Lucene search
+L

Fedora: Security Advisory (FEDORA-2024-b87003097a)

🗓️ 26 May 2025 00:00:00Reported by Copyright (C) 2025 Greenbone AGType 
openvas
 openvas
🔗 plugins.openvas.org👁 5 Views

Fedora advisory for missing update on 'aws' package addressing CVE-2024-41708 vulnerability.

Related
Refs
Code
ReporterTitlePublishedViews
Family
circl
CVE-2024-41708
25 Sep 202420:13
circl
cnnvd
Ada Web Server 安全漏洞
25 Sep 202400:00
cnnvd
cve
CVE-2024-41708
25 Sep 202400:00
cve
cvelist
CVE-2024-41708
25 Sep 202400:00
cvelist
fedora
[SECURITY] Fedora 39 Update: aws-2020-12.1.fc39
6 Oct 202401:26
fedora
fedora
[SECURITY] Fedora 41 Update: aws-24.0.0-3.fc41
5 Oct 202400:18
fedora
fedora
[SECURITY] Fedora 40 Update: aws-2020-16.1.fc40
6 Oct 202402:12
fedora
nessus
Fedora 40 : aws (2024-63f98f8c60)
6 Oct 202400:00
nessus
nessus
Fedora 41 : aws (2024-7908ee39a9)
15 Nov 202400:00
nessus
nessus
Fedora 39 : aws (2024-d940f25a53)
6 Oct 202400:00
nessus
Rows per page
# SPDX-FileCopyrightText: 2025 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.9.2024.988700309797");
  script_cve_id("CVE-2024-41708");
  script_tag(name:"creation_date", value:"2025-05-26 07:22:06 +0000 (Mon, 26 May 2025)");
  script_version("2025-05-27T05:40:43+0000");
  script_tag(name:"last_modification", value:"2025-05-27 05:40:43 +0000 (Tue, 27 May 2025)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");

  script_name("Fedora: Security Advisory (FEDORA-2024-b87003097a)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2025 Greenbone AG");
  script_family("Fedora Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC42");

  script_xref(name:"Advisory-ID", value:"FEDORA-2024-b87003097a");
  script_xref(name:"URL", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2024-b87003097a");
  script_xref(name:"URL", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2314766");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'aws' package(s) announced via the FEDORA-2024-b87003097a advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"Automatic update for aws-24.0.0-3.fc42.

##### **Changelog**

```
* Thu Sep 26 2024 Bjorn Persson <[email protected]> - 2:24.0.0-3
- Fixed to use /dev/urandom instead of a non-cryptographic PRNG.
 Resolves: CVE-2024-41708 (RHBZ#2314766)

```");

  script_tag(name:"affected", value:"'aws' package(s) on Fedora 42.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "FC42") {

  if(!isnull(res = isrpmvuln(pkg:"aws", rpm:"aws~24.0.0~3.fc42", rls:"FC42"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"aws-debuginfo", rpm:"aws-debuginfo~24.0.0~3.fc42", rls:"FC42"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"aws-debugsource", rpm:"aws-debugsource~24.0.0~3.fc42", rls:"FC42"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"aws-devel", rpm:"aws-devel~24.0.0~3.fc42", rls:"FC42"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"aws-doc", rpm:"aws-doc~24.0.0~3.fc42", rls:"FC42"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"aws-tools", rpm:"aws-tools~24.0.0~3.fc42", rls:"FC42"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"aws-tools-debuginfo", rpm:"aws-tools-debuginfo~24.0.0~3.fc42", rls:"FC42"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation