Lucene search
Copyright (C) 2024 Greenbone AGOPENVAS:13614125623114202410081HistoryMay 07, 2024 - 12:00 a.m.
SUSE: Security Advisory (SUSE-SU-2024:1008-1)
2024-05-0700:00:00
Copyright (C) 2024 Greenbone AG
plugins.openvas.org
7
suse
security
advisory
avahi
cve-2023-38469
cve-2023-38471
update
linux
vulnerability
package
fix
6.2 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.8 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.4.2024.1008.1");
script_cve_id("CVE-2023-38469", "CVE-2023-38471");
script_tag(name:"creation_date", value:"2024-05-07 13:39:54 +0000 (Tue, 07 May 2024)");
script_version("2024-05-09T05:05:43+0000");
script_tag(name:"last_modification", value:"2024-05-09 05:05:43 +0000 (Thu, 09 May 2024)");
script_tag(name:"cvss_base", value:"4.6");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:S/C:N/I:N/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-11-09 19:58:27 +0000 (Thu, 09 Nov 2023)");
script_name("SUSE: Security Advisory (SUSE-SU-2024:1008-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2024 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES12\.0SP5)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2024:1008-1");
script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2024/suse-su-20241008-1/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'avahi' package(s) announced via the SUSE-SU-2024:1008-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for avahi fixes the following issues:
CVE-2023-38471: Fixed reachable assertion in dbus_set_host_name (bsc#1216594).
CVE-2023-38469: Fixed reachable assertions in avahi (bsc#1216598).");
script_tag(name:"affected", value:"'avahi' package(s) on SUSE Linux Enterprise High Performance Computing 12-SP5, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server for SAP Applications 12-SP5, SUSE Linux Enterprise Software Development Kit 12-SP5, SUSE Linux Enterprise Workstation Extension 12.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES12.0SP5") {
if(!isnull(res = isrpmvuln(pkg:"avahi", rpm:"avahi~0.6.32~32.24.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"avahi-debuginfo", rpm:"avahi-debuginfo~0.6.32~32.24.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"avahi-debuginfo-32bit", rpm:"avahi-debuginfo-32bit~0.6.32~32.24.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"avahi-debugsource", rpm:"avahi-debugsource~0.6.32~32.24.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"avahi-glib2-debugsource", rpm:"avahi-glib2-debugsource~0.6.32~32.24.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"avahi-lang", rpm:"avahi-lang~0.6.32~32.24.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"avahi-utils", rpm:"avahi-utils~0.6.32~32.24.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"avahi-utils-debuginfo", rpm:"avahi-utils-debuginfo~0.6.32~32.24.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libavahi-client3", rpm:"libavahi-client3~0.6.32~32.24.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libavahi-client3-32bit", rpm:"libavahi-client3-32bit~0.6.32~32.24.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libavahi-client3-debuginfo", rpm:"libavahi-client3-debuginfo~0.6.32~32.24.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libavahi-client3-debuginfo-32bit", rpm:"libavahi-client3-debuginfo-32bit~0.6.32~32.24.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libavahi-common3", rpm:"libavahi-common3~0.6.32~32.24.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libavahi-common3-32bit", rpm:"libavahi-common3-32bit~0.6.32~32.24.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libavahi-common3-debuginfo", rpm:"libavahi-common3-debuginfo~0.6.32~32.24.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libavahi-common3-debuginfo-32bit", rpm:"libavahi-common3-debuginfo-32bit~0.6.32~32.24.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libavahi-core7", rpm:"libavahi-core7~0.6.32~32.24.