The remote host is missing an update for the
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.10.2021.0251");
script_cve_id("CVE-2020-36323", "CVE-2021-28876", "CVE-2021-28878", "CVE-2021-28879", "CVE-2021-31162");
script_tag(name:"creation_date", value:"2022-01-28 10:58:44 +0000 (Fri, 28 Jan 2022)");
script_version("2024-02-02T05:06:09+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:09 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2021-04-16 20:24:00 +0000 (Fri, 16 Apr 2021)");
script_name("Mageia: Security Advisory (MGASA-2021-0251)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("Mageia Linux Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mageia_linux", "ssh/login/release", re:"ssh/login/release=MAGEIA8");
script_xref(name:"Advisory-ID", value:"MGASA-2021-0251");
script_xref(name:"URL", value:"https://advisories.mageia.org/MGASA-2021-0251.html");
script_xref(name:"URL", value:"https://bugs.mageia.org/show_bug.cgi?id=29033");
script_xref(name:"URL", value:"https://lists.fedoraproject.org/archives/list/[email protected]/thread/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5/");
script_xref(name:"URL", value:"https://blog.rust-lang.org/2021/02/11/Rust-1.50.0.html");
script_xref(name:"URL", value:"https://blog.rust-lang.org/2021/03/25/Rust-1.51.0.html");
script_xref(name:"URL", value:"https://blog.rust-lang.org/2021/05/06/Rust-1.52.0.html");
script_xref(name:"URL", value:"https://blog.rust-lang.org/2021/05/10/Rust-1.52.1.html");
script_tag(name:"summary", value:"The remote host is missing an update for the 'alacritty, cargo-c, dust, librsvg, mozjs68, mozjs78, neovim-gtk, ripgrep, rust' package(s) announced via the MGASA-2021-0251 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This Rust update to version 1.52.1 includes security fixes for CVE-2020-36323,
CVE-2021-28876, CVE-2021-28878, CVE-2021-28879, and CVE-2021-31162.
These are memory safety bugs in the Rust standard library. Because it is
statically linked, affected applications will need to be rebuilt to benefit
from the fixes. The actual security implications will depend on how these APIs
are used in each particular case.
This update also provides new features and bugfixes included in Rust since
the previously packaged version 1.49.0. See the referenced release notes for
details.
The mozjs78 package is also updated from version 78.7.0 to 78.11.0 (ESR).");
script_tag(name:"affected", value:"'alacritty, cargo-c, dust, librsvg, mozjs68, mozjs78, neovim-gtk, ripgrep, rust' package(s) on Mageia 8.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "MAGEIA8") {
if(!isnull(res = isrpmvuln(pkg:"alacritty", rpm:"alacritty~0.7.1~1.1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"alacritty-bash-completion", rpm:"alacritty-bash-completion~0.7.1~1.1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"alacritty-docs", rpm:"alacritty-docs~0.7.1~1.1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"alacritty-fish-completion", rpm:"alacritty-fish-completion~0.7.1~1.1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"alacritty-zsh-completion", rpm:"alacritty-zsh-completion~0.7.1~1.1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"cargo", rpm:"cargo~1.52.1~1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"cargo-c", rpm:"cargo-c~0.7.0~1.1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"cargo-doc", rpm:"cargo-doc~1.52.1~1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"clippy", rpm:"clippy~1.52.1~1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"dust", rpm:"dust~0.5.1~1.1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64mozjs-devel", rpm:"lib64mozjs-devel~78.11.0~1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64mozjs68", rpm:"lib64mozjs68~68.11.0~1.1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64mozjs68-devel", rpm:"lib64mozjs68-devel~68.11.0~1.1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64mozjs78", rpm:"lib64mozjs78~78.11.0~1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64rsvg-gir2.0", rpm:"lib64rsvg-gir2.0~2.50.3~1.1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64rsvg2-devel", rpm:"lib64rsvg2-devel~2.50.3~1.1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"lib64rsvg2_2", rpm:"lib64rsvg2_2~2.50.3~1.1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libmozjs-devel", rpm:"libmozjs-devel~78.11.0~1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libmozjs68", rpm:"libmozjs68~68.11.0~1.1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libmozjs68-devel", rpm:"libmozjs68-devel~68.11.0~1.1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libmozjs78", rpm:"libmozjs78~78.11.0~1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"librsvg", rpm:"librsvg~2.50.3~1.1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"librsvg-gir2.0", rpm:"librsvg-gir2.0~2.50.3~1.1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"librsvg2-devel", rpm:"librsvg2-devel~2.50.3~1.1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"librsvg2_2", rpm:"librsvg2_2~2.50.3~1.1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozjs68", rpm:"mozjs68~68.11.0~1.1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"mozjs78", rpm:"mozjs78~78.11.0~1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"neovim-gtk", rpm:"neovim-gtk~0.2.0~0.git20190512.2.1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"neovim-gtk-docs", rpm:"neovim-gtk-docs~0.2.0~0.git20190512.2.1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ripgrep", rpm:"ripgrep~12.1.1~1.1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ripgrep-bash-completion", rpm:"ripgrep-bash-completion~12.1.1~1.1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ripgrep-fish-completion", rpm:"ripgrep-fish-completion~12.1.1~1.1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ripgrep-zsh-completion", rpm:"ripgrep-zsh-completion~12.1.1~1.1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"rls", rpm:"rls~1.52.1~1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"rust", rpm:"rust~1.52.1~1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"rust-analysis", rpm:"rust-analysis~1.52.1~1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"rust-debugger-common", rpm:"rust-debugger-common~1.52.1~1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"rust-doc", rpm:"rust-doc~1.52.1~1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"rust-gdb", rpm:"rust-gdb~1.52.1~1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"rust-lldb", rpm:"rust-lldb~1.52.1~1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"rust-src", rpm:"rust-src~1.52.1~1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"rust-std-static", rpm:"rust-std-static~1.52.1~1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"rustfmt", rpm:"rustfmt~1.52.1~1.mga8", rls:"MAGEIA8"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
advisories.mageia.org/MGASA-2021-0251.html
blog.rust-lang.org/2021/02/11/Rust-1.50.0.html
blog.rust-lang.org/2021/03/25/Rust-1.51.0.html
blog.rust-lang.org/2021/05/06/Rust-1.52.0.html
blog.rust-lang.org/2021/05/10/Rust-1.52.1.html
bugs.mageia.org/show_bug.cgi?id=29033
lists.fedoraproject.org/archives/list/[email protected]/thread/CZ337CM4GFJLRDFVQCGC7J25V65JXOG5/
MGASA-2021-0251