SUSE: Security Advisory (SUSE-SU-2024:0573-1)

2024-02-2200:00:00
plugins.openvas.org
suse
security advisory
abseil-cpp
grpc
opencensus-proto
protobuf
python-abseil
python-grpcio
re2
vulnerability
update
details
logging
checksums
8.1 High
AI Score
Confidence
High
0.72 High
EPSS
Percentile
98.0%
JSON
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.4.2024.0573.1");
  script_cve_id("CVE-2023-32731", "CVE-2023-32732", "CVE-2023-33953", "CVE-2023-44487", "CVE-2023-4785");
  script_tag(name:"creation_date", value:"2024-02-22 04:21:09 +0000 (Thu, 22 Feb 2024)");
  script_version("2024-02-22T05:06:55+0000");
  script_tag(name:"last_modification", value:"2024-02-22 05:06:55 +0000 (Thu, 22 Feb 2024)");
  script_tag(name:"cvss_base", value:"7.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-09-19 16:02:53 +0000 (Tue, 19 Sep 2023)");

  script_name("SUSE: Security Advisory (SUSE-SU-2024:0573-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("SuSE Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES15\.0SP4|SLES15\.0SP5)");

  script_xref(name:"Advisory-ID", value:"SUSE-SU-2024:0573-1");
  script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2024/suse-su-20240573-1/");
  script_xref(name:"URL", value:"https://github.com/abseil/abseil-cpp/releases/tag/20230125.3");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2' package(s) announced via the SUSE-SU-2024:0573-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"This update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 fixes the following issues:
abseil-cpp was updated to:
Update to 20230802.1:

Add StdcppWaiter to the end of the list of waiter implementations

Update to 20230802.0 What's New:

Added the nullability library for designating the expected
 nullability of pointers. Currently these serve as annotations
 only, but it is expected that compilers will one day be able
 to use these annotations for diagnostic purposes.
Added the prefetch library as a portable layer for moving data
 into caches before it is read.
Abseil's hash tables now detect many more programming errors
 in debug and sanitizer builds.
Abseil's synchronization objects now differentiate absolute
 waits (when passed an absl::Time) from relative waits (when
 passed an absl::Duration) when the underlying platform supports
 differentiating these cases. This only makes a difference when
 system clocks are adjusted.
Abseil's flag parsing library includes additional methods that
 make it easier to use when another library also expects to be
 able to parse flags.
absl::string_view is now available as a smaller target,
 @com_google_absl//absl/strings:string_view, so that users may
 use this library without depending on the much larger
 @com_google_absl//absl/strings target.

Update to 20230125.3 Details can be found on:
[link moved to references]

Update to 20230125.2 What's New:
The Abseil logging library has been released. This library provides facilities for writing short text messages about the status of a program to stderr, disk files, or other sinks
(via an extension API). See the logging library documentation for more information.
 An extension point, AbslStringify(), allows user-defined types to seamlessly work with Abseil&#x27,s string formatting functions like absl::StrCat() and absl::StrFormat().
 A library for computing CRC32C checksums has been added.
 Floating-point parsing now uses the Eisel-Lemire algorithm,
which provides a significant speed improvement.
 The flags library now provides suggestions for the closest flag(s) in the case of misspelled flags.
 Using CMake to install Abseil now makes the installed artifacts
(in particular absl/base/options.h) reflect the compiled ABI.

Breaking Changes:
Abseil now requires at least C++14 and follows Google&#x27,s Foundational C++ Support Policy. See this table for a list of currently supported versions compilers, platforms, and build tools.
 The legacy spellings of the thread annotation macros/functions
(e.g. GUARDED_BY()) have been removed by default in favor of the ABSL_ prefixed versions (e.g. ABSL_GUARDED_BY()) due to clashes with other libraries. The compatibility macro ABSL_LEGACY_THREAD_ANNOTATIONS can be defined on the compile command-line to temporarily restore these spellings, but this compatibility macro will be removed in ... [Please see the references for more information on the vulnerabilities]");