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libavahi-core7-debuginfo", rpm:"libavahi-core7-debuginfo~0.6.32~32.24.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libavahi-glib1", rpm:"libavahi-glib1~0.6.32~32.24.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libavahi-glib1-32bit", rpm:"libavahi-glib1-32bit~0.6.32~32.24.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libavahi-glib1-debuginfo", rpm:"libavahi-glib1-debuginfo~0.6.32~32.24.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libavahi-glib1-debuginfo-32bit", rpm:"libavahi-glib1-debuginfo-32bit~0.6.32~32.24.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libdns_sd", rpm:"libdns_sd~0.6.32~32.24.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libdns_sd-32bit", rpm:"libdns_sd-32bit~0.6.32~32.24.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libdns_sd-debuginfo", rpm:"libdns_sd-debuginfo~0.6.32~32.24.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libdns_sd-debuginfo-32bit", rpm:"libdns_sd-debuginfo-32bit~0.6.32~32.24.1", rls:"SLES12.0SP5"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
SUSE SLED12 / SLES12 Security Update : avahi (SUSE-SU-2024:1008-1)
2024-03-28 00:00:00
amazon
amazon
Medium: avahi
2023-08-03 20:16:00
Medium: avahi
2023-08-03 18:09:00
openvas
openvas
Huawei EulerOS: Security Advisory for avahi (EulerOS-SA-2024-1101)
2024-01-29 00:00:00
Huawei EulerOS: Security Advisory for avahi (EulerOS-SA-2024-1171)
2024-02-09 00:00:00
Huawei EulerOS: Security Advisory for avahi (EulerOS-SA-2024-1191)
2024-02-09 00:00:00
osv
osv
avahi vulnerabilities
2023-11-20 15:29:03
Moderate: avahi security update
2024-04-30 00:00:00
CVE-2023-38471
2023-11-02 15:15:08
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service due to multiple CVEs in Avahi
2023-07-28 14:38:12
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues
2024-05-07 17:07:44
Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps
2024-01-31 19:31:55
almalinux
almalinux
Moderate: avahi security update
2024-04-30 00:00:00
Moderate: avahi security update
2023-12-14 00:00:00
oraclelinux
oraclelinux
avahi security update
2024-05-03 00:00:00
avahi security update
2023-12-15 00:00:00
mageia
mageia
Updated avahi packages fix security vulnerabilities
2024-01-25 14:21:08
veracode
veracode
Reachable Assertion
2024-03-17 16:33:01
Reachable Assertion
2024-03-17 16:32:46
debiancve
debiancve
CVE-2023-38471
2023-11-02 15:15:08
CVE-2023-38469
2023-11-02 15:15:08
redhatcve
redhatcve
CVE-2023-38471
2023-07-18 12:08:00
CVE-2023-38469
2023-07-18 12:07:51
cgr
cgr
CVE-2023-38471 vulnerabilities
2024-05-19 03:07:16
CVE-2023-38469 vulnerabilities
2024-05-19 03:07:16
prion
prion
Authentication flaw
2023-11-02 15:15:00
Authentication flaw
2023-11-02 15:15:00
cve
cve
CVE-2023-38469
2023-11-02 15:15:08
CVE-2023-38471
2023-11-02 15:15:08
ubuntucve
ubuntucve
CVE-2023-38471
2023-11-02 00:00:00
CVE-2023-38469
2023-11-02 00:00:00
wolfi
wolfi
CVE-2023-38471 vulnerabilities
2024-06-30 21:08:34
CVE-2023-38469 vulnerabilities
2024-06-30 21:08:34
nvd
nvd
CVE-2023-38469
2023-11-02 15:15:08
CVE-2023-38471
2023-11-02 15:15:08
cvelist
cvelist
CVE-2023-38469 Reachable assertion in avahi_dns_packet_append_record
2023-11-02 14:49:26
CVE-2023-38471 Reachable assertion in dbus_set_host_name
2023-11-02 14:58:22
alpinelinux
alpinelinux
CVE-2023-38469
2023-11-02 15:15:08
CVE-2023-38471
2023-11-02 15:15:08
redhat
redhat
(RHSA-2024:2433) Moderate: avahi security update
2024-04-30 06:15:41
(RHSA-2023:7836) Moderate: avahi security update
2023-12-14 08:16:14
(RHSA-2024:0418) Moderate: avahi security update
2024-01-24 14:40:25
ubuntu
ubuntu
Avahi vulnerabilities
2023-11-20 00:00:00
rocky
rocky
avahi security update
2024-01-09 04:07:32
hp
hp
HP ThinPro 8.1 SP 2 Security Updates
2024-04-12 00:00:00
HP ThinPro 8.0 SP 8 Security Updates
2024-03-01 00:00:00
6.2 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.8 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Related for OPENVAS:13614125623114202410081