-meltdown-checker~0.44~lp152.2.3.1", rls:"openSUSELeap15.2"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);Related
nessus
nessus
SUSE SLED15 / SLES15 Security Update : spectre-meltdown-checker (SUSE-SU-2021:2861-1)
2021-08-28 00:00:00
Slackware 14.2 : Slackware 14.2 kernel (SSA:2018-057-01) (Spectre)
2018-02-27 00:00:00
Oracle Solaris Critical Patch Update : apr2018_SRU11_3_31_6_0 (Spectre)
2018-04-20 00:00:00
prion
prion
Information disclosure
2018-01-04 13:29:00
ubuntucve
ubuntucve
CVE-2017-5753
2018-01-03 00:00:00
CVE-2018-3693
2018-07-10 00:00:00
ubuntu
ubuntu
NVIDIA graphics drivers vulnerability
2018-01-09 00:00:00
Linux kernel (KVM) vulnerabilities
2018-01-29 00:00:00
Linux kernel (Trusty HWE) vulnerabilities
2018-01-23 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2021:2861-1)
2021-08-29 00:00:00
openSUSE: Security Advisory for spectre-meltdown-checker (openSUSE-SU-2021:2861-1)
2021-08-28 00:00:00
Ubuntu: Security Advisory (USN-3521-1)
2018-01-10 00:00:00
redhatcve
redhatcve
suse
suse
Security update for spectre-meltdown-checker (moderate)
2021-08-27 00:00:00
Security update for spectre-meltdown-checker (moderate)
2021-08-31 00:00:00
Security update for the Linux Kernel (important)
2018-01-22 15:08:49
canvas
canvas
Immunity Canvas: SPECTRE_FILE_LEAK
2018-01-04 13:29:00
Immunity Canvas: SPECTRE_SAM_LEAK
2018-01-04 13:29:00
cve
cve
CVE-2017-5753
2018-01-04 13:29:00
alpinelinux
alpinelinux
CVE-2017-5753
2018-01-04 13:29:00
ibm
ibm
debiancve
debiancve
CVE-2017-5753
2018-01-04 13:29:00
thn
thn
NetSpectre — New Remote Spectre Attack Steals Data Over the Network
2018-07-27 08:31:00
New SpookJS Attack Bypasses Google Chrome's Site Isolation Protection
2021-09-13 07:54:00
GhostRace – New Data Leak Vulnerability Affects Modern CPUs
2024-03-15 17:46:00
osv
osv
CVE-2017-5753
2018-01-04 13:29:00
slackware
slackware
[slackware-security] Slackware 14.2 kernel
2018-02-26 23:17:47
apple
apple
About the security content of macOS High Sierra 10.13.2 Supplemental Update
2018-01-08 00:00:00
About the security content of Safari 11.0.2 - Apple Support
2018-01-08 10:29:34
About the security content of iOS 11.2.2
2018-01-08 00:00:00
vmware
vmware
oraclelinux
oraclelinux
kernel security update
2018-02-23 00:00:00
Unbreakable Enterprise kernel security update
2018-01-05 00:00:00
Unbreakable Enterprise kernel security update
2018-01-18 00:00:00
msrc
msrc
Speculative Execution Bounty Launch
2018-03-15 00:00:04
fedora
fedora
[SECURITY] Fedora 27 Update: webkitgtk4-2.18.5-1.fc27
2018-01-12 14:44:12
[SECURITY] Fedora 26 Update: webkitgtk4-2.18.5-1.fc26
2018-01-18 21:11:25
intel
intel
mageia
mageia
Updated kernel packages fix security vulnerabilities
2018-02-11 21:42:57
Updated webkit2 packages fix security vulnerabilities
2018-01-14 19:54:13
Updated nvidia-current packages mitigates security issues
2018-01-13 17:28:36
xen
xen
Cache-load gadgets exploitable with L1TF
2019-01-21 12:00:00
photon
photon
packetstorm
packetstorm
Spectre Information Disclosure Proof Of Concept
2018-01-04 00:00:00
zdt
zdt
Multiple CPUs - Spectre Information Disclosure (PoC) Exploit
2018-01-04 00:00:00
redhat
redhat
(RHSA-2018:0464) Important: kernel security and bug fix update
2018-03-07 14:50:33
(RHSA-2018:0011) Important: kernel security update
2018-01-03 22:35:00
(RHSA-2018:0017) Important: kernel security update
2018-01-04 05:10:29
threatpost
threatpost
Apple Releases Spectre Patches for Safari, macOS and iOS
2018-01-08 16:57:57
kaspersky
kaspersky
KLA11173 OSI vulnerability in VMware Products
2018-01-09 00:00:00
qualysblog
qualysblog
Meltdown and Spectre Aren’t Business as Usual
2018-01-18 22:22:16
malwarebytes
malwarebytes
Meltdown and Spectre fallout: patching problems persist
2018-01-11 14:00:00
cisco
cisco
CPU Side-Channel Information Disclosure Vulnerabilities
2018-01-04 22:20:00
cloudfoundry
cloudfoundry
USN-3540-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
2018-01-23 00:00:00
nvidia
nvidia
kitploit
kitploit
centos
centos
kernel, perf, python security update
2018-01-04 11:36:27
kernel, perf, python security update
2018-01-04 19:46:26
paloalto
paloalto
Information about Meltdown and Spectre findings
2018-01-04 00:00:00
huawei
huawei
Security Advisory - CPU Vulnerabilities Meltdown and Spectre
2018-06-06 00:00:00
seebug
seebug
Reading privileged memory with a side-channel
(Meltdown & Spectre)
2018-01-04 00:00:00
symantec
symantec
SA161: Local Information Disclosure Due to Meltdown and Spectre Attacks
2018-01-08 08:00:00
securelist
securelist
IT threat evolution Q1 2018
2018-05-14 10:00:08
virtuozzo
virtuozzo
5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
6.8 Medium
AI Score
Confidence
High
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
0.976 High
EPSS
Percentile
100.0%
Related for OPENVAS:1361412562310854128