  script_tag(name:"affected", value:"'abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2' package(s) on SUSE Linux Enterprise Desktop 15-SP4, SUSE Linux Enterprise Desktop 15-SP5, SUSE Linux Enterprise High Performance Computing 15-SP4, SUSE Linux Enterprise High Performance Computing 15-SP5, SUSE Linux Enterprise Micro 5.3, SUSE Linux Enterprise Micro 5.4, SUSE Linux Enterprise Micro 5.5, SUSE Linux Enterprise Micro for Rancher 5.3, SUSE Linux Enterprise Micro for Rancher 5.4, SUSE Linux Enterprise Server 15-SP4, SUSE Linux Enterprise Server 15-SP5, SUSE Linux Enterprise Server for SAP Applications 15-SP4, SUSE Linux Enterprise Server for SAP Applications 15-SP5, SUSE Linux Enterprise Workstation Extension 15-SP5, SUSE Manager Proxy 4.3, SUSE Manager Retail Branch Server 4.3, SUSE Manager Server 4.3, SUSE Package Hub 15.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "SLES15.0SP4") {

  if(!isnull(res = isrpmvuln(pkg:"abseil-cpp-debugsource", rpm:"abseil-cpp-debugsource~20230802.1~150400.10.4.1", rls:"SLES15.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"abseil-cpp-devel", rpm:"abseil-cpp-devel~20230802.1~150400.10.4.1", rls:"SLES15.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"grpc-debuginfo", rpm:"grpc-debuginfo~1.60.0~150400.8.3.2", rls:"SLES15.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"grpc-debugsource", rpm:"grpc-debugsource~1.60.0~150400.8.3.2", rls:"SLES15.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libabsl2308_0_0", rpm:"libabsl2308_0_0~20230802.1~150400.10.4.1", rls:"SLES15.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libabsl2308_0_0-debuginfo", rpm:"libabsl2308_0_0-debuginfo~20230802.1~150400.10.4.1", rls:"SLES15.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libgrpc++1_60", rpm:"libgrpc++1_60~1.60.0~150400.8.3.2", rls:"SLES15.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libgrpc++1_60-debuginfo", rpm:"libgrpc++1_60-debuginfo~1.60.0~150400.8.3.2", rls:"SLES15.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libgrpc1_60", rpm:"libgrpc1_60~1.60.0~150400.8.3.2", rls:"SLES15.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libgrpc1_60-debuginfo", rpm:"libgrpc1_60-debuginfo~1.60.0~150400.8.3.2", rls:"SLES15.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libgrpc37", rpm:"libgrpc37~1.60.0~150400.8.3.2", rls:"SLES15.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libgrpc37-debuginfo", rpm:"libgrpc37-debuginfo~1.60.0~150400.8.3.2", rls:"SLES15.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libprotobuf-lite25_1_0", rpm:"libprotobuf-lite25_1_0~25.1~150400.9.3.1", rls:"SLES15.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libprotobuf-lite25_1_0-debuginfo", rpm:"libprotobuf-lite25_1_0-debuginfo~25.1~150400.9.3.1", rls:"SLES15.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libprotobuf25_1_0", rpm:"libprotobuf25_1_0~25.1~150400.9.3.1", rls:"SLES15.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libprotobuf25_1_0-debuginfo", rpm:"libprotobuf25_1_0-debuginfo~25.1~150400.9.3.1", rls:"SLES15.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libprotoc25_1_0", rpm:"libprotoc25_1_0~25.1~150400.9.3.1", rls:"SLES15.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libprotoc25_1_0-debuginfo", rpm:"libprotoc25_1_0-debuginfo~25.1~150400.9.3.1", rls:"SLES15.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libre2-11", rpm:"libre2-11~20240201~150400.9.3.1", rls:"SLES15.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libre2-11-debuginfo", rpm:"libre2-11-debuginfo~20240201~150400.9.3.1", rls:"SLES15.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libupb37", rpm:"libupb37~1.60.0~150400.8.3.2", rls:"SLES15.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libupb37-debuginfo", rpm:"libupb37-debuginfo~1.60.0~150400.8.3.2", rls:"SLES15.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"protobuf-debugsource", rpm:"protobuf-debugsource~25.1~150400.9.3.1", rls:"SLES15.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"protobuf-devel", rpm:"protobuf-devel~25.1~150400.9.3.1", rls:"SLES15.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"protobuf-devel-debuginfo", rpm:"protobuf-devel-debuginfo~25.1~150400.9.3.1", rls:"SLES15.0SP4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"re2-debugsource", rpm:"re2-debugsource~20240201~150400.9.3.1", rls:"SLES15.0SP4"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "SLES15.0SP5") {

  if(!isnull(res = isrpmvuln(pkg:"libabsl2308_0_0", rpm:"libabsl2308_0_0~20230802.1~150400.10.4.1", rls:"SLES15.0SP5"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"libprotobuf-lite25_1_0", rpm:"libprotobuf-lite25_1_0~25.1~150400.9.3.1", rls:"SLES15.0SP5"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);